In recent months, we have witnessed an increase in businesses making problematic social media posts. Many of the companies involved blamed the incidents on compromised social media accounts and infrastructure. McDonald’s, for example, recently blamed an incendiary tweet on cybercriminals who allegedly breached the fast food chain’s official, verified Twitter account. Last month, fraudsters breached hundreds of other accounts, including major brands such as Forbes and Amnesty International, and posted tweets featuring swastikas.

Seven Ways to Protect Your Twitter Account

Needless to say, such incidents are the stuff of cybersecurity nightmares. Here are seven ways for businesses and individuals to protect their Twitter accounts and, by proxy, their reputations, from the damaging effects of a breach.

1. Follow Social Media Security Best Practices

Practice good social media security hygiene. This means using multifactor authentication, not accepting information-disclosing connection requests from unknown parties, and using strong, unique passwords for each social media account. Good passwords are essential for keeping a Twitter account safe — implementing more advanced protections without having the basics is like building a fort on quicksand.

Additionally, make sure employees are aware that criminals may attempt to obtain their social media credentials via spear phishing.

2. Control and Limit Access

Control who has access to official accounts and limit that access to systems that can audit and track who does what and when. You want to be able to determine who issued a particular tweet, not just for post-incident auditing, but also to discourage misuse.

3. Establish Systematic Safeguards

Implement policies, procedures and technologies that control how official posts are made. These should also block inappropriate content from being tweeted. People make mistakes, but errors with social media can lead to terrible consequences.

Eventually, artificial intelligence systems may be able to protect your Twitter account on their own. But for now, even if technology is used, a second set of eyes is a good idea for all official posts. However, such a review process is highly inappropriate for reviewing tweets posted by employees to their personal accounts. You may wish to implement a system that provides employees with suggested content for posting from their personal accounts, but you cannot force them to make such posts, nor can you rely on such a system to ensure that problematic posts do not go out.

4. Be Vigilant

On that note, ensure that you have a system in place to alert you if an inappropriate post is made and preferably to delete the post automatically before issuing the warning. The McDonalds tweet was up for about 20 minutes and caused quite a media fracas. Had it been deleted immediately, the company would have looked a lot better.

An alert about a problematic post may be the first indication that one or many of your accounts have been compromised. Since inappropriate posts can also include compliance violations and items for which a company may be sued, showing that you took action to quickly obliterate offensive tweets may help reduce other exposures.

5. Use Strong Passwords and Multiple Emails

Protect any email account that is used for resetting any of the organization’s social media passwords, and then supplement that with strong passwords, audited access and multifactor authentication. The ability to reset passwords is sometimes an Achilles’ heel within a system because it can introduce significant security vulnerabilities that can totally undermine sophisticated authentication technology. If you use a phone service that delivers SMS-based, one-time passwords for social media to an email account, do not have them delivered to the same email account you use for receiving reset links for first-factor passwords.

6. Keep Your Credentials to Yourself

Do not supply your login information to any third-party Twitter apps. Legitimate apps do not need it. Also, check that you are on the legitimate Twitter domain before entering any login information.

7. Manage App Permissions

Periodically go through your Twitter app settings and disable access for any apps that you no longer use. Apps can be extremely valuable and are integral to the social media ecosystem. Some can even improve security, but there is no reason to leave access available to apps that you are not using. Disabling this access reduces the attack surface.

The Power of Social Media

Twitter is extremely powerful and valuable. It is one of the primary ways that people today consume news and share valuable information. But bad tweets can wreak all sorts of havoc. They can destroy a company’s reputation, leak sensitive information and help criminals craft social engineering attacks, all of which could potentially lead to legal or reputational damage. To keep your company’s data safe and your online identity secure, make sure you adequately protect your Twitter account.

More from Data Protection

How Do You Plan to Celebrate National Computer Security Day?

In October 2022, the world marked the 19th Cybersecurity Awareness Month. October might be over, but employers can still talk about awareness of digital threats. We all have another chance before then: National Computer Security Day. The History of National Computer Security Day The origins of National Computer Security Day trace back to 1988 and the Washington, D.C. chapter of the Association for Computing Machinery’s Special Interest Group on Security, Audit and Control. As noted by National Today, those in…

Resilient Companies Have a Disaster Recovery Plan

Historically, disaster recovery (DR) planning focused on protection against unlikely events such as fires, floods and natural disasters. Some companies mistakenly view DR as an insurance policy for which the likelihood of a claim is low. With the current financial and economic pressures, cutting or underfunding DR planning is a tempting prospect for many organizations. That impulse could be costly. Unfortunately, many companies have adopted newer technology delivery models without DR in mind, such as Cloud Infrastructure-as-a-Service (IaaS), Software-as-a-Service (SaaS)…

Millions Lost in Minutes — Mitigating Public-Facing Attacks

In recent years, many high-profile companies have suffered destructive cybersecurity breaches. These public-facing assaults cost organizations millions of dollars in minutes, from stock prices to media partnerships. Fast Company, Rockstar, Uber, Apple and more have all been victims of these costly and embarrassing attacks. The total average cost of a data breach has increased by 2.6% since 2021 and is now $4.35 million. Organizations that don't deploy zero trust security models also incur an average of $1 million more in…

How the Mac OS X Trojan Flashback Changed Cybersecurity

Not so long ago, the Mac was thought to be impervious to viruses. In fact, Apple once stated on its website that "it doesn't get PC viruses". But that was before the Mac OS X Trojan Flashback malware appeared in 2012. Since then, Mac and iPhone security issues have changed dramatically — and so has the security of the entire world. In this post, we'll revisit how the Flashback incident unfolded and how it changed the security landscape forever. What…