02 Oct Securing Your Companies Social Media
Having a social media presence is a requirement for companies today. Most customers expect to be able to find out about and interact with you on Facebook, Twitter, LinkedIn, and possibly other sites such as Instagram or Snapchat. With this increased visibility comes an increased burden. You need to protect your company from hackers who may wish to use your social media accounts for their own ends. Unfortunately, most social media platforms do not provide adequate security options for organizations.
How can social media accounts be hacked?
Over the past few years, we have seen major organizations whose accounts have been hacked. In 2103, these included the Twitter accounts of Associated Press, 60 Minutes, and others. More recently, Target’s Facebook page was used by a person outside their organization to humorously ridicule complaining customers. While amusing, the fact that this could happen without Target’s knowledge should raise concerns for any company with a Facebook account.
How did hackers manage to use these organization’s accounts? While the Target case involved simply replying to other commenters on Target’s Facebook page while using a Target Logo for a profile picture, more extreme methods can be employed. For example, a proven method hackers have employed to acquire login and password information to accounts is phishing. In several cases, the hackers simply sent out emails to individuals in a company telling them they needed to reset their account passwords and providing a link to do so. This link directed the victims to a false page designed to look legitimate. Victims entered their account information, accidentally giving it to the hackers. In an attack such as this, it only takes one user with account information to be fooled for the attack to succeed.
What are some best practices to protect against these attacks?
1. Regularly monitor posts on your accounts. In the case of Target’s Facebook page, regular monitoring of the account, especially after enacting a policy that was predictably controversial (gender-neutral displays for children’s toys), would be the best defense against having a person outside the organization appear to speak for it.
2. Use alert service applications to monitor activity on your accounts. These applications automatically check for varying kinds of unauthorized access.
3. Use a password manager. Among other features, these can provide random password generators that make is simple for you to create strong passwords.
4. Control the number of people in your organization who have access to your social media accounts. Keep this number low, and maintain records of who has access. You may want to consider using a social media management system such as HootSuite or SproutSocial, as these make it possible for you to allow members of your organization to post content without knowing account passwords.
5. Have your IT department change account passwords regularly.
6. Avoid using a work email address when you set up your social media accounts. Hackers can easily guess at work email addresses (FirstName@YourCompany.com, Marketing@YourCompany.com, etc.) until they hit on one that works.
Protecting against hacking will be an ongoing process. However, following the above tips should provide your organization with additional security.