SOCIAL MEDIA BLOGS, NEWS & EVENTS

How to avoid the top 4 corporate security breaches on social media

06 November 2014 | 05:26 am

This week, the news has focused heavily on the issue of security across technology.  The ISIS hack of The Keighley Cougars, a Rugby League club, sent shockwaves across sporting circles.  The Press Association has confirmed that it was a hack of a server that landed the club in difficulty, impacting on at least 60 other websites.

The financial times are reporting that the threat of terrorism is far reaching across technology, making very troubling reading indeed.  The focus on digital security - who we entrust with access to our digital channels and the processes that we establish to protect ourselves will no doubt be key topics of discussion in 2015.

So today, we look at 4 types of security breach that could impact on your social media channels and give you some tips to help you avoid them in the future.

The 4 types of security breach that we regularly see include:

1. The Hack Attack - Associated Press (@AP)AP

The Associated Press social media account suffered from a hacker posting a tweet regarding explosions in the White House & stating that President Barack Obama was injured. This tweet impacted on the stock markets leading to a 1% fall in a matter of seconds. This incident highlights the power of social media in moving financial markets.

CNN (@CNN)

A more recent example of the hack attack was seen at the start of 2014 when CNN lost control over their social media accounts, resulting in false information being posted via their official Twitter account. Once, CNN had recovered the account they determined that the account had been compromised via a third-party social publishing platform.

This was a genuine hack of an account by an external source.  This is a consistent threat to organisations. The more prominent or successful you are, the more vulnerable you are to the threat. The protocols around creation of passwords and frequency of refreshing passwords is critical to reduce the risk of this happening to your own accounts.

2. The Disgruntled Employee – HMV (@HMVTweets)

When HMV faced financial difficulties, a disgruntled member of staff took to the brand’s official social media channels, giving live updates of staff redundancies under the hash tag #hmvxfactorfiring.  Senior management discovered that without access to the passwords for the official HMV accounts, they remained powerless to delete or stop the flow of reputation damaging posts.

The case highlighted the trust issues associated with employees in managing the ‘official airwaves’ of a brand, especially during times of crisis.  Again, this issue could have easily been avoided & managed by removing direct access to social media accounts and features such as moderation tools.

3. The Disgruntled Fan - Walsall Football Club (@WFCofficial) Walsall FC

Every brand aims to create fans from their customer base. However, when it all goes wrong, social media can be a soap box for disgruntled customers. Following a local derby between Wolves & Walsall, an offensive tweet was posted by a fan via the verified Walsall FC twitter page. The tweet is suggested to have been sent by a passer-by of an unattended laptop logged in to Walsall’s official Twitter account.

Related: What Rooney & Suarez can teach us about social media and brand reputation

A laptop or mobile device should always be protected with a password which is changed regularly. Listening and moderation tools should also be in place to protect official fan pages from disgruntled fans who are tempted to post offensive remarks.

4. The Blushing Employee - Walsall Council @WalsallCouncil (7th July 2012)Walsall Council

Walsall council re-quoted a tweet mocking at the time Education Minister Michael Gove and added the hashtag #saveusfromtheposhboys .

The Council’s first response was a Statement tweet outlining that the account had been hacked. However, on closer inspection it was discovered that an employee had used the same hashtag on a personal account.  This led to a statement by the council announcing that the tweet was now the  ‘subject of an internal investigation’.

On this occasion, it transpired that the cause was human error due to the employee having access to both his personal and the council’s Twitter account on one device.  This mishap could have been easily avoided by removing direct access to the council’s social media platform through a social media management platform and the audit trail could have prevented the Council from declaring that this was a hack attack.

Hope you find these tips useful and if you have others to share please comment below or tweet us @CrowdControlHQ

Lewis Jones

Digital Manager

CrowdControlHQ is the UK’s leading social media risk management and compliance platform built for enterprise.  Our clients benefit from advanced security and brand protection features, that sit alongside crowd engagement tools, to protect brand reputations in social media environments.