By Devin Redmond
Last year, Twitter released two-factor authentication to increase user and account level security. Its two-factor technology requires the account password and a code sent to your phone.
Unfortunately, Twitter’s two-factor authentication isn’t scalable for accounts with more than one admin (i.e., any large brand) and doesn’t stop unauthorized tweets from applications. Additionally, if a user logs in with two-factor from a computer infected with malware, the hacker can pass tweets through the properly authenticated session.
So, although two-factor is a great way to prevent hackers from simply guessing your password, it’s not going to stop any of the more capable hackers, nor will it work on an active, brand owned account.
To complement its two-factor authentication system, Twitter also issued a set of recommendations for social media marketers, including dedicating one computer just for Twitter publishing.
In reality, social media teams generally consist of multiple people across various departments and locations, so it’s not practical to only publish content from a single terminal, especially given the mobility of today’s employees and the need to interact with followers in real time – a key tenet of social media.
Physical controls do play an important role in social media security. Strong passwords, encryption, remote wipe, etc. are all important safeguards to ensure that unauthorized personnel don’t steal or gain access to trusted devices that have the capability (e.g., stored credentials) to access your social media accounts.
Many organizations review and moderate content to block spam and offensive, abusive, and potentially regulated content. As social has become more and more ingrained as a means of communication within both everyday life and marketing strategy, content – both good and bad – has increased, and effective manual moderation has become essentially impossible.
Automated spam and malicious content removal tools are extraordinarily helpful technologies for combating the problem of content overload and removing inappropriate, offensive, or unwanted material from an account. Although this doesn’t prevent the hack, it helps mitigate the impact and provides a quick remedy.
Profile locks create a snapshot of your approved account profile – your correct logo, description, website, etc. – and regularly scan your profile for changes. If changes are made – by a hacker or a mistaken employee – profile locks will automatically alert you and can revert any subsequent posts and activity.
A common industry practice is to use publishing tools as a control mechanism for workflow and compliance. While these reduce the number of people with direct access to the account, they won’t actually catch or stop an account hack.
Publishing tools are a great way to make sure only authorized content gets distributed from authorized users. However, they only work if and when people use them correctly , and, more often than not, employees bypass them for convenience. Furthermore, there are cases where the credentials for publishing tools have been compromised and accounts were abused via the approved publisher.
So, although publishing apps are important and necessary, they have a very limited scope when it comes to security, and neither directly nor effectively stop hacks or other kinds of abuse of your social media accounts.
Do you know how many applications are authorized to publish to your accounts? Chances are there are quite a few, since you likely have multiple admins, each with their own authorized applications.
Social media application controls connect into your accounts to inventory and regulate which applications can access and publish on your behalf. Application controls, for example, can ensure that only a single application or explicitly approved set of publishing tools can push content to your social media accounts. In addition to helping you ensure compliant publishing, reduce blunders, and improve publishing ROI, they also ratchet down the attack surface to prevent attackers from bypassing your security controls, greatly reducing your risk profile.
Application controls aren’t the end all to social media security. If, for example, the only allowed publishing application is a web browser, then the browser itself is still a viable attack vector for hackers. But, if you combine your application controls with one or more of the aforementioned technologies/strategies, then your security increases exponentially.
Building a Secure Social Architecture
There is no perfect solution for securing your social media assets to effectively ward off hackers and prevent abuse. However, choosing a careful combination of technologies and strategies, such as the ones listed above, will give you the most effective defense against social media hacks and mistakes.
Devin Redmond is the CEO at Nexgate, a leading provider of social media security and compliance technology for enterprise brands.