In recent months, we have witnessed an increase in businesses making problematic social media posts. Many of the companies involved blamed the incidents on compromised social media accounts and infrastructure. McDonald’s, for example, recently blamed an incendiary tweet on cybercriminals who allegedly breached the fast food chain’s official, verified Twitter account. Last month, fraudsters breached hundreds of other accounts, including major brands such as Forbes and Amnesty International, and posted tweets featuring swastikas.

Seven Ways to Protect Your Twitter Account

Needless to say, such incidents are the stuff of cybersecurity nightmares. Here are seven ways for businesses and individuals to protect their Twitter accounts and, by proxy, their reputations, from the damaging effects of a breach.

1. Follow Social Media Security Best Practices

Practice good social media security hygiene. This means using multifactor authentication, not accepting information-disclosing connection requests from unknown parties, and using strong, unique passwords for each social media account. Good passwords are essential for keeping a Twitter account safe — implementing more advanced protections without having the basics is like building a fort on quicksand.

Additionally, make sure employees are aware that criminals may attempt to obtain their social media credentials via spear phishing.

2. Control and Limit Access

Control who has access to official accounts and limit that access to systems that can audit and track who does what and when. You want to be able to determine who issued a particular tweet, not just for post-incident auditing, but also to discourage misuse.

3. Establish Systematic Safeguards

Implement policies, procedures and technologies that control how official posts are made. These should also block inappropriate content from being tweeted. People make mistakes, but errors with social media can lead to terrible consequences.

Eventually, artificial intelligence systems may be able to protect your Twitter account on their own. But for now, even if technology is used, a second set of eyes is a good idea for all official posts. However, such a review process is highly inappropriate for reviewing tweets posted by employees to their personal accounts. You may wish to implement a system that provides employees with suggested content for posting from their personal accounts, but you cannot force them to make such posts, nor can you rely on such a system to ensure that problematic posts do not go out.

4. Be Vigilant

On that note, ensure that you have a system in place to alert you if an inappropriate post is made and preferably to delete the post automatically before issuing the warning. The McDonalds tweet was up for about 20 minutes and caused quite a media fracas. Had it been deleted immediately, the company would have looked a lot better.

An alert about a problematic post may be the first indication that one or many of your accounts have been compromised. Since inappropriate posts can also include compliance violations and items for which a company may be sued, showing that you took action to quickly obliterate offensive tweets may help reduce other exposures.

5. Use Strong Passwords and Multiple Emails

Protect any email account that is used for resetting any of the organization’s social media passwords, and then supplement that with strong passwords, audited access and multifactor authentication. The ability to reset passwords is sometimes an Achilles’ heel within a system because it can introduce significant security vulnerabilities that can totally undermine sophisticated authentication technology. If you use a phone service that delivers SMS-based, one-time passwords for social media to an email account, do not have them delivered to the same email account you use for receiving reset links for first-factor passwords.

6. Keep Your Credentials to Yourself

Do not supply your login information to any third-party Twitter apps. Legitimate apps do not need it. Also, check that you are on the legitimate Twitter domain before entering any login information.

7. Manage App Permissions

Periodically go through your Twitter app settings and disable access for any apps that you no longer use. Apps can be extremely valuable and are integral to the social media ecosystem. Some can even improve security, but there is no reason to leave access available to apps that you are not using. Disabling this access reduces the attack surface.

The Power of Social Media

Twitter is extremely powerful and valuable. It is one of the primary ways that people today consume news and share valuable information. But bad tweets can wreak all sorts of havoc. They can destroy a company’s reputation, leak sensitive information and help criminals craft social engineering attacks, all of which could potentially lead to legal or reputational damage. To keep your company’s data safe and your online identity secure, make sure you adequately protect your Twitter account.

More from Data Protection

3 Strategies to overcome data security challenges in 2024

3 min read - There are over 17 billion internet-connected devices in the world — and experts expect that number will surge to almost 30 billion by 2030.This rapidly growing digital ecosystem makes it increasingly challenging to protect people’s privacy. Attackers only need to be right once to seize databases of personally identifiable information (PII), including payment card information, addresses, phone numbers and Social Security numbers.In addition to the ever-present cybersecurity threats, data security teams must consider the growing list of data compliance laws…

How data residency impacts security and compliance

3 min read - Every piece of your organization’s data is stored in a physical location. Even data stored in a cloud environment lives in a physical location on the virtual server. However, the data may not be in the location you expect, especially if your company uses multiple cloud providers. The data you are trying to protect may be stored literally across the world from where you sit right now or even in multiple locations at the same time. And if you don’t…

From federation to fabric: IAM’s evolution

15 min read - In the modern day, we’ve come to expect that our various applications can share our identity information with one another. Most of our core systems federate seamlessly and bi-directionally. This means that you can quite easily register and log in to a given service with the user account from another service or even invert that process (technically possible, not always advisable). But what is the next step in our evolution towards greater interoperability between our applications, services and systems?Identity and…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today