Protect Your Twitter Account or Face Serious Security Consequences

In recent months, we have witnessed an increase in businesses making problematic social media posts. Many of the companies involved blamed the incidents on compromised social media accounts and infrastructure. McDonald’s, for example, recently blamed an incendiary tweet on cybercriminals who allegedly breached the fast food chain’s official, verified Twitter account. Last month, fraudsters breached hundreds of other accounts, including major brands such as Forbes and Amnesty International, and posted tweets featuring swastikas.

Seven Ways to Protect Your Twitter Account

Needless to say, such incidents are the stuff of cybersecurity nightmares. Here are seven ways for businesses and individuals to protect their Twitter accounts and, by proxy, their reputations, from the damaging effects of a breach.

1. Follow Social Media Security Best Practices

Practice good social media security hygiene. This means using multifactor authentication, not accepting information-disclosing connection requests from unknown parties, and using strong, unique passwords for each social media account. Good passwords are essential for keeping a Twitter account safe — implementing more advanced protections without having the basics is like building a fort on quicksand.

Additionally, make sure employees are aware that criminals may attempt to obtain their social media credentials via spear phishing.

2. Control and Limit Access

Control who has access to official accounts and limit that access to systems that can audit and track who does what and when. You want to be able to determine who issued a particular tweet, not just for post-incident auditing, but also to discourage misuse.

3. Establish Systematic Safeguards

Implement policies, procedures and technologies that control how official posts are made. These should also block inappropriate content from being tweeted. People make mistakes, but errors with social media can lead to terrible consequences.

Eventually, artificial intelligence systems may be able to protect your Twitter account on their own. But for now, even if technology is used, a second set of eyes is a good idea for all official posts. However, such a review process is highly inappropriate for reviewing tweets posted by employees to their personal accounts. You may wish to implement a system that provides employees with suggested content for posting from their personal accounts, but you cannot force them to make such posts, nor can you rely on such a system to ensure that problematic posts do not go out.

4. Be Vigilant

On that note, ensure that you have a system in place to alert you if an inappropriate post is made and preferably to delete the post automatically before issuing the warning. The McDonalds tweet was up for about 20 minutes and caused quite a media fracas. Had it been deleted immediately, the company would have looked a lot better.

An alert about a problematic post may be the first indication that one or many of your accounts have been compromised. Since inappropriate posts can also include compliance violations and items for which a company may be sued, showing that you took action to quickly obliterate offensive tweets may help reduce other exposures.

5. Use Strong Passwords and Multiple Emails

Protect any email account that is used for resetting any of the organization’s social media passwords, and then supplement that with strong passwords, audited access and multifactor authentication. The ability to reset passwords is sometimes an Achilles’ heel within a system because it can introduce significant security vulnerabilities that can totally undermine sophisticated authentication technology. If you use a phone service that delivers SMS-based, one-time passwords for social media to an email account, do not have them delivered to the same email account you use for receiving reset links for first-factor passwords.

6. Keep Your Credentials to Yourself

Do not supply your login information to any third-party Twitter apps. Legitimate apps do not need it. Also, check that you are on the legitimate Twitter domain before entering any login information.

7. Manage App Permissions

Periodically go through your Twitter app settings and disable access for any apps that you no longer use. Apps can be extremely valuable and are integral to the social media ecosystem. Some can even improve security, but there is no reason to leave access available to apps that you are not using. Disabling this access reduces the attack surface.

The Power of Social Media

Twitter is extremely powerful and valuable. It is one of the primary ways that people today consume news and share valuable information. But bad tweets can wreak all sorts of havoc. They can destroy a company’s reputation, leak sensitive information and help criminals craft social engineering attacks, all of which could potentially lead to legal or reputational damage. To keep your company’s data safe and your online identity secure, make sure you adequately protect your Twitter account.

Share this Article:
Joseph Steinberg

Cybersecurity Expert and CEO, SecureMySocial

Joseph Steinberg (CISSP, ISSAP, ISSMP, CSSLP) is a cybersecurity thought leader and technology influencer. He writes a column on cybersecurity for Inc., and previously did so for Forbes. He is also the editor of (ISC)2’s official textbook covering the material on its advanced security management (CISSP-ISSMP) exam, and has been calculated to be one of the top 3 online cybersecurity influencers worldwide. Joseph has worked in the information-security industry since the mid-1990s, and is presently serving as CEO of SecureMySocial, which recently brought to market the world’s first system to protect businesses and their employees by warning people in real time if they are making inappropriate social-media posts. Earlier, he served for a decade as CEO of cybersecurity firm, Green Armor Solutions, and for half-a-decade in various senior capacities at Whale Communications (acquired by Microsoft). He is the inventor of several cybersecurity technologies widely-used today; his work is cited in well-over 100 published US patents.