SOCIAL MEDIA BLOGS, NEWS & EVENTS

Are you a password carer or sharer?

03 April 2014 | 10:47 am

3508224_mlEvery year we all see the list of the most used and most unsecure passwords and have a quiet chuckle to ourselves whilst at the same time asking how people can be that stupid. However, do you apply the same security to your social media passwords as you do to your general business and personal passwords?  Are you a password carer or sharer?

Related: TV5Monde’s disregard of security exposes passwords on live television

Employees are often required to share password and login details in order to access social media accounts. With the integration of social media across an organisation, including customer services, there may be a requirement for hundreds of users to access a single Twitter account.  This is a situation that we see across both private and public sector organisations.  Add to this the increasing use of social media to engage with customers then it is easy to understand how security can become a little lax.

With the practice of shared passwords common, very few organisations have robust audit trails. If a rogue post goes out the chances of identifying the source is practically impossible.  The consequences can be embarrassing and costly to resolve.  While hacking and breaches in security are likely to appear on the majority of corporate risk registers – how many organisations recognise the risk of social media misuse?

The sharing of usernames and passwords will undoubtedly break the IT policies in place in almost all organisations. Quite often IT are kept in the dark about the sharing of social media passwords. This doesn't bode well for cooperation and collaboration and could land employees in hot water.

Are you protected when people leave your organisation? At CrowdControlHQ we have seen from organisations who have come to us for help, what can go wrong if there are no controls in place.  For example, in one case an employee who had been in charge of the social media accounts left the business so the responsibility for the accounts was given to someone else. Unfortunately the new administrator had no visibility as to who had access to the accounts and what they had access to. This meant there were no controls in place to monitor use of the social media accounts and also to ensure that the outgoing employee could no longer access the company accounts and post whatever they wished to.

This problem was even more clearly seen when in another organisation the leaver “took the keys” to the Facebook account and then posted malicious information on that page whilst at the same time promoting a competitor.

All too often confidential username and password information is on full display on whiteboards or in shared folders. In these cases it is almost impossible to find out who has posted what. Malicious tweets and postings can occur from disaffected staff without any comeback on the employee who is responsible for them.

It is only after an incident that the folly of this approach is truly understood. As such, it is essential for those organisations that have multiple users of accounts to employ a management system that not only protects them but can provide an electronic audit trail that is essential to prevent social media misuse and provide accountability.  Social Media Management Software can take the headache out of this, making you a carer not a sharer of passwords.