The New Truth About Social Account Hacks and Compromises
The recent high profile hacks, compromises, and hijacking of the Twitter accounts of Jeep, Burger King, and HMV respectively, have taught us some interesting new things about social media as a business tool. Namely, that the number of compromises are increasing, as are their repair costs. We are also learning that the advice and insight on preventing these compromises, although well written and correct, isn’t working by itself. We need other solutions.
In 2011, headline compromises included hacks of the Vodafone Egypt and Pfizer Facebook pages as well as the hacks of the Bank of Melbourne, NBC News, Fox News, and USA Today Twitter accounts. We learned that everything from poor administrative access controls to weak passwords to determined hackers caused the breaches, brand damage, and embarrassment. These compromises cost resource dollars in responding, a job or two were most certainly lost, and the less measurable, but still important cost to brand trust was involved.
In 2012, headline compromises included Major League Baseball and at least four teams’ Facebook pages as well as the hacks of the Twitter accounts of Gizmodo and Reuters. We again learned that poor administrative access controls, weak passwords, or determined hackers caused breaches. We also learned that the stakes went up as brands invested more dollars and importance in their social programs in 2012; the related impact of breaches cost them more.
2013 is off to a blistering pace of compromises that are gaining even more press. The increase in press and coverage simply demonstrates the increasing primacy and importance of social media for brands. The causes of the breaches and compromises shouldn’t be surprising as they mirror what we saw in 2011 and 2012. What’s surprising though, is the advice to prevent them, while certainly more thorough, it hasn’t changed much either. Just to be clear, there is nothing wrong with the existing advice. Having better passwords, better social media training, better processes, and social marketing suites are all of the right things to do. They just aren’t enough. That is especially true as the stakes and volume are increasing with the rise in social brand activity and investment. So what is missing from that advice? The answer is pretty simple—actual security technology.
In order to adequately protect your accounts, social media technology should include three key elements:
- First: centralized visibility into who has root level access to all of your brand’s social accounts (Twitter, Facebook, etc). This will allow you to track who should have root level access vs. who should only have access to your marketing suite and not your social account directly.
- Second: visibility and control around what applications have access to the account. It is a falsity to think you only have one app with access to your accounts since the norm includes mobile apps like Facebook for iPhone, Twitter for Windows Mobile, free versions of publishing suites, your corporate marketing suite, and more.
- Third: persistent monitoring that automatically detects changes and anomalies to your social accounts, immediately notifies you of these changes, and can automatically start remediating content on your account on the change if it is confirmed as compromised. This shouldn’t be external monitoring, but instead actual system, setting, and account level detection and control.
Brand and enterprise-run accounts on Twitter, Facebook, and other social networks will get hacked at an increasing pace. They will cause more headlines, result in more hard costs, and will have a direct impact on brand trust and other less measurable costs. To keep your brand, your clients, your company, and your accounts from costing you, follow the good advice that is available and use the available security technology.