In recent months, we have witnessed an increase in businesses making problematic social media posts. Many of the companies involved blamed the incidents on compromised social media accounts and infrastructure. McDonald’s, for example, recently blamed an incendiary tweet on cybercriminals who allegedly breached the fast food chain’s official, verified Twitter account. Last month, fraudsters breached hundreds of other accounts, including major brands such as Forbes and Amnesty International, and posted tweets featuring swastikas.
Seven Ways to Protect Your Twitter Account
Needless to say, such incidents are the stuff of cybersecurity nightmares. Here are seven ways for businesses and individuals to protect their Twitter accounts and, by proxy, their reputations, from the damaging effects of a breach.
1. Follow Social Media Security Best Practices
Practice good social media security hygiene. This means using multifactor authentication, not accepting information-disclosing connection requests from unknown parties, and using strong, unique passwords for each social media account. Good passwords are essential for keeping a Twitter account safe — implementing more advanced protections without having the basics is like building a fort on quicksand.
Additionally, make sure employees are aware that criminals may attempt to obtain their social media credentials via spear phishing.
2. Control and Limit Access
Control who has access to official accounts and limit that access to systems that can audit and track who does what and when. You want to be able to determine who issued a particular tweet, not just for post-incident auditing, but also to discourage misuse.
3. Establish Systematic Safeguards
Implement policies, procedures and technologies that control how official posts are made. These should also block inappropriate content from being tweeted. People make mistakes, but errors with social media can lead to terrible consequences.
Eventually, artificial intelligence systems may be able to protect your Twitter account on their own. But for now, even if technology is used, a second set of eyes is a good idea for all official posts. However, such a review process is highly inappropriate for reviewing tweets posted by employees to their personal accounts. You may wish to implement a system that provides employees with suggested content for posting from their personal accounts, but you cannot force them to make such posts, nor can you rely on such a system to ensure that problematic posts do not go out.
4. Be Vigilant
On that note, ensure that you have a system in place to alert you if an inappropriate post is made and preferably to delete the post automatically before issuing the warning. The McDonalds tweet was up for about 20 minutes and caused quite a media fracas. Had it been deleted immediately, the company would have looked a lot better.
An alert about a problematic post may be the first indication that one or many of your accounts have been compromised. Since inappropriate posts can also include compliance violations and items for which a company may be sued, showing that you took action to quickly obliterate offensive tweets may help reduce other exposures.
5. Use Strong Passwords and Multiple Emails
Protect any email account that is used for resetting any of the organization’s social media passwords, and then supplement that with strong passwords, audited access and multifactor authentication. The ability to reset passwords is sometimes an Achilles’ heel within a system because it can introduce significant security vulnerabilities that can totally undermine sophisticated authentication technology. If you use a phone service that delivers SMS-based, one-time passwords for social media to an email account, do not have them delivered to the same email account you use for receiving reset links for first-factor passwords.
6. Keep Your Credentials to Yourself
Do not supply your login information to any third-party Twitter apps. Legitimate apps do not need it. Also, check that you are on the legitimate Twitter domain before entering any login information.
7. Manage App Permissions
Periodically go through your Twitter app settings and disable access for any apps that you no longer use. Apps can be extremely valuable and are integral to the social media ecosystem. Some can even improve security, but there is no reason to leave access available to apps that you are not using. Disabling this access reduces the attack surface.
The Power of Social Media
Twitter is extremely powerful and valuable. It is one of the primary ways that people today consume news and share valuable information. But bad tweets can wreak all sorts of havoc. They can destroy a company’s reputation, leak sensitive information and help criminals craft social engineering attacks, all of which could potentially lead to legal or reputational damage. To keep your company’s data safe and your online identity secure, make sure you adequately protect your Twitter account.
Cybersecurity Expert and CEO, SecureMySocial
Joseph Steinberg (CISSP, ISSAP, ISSMP, CSSLP) is a cybersecurity thought leader and technology influencer. He writes a column on cybersecurity for Inc., and ...