Today a Twitter user confirmed that their Twitter account was compromised after hackers managed to acquire log-in credentials for the account. After acquiring credentials, the hackers used them to request “login via Twitter” on Hootsuite.
Hootsuite’s account authentication uses a process called OAuth to ask twitter.com directly whether or not the user has permission to add the Twitter account to Hootuite. This process requires the user to access twitter.com from their browser, which requires a twitter login.
At no point was there a breach of the security of Hootsuite’s systems and dashboard themselves.
While we do not know how the Twitter credentials were obtained, it is an important lesson to continue to make every effort to secure your social media passwords.
Keep your accounts safe and prevent social media attacks
According to Altimeter, only 18% of companies state that their employees have a good understanding of their social media policies, a figure that leaves 82% of most companies at risk for embarrassing mistakes and vulnerable to hackers.
On the other side of the coin, a recent study by 4A and Arnold Worldwide, revealed that 90% of employees say they have to figure social media out on their own and receive no training. Without clear training, systems and policies in place, PR nightmares are not only probable, but inevitable.
The good news is that advanced training and services exist that are highly effective in preventing these social media risks from becoming realities.
Rein in password access
At many companies, senior management have no clue what their social media passwords are. From an IT perspective, this is terrifying. A better approach is to use what’s known as single sign-on technology. Business-grade social media management systems allow employees to log into social media accounts with the same username and password used for their company email. The master switch for turning accounts on and off remains in the hands of the IT department, who can also revoke access from individual employees, should the need ever arise.
Believe it or not, the most common password in 2012 was still “password” (followed closely behind by “123456”). Few people realize that an effective password is often the only thing standing between you and a cyberattack. Instead of choosing your cat’s name or your personal details, consider strategies like using the first letter of each word of a common phrase or song lyric (“I can’t get no satisfaction” becomes ICGNS). Or save yourself the trouble altogether and use password generating and management tools like LastPass. See our article on password security for more.
Education and preparation are essential
Today social media is a cornerstone of marketing and sales strategy at the planet’s biggest companies, poised to unlock some $1.3 trillion in value in the years ahead. Giving employees access to this kind of power without any basic education is tantamount to handing over keys to the car without a driver’s ed course. Structured training on security and compliance issues, as well as on more advanced themes like using social media to sell to clients and improve internal workflows, is critical. Fortunately, some of the best social media tools now come equipped with online courseware and webinars for their users.
Recent social media account hackings and high-profile mis-tweets show that global organizations must make an extra effort to ensure their social assets are secure. As brands begin to understand the value of social media and increase their social efforts throughout the organization, many fear the risks associated with social media.
To this end, Hootsuite has managed services for security and compliance to help clients safely deploy social across departments and geographies and protect their brands from the costly mess that results from a social media crises. Learn more about how we can help protect, prevent and prepare your organization today.
Hootsuite Managed Services for Security and Compliance, the Advanced Social Media Certification and Social Media Education at Hootsuite are essential tools to protect your business.