Thursday, February 5th, 2015 | 8 min read
Things have been going great for you on social media this month. Your engagement is up, your paid campaigns are doing well and two of your branded hashtags have trended on Twitter, boosting your follower count by 5k.
It’s Wednesday evening and you’re shutting down for the day after thanking a big influencer for a glowing product mention. All of a sudden you notice a surge in mentions of your account – people seem upset about some messages you’ve just published.
You look at your feed and see a stream of offensive tweets published one right after the other. You panic. Is someone publishing to the account by mistake? Is this a community manager gone rogue?
After a few minutes of triage you realize that your Twitter account has been hacked.
This scenario isn’t far fetched – large brands have experienced crises this on social media more than you’d care to think, like when Crayola’s Facebook page was taken over by hackers who posted links to R-rated sites and sexual jokes.
Having your social media accounts compromised is a real threat that can have catastrophic effects on your brand’s online presence, but boosting your social media security isn’t as complex as it sounds. In fact, if you follow the three tips outlined below, you’ll be much more likely to avoid security incidents that can embarrass your brand and offend your online community.
A “phishing scam” is an attempt to acquire an account’s username, email and password by impersonating a trustworthy entity online. Often, scammers will create a login page that looks exactly like the real thing in order to capture your data.
Phishing is one of the most common ways online accounts are compromised, especially social media accounts.
Be sure to exercise caution when clicking on unsolicited links that are sent to you as a private message, reply or comment.
A phishing page designed to look like Twitter.com
If you click on a link and it claims that your current session has ended, or if it prompts you to log in to see exclusive content, don’t type in your username and password. Instead, open up another tab and manually type in the URL for the website and see if you are still logged in.
Chances are you will be (and you’ve just dodged bullet!). As the old G.I. Joe cartoons used to say, “Knowing is half the battle.”
Whether you have an audience of 2k or 2 million, a breach of your social media accounts can be detrimental to your brand image. After someone hijacked Burger King’s Twitter account in 2013, posting offensive tweets and claiming McDonalds had acquired them, Twitter published a blog post reminding brands and users to be smart about password security.
Burger King’s Twitter account was compromised in 2013
This may seem like an obvious tip, but you’d be surprised how many people create passwords that are easy to figure out (and even tell everyone what they are on television).
There are two main ingredients for a strong password: strength and uniqueness.
The strength of a password is determined by a number of factors. For example, “password123” is a weak password, and one that is commonly used by a lot of people. The name of your pet plus your birthdate might seem better, but if you’re on social media, chances are people can find out the name of your pet as well as your birthday.
A strong password typically contains a mixture of uppercase and lowercase letters, numbers, and symbols. The length of a password also helps to determine its strength – essentially, the more characters you have in your password, the stronger it becomes.
Having a unique password is also critical. Using the same password on multiple sites – even if it’s strong – makes your accounts vulnerable to attacks. In fact, when Dropbox accounts were broken into in late 2014, the main reason these accounts were breached is not because Dropbox was hacked; it was because their owners had reused the same password elsewhere.
Password reuse is like playing with fire; at some point you’ll probably get burned. Consider using a password manager like LastPass, 1Password or Norton Identity Safe to help create strong and unique passwords without having to memorize them.
Even after educating yourself about phishing scams and creating strong, unique passwords, a determined attacker could still manage to hack your brand’s social media presence.
False tweet posted by hackers to the Associated Press Twitter account
Luckily, many of the most popular social media services offer additional security features that you may not be aware of. One of the most effective is two-factor authentication, also referred to as “Login Approvals” (Facebook) or “Two-Step Verification” (Twitter).
Typically when you log into a website you are asked to enter your password, which is the first and only step required to log in. However, if you enable two-step verification, services like Facebook and Twitter will send a verification code to your mobile phone as a text message or display the code within the app itself. You’re then required to provide this verification code (the second step) before you can log in.
One of the main challenges with two-factor authentication is that you’re only able to register one mobile number for each social account. So, if multiple people manage your brand’s social media presence, this can present a challenge.
Thankfully, social media management solutions like Sprinklr offer a two-factor authentication that is linked to the individual user account rather than to the social media account, making it easy for multiple social media managers to manage their unique password information without compromising security.
This leads me to my last point: one of the best ways to secure your social media accounts is to forgo giving native platform access to your team altogether. Instead, your team should only access your brand’s social channels via a social media management platform with two-factor authentication, which will boost your brand’s social media security.
Social media doesn’t have to put brands at risk. Once you understand what a phishing scam is, create strong and unique passwords and enable two-factor authentication for your social accounts, you can feel confident that your brand’s social media presence is secure.
About the Author: Satnam Narang is a Senior Security Response Manager at Symantec with over eight years of experience in the security industry. Satnam has been at the forefront of discovering new and emerging threats on social media, which has been cited by The Verge, Mashable, TechCrunch and more. Follow him @satnam and Symantec’s Security Response blog.