In the hour it took for officials to regain control, hackers proceeded to send 53 tweets to the burger chain’s more than 80,000 followers, ranging from the mildly funny (“if I catch you at a wendys, we’re fightin!”) to the patently offensive (“We caught one of our employees in the bathroom doing this… ,” with an image of a drug user shooting up).
And Burger King wasn’t alone. Less than 24 hours later, a similar fate befell Jeep. Hackers replaced the company’s Twitter avatar with a Cadillac logo and explained to Jeep’s 100,000-plus followers that the company had been sold because its employees and CEO were found using drugs. These incidents followed closely on the heels of a security breach at international media retailer HMV in late January, when a disgruntled social media manager hijacked one of the company’s social media accounts and aired to the world details about recent layoffs and mismanagement.
So what’s a socially-engaged company to do? Banning social media altogether is no longer a realistic option. The simple fact that Burger King, Jeep, and HMV have hundreds of thousands of followers on Twitter and Facebook speaks to the power of the medium. Retreating from social media means ceding a significant competitive advantage.
But there are ways to reduce risks. At the helm of HootSuite, a social media management tool for companies, I’ve learned that common sense, a little training and the right technology go a long way. While it may be too late for Burger King, these steps should keep your social media account from being similarly Hamburglarized:
Get serious about passwords. Believe it or not, the most common password in 2012 was still “password” (followed closely by “123456”). Few people realize that an effective password is often the only thing standing between you and a cyber attack. Instead of choosing your cat’s name or your personal details, consider strategies like using the first letter of each word of a common phrase or song lyric. (“I can’t get no satisfaction” becomes ICGNS.) Or save yourself the trouble altogether and use password generating and management tools like LastPass.
Rein in who has password access. A telling detail emerged from HMV’s social media meltdown. Evidently, senior management had no clue what their company’s Twitter password was, who had access to it or how to shut the account down. From an IT perspective, this is terrifying. A better approach is to use what’s known as single sign-on technology. Business-grade social media management systems allow employees to log into social media accounts with the same username and password used for their company email. The master switch for turning accounts on and off remains in the hands of the IT department, who can also revoke access from individual employees, should the need ever arise.
Centralize social media channels. Large companies are sometimes surprised to discover that their employees have started dozens of corporate social media accounts, often without official permission. A crucial first step in getting social media security under control is to consolidate all of these accounts within a single social media management system, which allows users to publish to multiple profiles on Twitter, Facebook, LinkedIn, and other networks from one secure interface.
This kind of system also acts like an extra firewall. One of the most common ways for hackers to gain access to passwords and sensitive data is through malicious links posted on social media sites and elsewhere. Click on what looks like a great deal, for instance, and you might end up on a bogus site where malware is instantly downloaded to your computer. The better social media management systems out there have built-in malware and spam prevention tools, which will automatically issue a warning before opening suspicious pages.
Control who can post messages. Social media accounts at consumer brands like Nike and Whole Foods can have millions of followers. Entrusting the keys to these accounts to entry-level employees or interns carries significant risk. A better approach is to use a social media management system that restricts who can publish messages. For example, in the HootSuite platform, companies can grant certain employees limited permission to draft messages, which must then be fed into an approval queue for senior management to sign off on before publishing. This ensures that all social messaging meets company standards and no illicit tweets or posts slip through.
Offer basic social media education. Just a few years ago, social media was a dorm room toy. Today it’s a cornerstone of marketing and sales strategy at the planet’s biggest companies, poised to unlock some $1.3 trillion in value in the years ahead. Giving employees access to this kind of power without any basic education is tantamount to handing over keys to the car without a driver’s ed course. Structured training on security and compliance issues, as well as on more advanced themes like using social media to sell to clients and improve internal workflows, is critical. Fortunately, some of the best social media tools now come equipped with online courseware and webinars for their users.
The combination of social media education and technology can dramatically reduce the possibility of a security breach-either from outside the company or from within.
Author: Ryan Holmes, CEO, HootSuite