Jeep, Burger King, and the international retailer, HMV, have one very unfortunate thing in common: their social media accounts were hacked and those accounts were then used to spread false or damaging information about those companies. Jeep’s followers were told that the company’s CEO and employees had been using drugs. Burger King’s Twitter account released tweets that threatened followers if they patronized competitive fast food restaurants. HMV saw details of its internal layoffs and criticism of its management posted over its own social media accounts.
Corporate management’s knee-jerk reaction to stories like this might be to shut down a company’s social media presence. Almost two billion people now use social media, however, and two-thirds of all internet users access social media for news and information about companies that they follow. In view of these statistics, avoiding all social media presence is not an option. Companies need to find a means to control the risks of having their social media accounts hacked while keeping those accounts open enough to enable two-way conversations with their customers.
Related: Mark Zuckerberg Hacked Again.
Analysts’ recommendations generally coalesce around four common precautions that companies can follow to reduce the risks of having their social media accounts hacked:
Adopt a policy on strong passwords. Every hacker knows that people are predictable, and that predictability leads to easily-guessed passwords like birthdates and pet names. Social media account administrators should be required to use more complex passwords or, barring that, to use a digital tool that creates and regularly changes passwords.
Centralize social media management and control. Individual divisions and departments in corporations might want to manage their own social media accounts and presences, but a multiplicity of accounts can quickly spiral out control and one or more of those accounts may well prove to be the chink in the armor that protects a company against hackers. A company should centralize its social media postings to preclude rogue accounts from exposing the company to hacking risks.
Control who can post messages. Recent social media activity by disgruntled government employees catalyzed a White House ban on unauthorized social media posts from certain administrative agencies. Notwithstanding any free speech issues, placing restrictions or limitations on what an employee can say about his or her employer is good business strategy. Employees are routinely held to basic confidentiality standards, and those standards can be easily applied to social media activity.
Require Social Media Education. Many employees have grown accustomed to posting personal information over social media accounts, and might think nothing of including corporate information. Educating employees on the risks of posting corporate information can be an effective way to reduce or eliminate inadvertent releases of information or social media access codes to crafty hackers. Often, that education can be as simple as warning employees not to click on strange links that appear on a company’s social media pages, not to “like” or to accept any links that offer to connect to those pages, and to be wary of friend or follower requests from unidentified sources.
None of these precautions is a failsafe guarantee against a hacker’s use of a corporate social media account to gain access to a corporate information systems network. A company whose social media accounts have been hacked can suffer substantial financial losses if the attack is successful.
A cyber insurance policy can protect the company by providing reimbursement for some or most of those losses. The combined direct losses of servers and technology and indirect losses associated with third-party liability to customers and clients whose personal information has been compromised can run into the hundreds of thousands or millions of dollars. A cyber insurance policy carrier can assess the level of risk that a company is assuming and can recommend the optimum cyber insurance policy to cover that risk.
You might also enjoy: How Mobile Threatens Cybersecurity