The Onion was recently hacked by the Syrian Electronic Army and it made me re-evaluate the security of my personal social media accounts and, more importantly, those of clients. A company’s first and last line of defense are the clients!
The majority of netizens understand web security, but there are diverse ways social media accounts can be compromised. And let’s be honest, it’s not something people in general or us internet marketers tend to think about on a daily basis – especially when a huge Google update is on the loom.
The Syrian Electronic Arma (SEA) showed us just how easy it was for them to hack “America’s Finest News Source” by phishing Onion employees’ Google Apps accounts. It all started on one unsuspecting day in May and caused a huge headache for them.
To help prevent your social media accounts from getting owned, I’d like to suggest a few simple safety measures for you or your business to consider.
Educate Employees & Remind ClientsFor businesses, the lowest-cost, lowest-tech safeguard against phishing is education. Make sure that employees know how to recognize phishing attempts in email accounts and social media accounts.
Also, you may feel like it’s not your responsibility, but you’d do well to remind clients every once in a while to run antivirus scans, to avoid sharing passwords, PIN numbers or account numbers and to be on the lookout for the red flags of phishing attempts.
Isolate Social Media Accounts
Instead of using the organization email for social media accounts, consider using a Gmail address to isolate your social media account from your business email.
Another isolation trick is to use an app like HootSuite to restrict hacker access. If your app gets hacked, no big deal. A bit of damage control and you’re up and running again. If your social media account gets hacked directly, and the hacker has total control, then you have a serious problem.
As an added benefit, many such apps allow you to measure your social networks, schedule activity ahead of time and more – two birds with one stone principle.
Strengthen Your Passwords
Treat your social media account passwords like you would the keys to your house. Twitter advises that they should include at least 10 characters, a mix of uppercase and lowercase, numbers and symbols and be different from other passwords used for other accounts. There it is, straight from the horse’s mouth.
Store your complex passwords in a safe place such as LastPass – my personal favorite.
Operation Damage Control
In the event that a phishing attack occurs, have an incident-management plan in place where everyone understands their roles to get things back to normal. Police may need to be notified. If that’s the case, then any and all evidence needs to be collected and handled with care. If clients have suffered significant loss as a result, your support should be readily extended.
Phishing doesn’t need to be complex to work. The SEA used very basic methods involving Google Plus to hack The Onion. People just need to be more aware and take a few more precautions.
As more and more people engage and make their information public, we can expect hackers to take things up a notch as social media begins to play a bigger role in our lives. Make sure your accounts are sufficiently safeguarded and those accounts that have been entrusted to you receive the security and care that they deserve.
Image courtesy of www.firecu.net
Subscribe to SEJ
Get our daily newsletter from SEJ's Founder Loren Baker about the latest news in the industry!