In recent months, we have witnessed an increase in businesses making problematic social media posts. Many of the companies involved blamed the incidents on compromised social media accounts and infrastructure. McDonald’s, for example, recently blamed an incendiary tweet on cybercriminals who allegedly breached the fast food chain’s official, verified Twitter account. Last month, fraudsters breached hundreds of other accounts, including major brands such as Forbes and Amnesty International, and posted tweets featuring swastikas.

Seven Ways to Protect Your Twitter Account

Needless to say, such incidents are the stuff of cybersecurity nightmares. Here are seven ways for businesses and individuals to protect their Twitter accounts and, by proxy, their reputations, from the damaging effects of a breach.

1. Follow Social Media Security Best Practices

Practice good social media security hygiene. This means using multifactor authentication, not accepting information-disclosing connection requests from unknown parties, and using strong, unique passwords for each social media account. Good passwords are essential for keeping a Twitter account safe — implementing more advanced protections without having the basics is like building a fort on quicksand.

Additionally, make sure employees are aware that criminals may attempt to obtain their social media credentials via spear phishing.

2. Control and Limit Access

Control who has access to official accounts and limit that access to systems that can audit and track who does what and when. You want to be able to determine who issued a particular tweet, not just for post-incident auditing, but also to discourage misuse.

3. Establish Systematic Safeguards

Implement policies, procedures and technologies that control how official posts are made. These should also block inappropriate content from being tweeted. People make mistakes, but errors with social media can lead to terrible consequences.

Eventually, artificial intelligence systems may be able to protect your Twitter account on their own. But for now, even if technology is used, a second set of eyes is a good idea for all official posts. However, such a review process is highly inappropriate for reviewing tweets posted by employees to their personal accounts. You may wish to implement a system that provides employees with suggested content for posting from their personal accounts, but you cannot force them to make such posts, nor can you rely on such a system to ensure that problematic posts do not go out.

4. Be Vigilant

On that note, ensure that you have a system in place to alert you if an inappropriate post is made and preferably to delete the post automatically before issuing the warning. The McDonalds tweet was up for about 20 minutes and caused quite a media fracas. Had it been deleted immediately, the company would have looked a lot better.

An alert about a problematic post may be the first indication that one or many of your accounts have been compromised. Since inappropriate posts can also include compliance violations and items for which a company may be sued, showing that you took action to quickly obliterate offensive tweets may help reduce other exposures.

5. Use Strong Passwords and Multiple Emails

Protect any email account that is used for resetting any of the organization’s social media passwords, and then supplement that with strong passwords, audited access and multifactor authentication. The ability to reset passwords is sometimes an Achilles’ heel within a system because it can introduce significant security vulnerabilities that can totally undermine sophisticated authentication technology. If you use a phone service that delivers SMS-based, one-time passwords for social media to an email account, do not have them delivered to the same email account you use for receiving reset links for first-factor passwords.

6. Keep Your Credentials to Yourself

Do not supply your login information to any third-party Twitter apps. Legitimate apps do not need it. Also, check that you are on the legitimate Twitter domain before entering any login information.

7. Manage App Permissions

Periodically go through your Twitter app settings and disable access for any apps that you no longer use. Apps can be extremely valuable and are integral to the social media ecosystem. Some can even improve security, but there is no reason to leave access available to apps that you are not using. Disabling this access reduces the attack surface.

The Power of Social Media

Twitter is extremely powerful and valuable. It is one of the primary ways that people today consume news and share valuable information. But bad tweets can wreak all sorts of havoc. They can destroy a company’s reputation, leak sensitive information and help criminals craft social engineering attacks, all of which could potentially lead to legal or reputational damage. To keep your company’s data safe and your online identity secure, make sure you adequately protect your Twitter account.

More from Data Protection

Cybersecurity 101: What is Attack Surface Management?

There were over 4,100 publicly disclosed data breaches in 2022, exposing about 22 billion records. Criminals can use stolen data for identity theft, financial fraud or to launch ransomware attacks. While these threats loom large on the horizon, attack surface management (ASM) seeks to combat them. ASM is a cybersecurity approach that continuously monitors an organization’s IT infrastructure to identify and remediate potential points of attack. Here’s how it can give your organization an edge. Understanding Attack Surface Management Here…

Six Ways to Secure Your Organization on a Smaller Budget

My LinkedIn feed has been filled with connections announcing they have been laid off and are looking for work. While it seems that no industry has been spared from uncertainty, my feed suggests tech has been hit the hardest. Headlines confirm my anecdotal experience. Many companies must now protect their systems from more sophisticated threats with fewer resources — both human and technical. Cobalt’s 2022 The State of Pentesting Report found that 90% of short-staffed teams are struggling to monitor…

The Importance of Modern-Day Data Security Platforms

Data is the backbone of businesses and companies everywhere. Data can range from intellectual property to critical business plans to personal health information or even money itself. At the end of the day, businesses are looking to grow revenue, innovate, and operationalize but to do that, they must ensure that they leverage their data first because of how important and valuable it is to their organization. No matter the industry, the need to protect sensitive and personal data should be…

Meeting Today’s Complex Data Privacy Challenges

Pop quiz: Who is responsible for compliance and data privacy in an organization? Is it a) the security department, b) the IT department, c) the legal department, d) the compliance group or e) all of the above? If you answered "all of the above," you are well-versed in the complex world of compliance and data privacy! While compliance is a complex topic, the patchwork of regulations imposed by countries, regions, states and industries further compounds it. This complexity has turned…