The Onion was lately hacked by the Syrian Electronic Army
and it made me re-evaluate the security of my personal social media accounts
and, more importantly, those of clients. A company’s first and last lines of
defense are the clients
The majority of netizens understand web security, but there
are diverse ways social media accounts can be compromised. And let’s be honest,
it’s not something people in general or us internet marketers tend to think
about on a daily basis – especially when a huge Google update is on the loom.
The Syrian Electronic Arma (SEA) showed us just how easy it
was for them to hack “America’s Finest News Source” by phishing Onion
employees’ Google Apps accounts. It all started on one unsuspecting day in May
and caused a huge headache for them.
To help prevent your social media accounts from getting
owned, I’d like to suggest a few simple safety measures for you or your
business to consider.
Educate Employees & Remind Clients
For businesses, the lowest-cost, lowest-tech safeguard against
phishing is education. Make sure that employees know how to recognize phishing
attempts in email accounts and social media accounts.
Also, you may feel like it’s not your responsibility, but
you’d do well to remind clients every once in a while to run antivirus scans,
to avoid sharing passwords, PIN numbers or account numbers and to be on the
lookout for the red flags of phishing attempts.
Isolate Social Media Accounts
Instead of using the organization email for social media
accounts, consider using a Gmail address to isolate your social media account
from your business email.
Another isolation trick is to use an app like HootSuite to
restrict hacker access. If your app gets hacked, no big deal. A bit of damage
control and you’re up and running again. If your social media account gets
hacked directly, and the hacker has total control, then you have a serious
problem.
As an added benefit, many such apps allow you to measure
your social networks, schedule activity ahead of time and more – two birds with
one stone principle.
Strengthen Your Passwords
Treat your social media account passwords like you would the
keys to your house. Twitter advises that they should include at least 10
characters, a mix of uppercase and lowercase, numbers and symbols and be
different from other passwords used for other accounts. There it is, straight
from the horse’s mouth.
Store your complex passwords in a safe place such as
LastPass - my personal favorite.
Operation Damage Control
In the event that a phishing attack occurs, have an
incident-management plan in place where everyone understands their roles to get
things back to normal. Police may need to be notified. If that’s the case, then
any and all evidence needs to be collected and handled with care. If clients
have suffered significant loss as a result, your support should be readily
extended.
In Summary
Phishing doesn’t need to be complex to work. The SEA used
very basic methods involving Google Plus to hack The Onion. People just need to
be more aware and take a few more precautions.
As more and more people engage and make their information
public, we can expect hackers to take things up a notch as social media begins
to play a bigger role in our lives. Make sure your accounts are sufficiently
safeguarded and those accounts that have been entrusted to you receive the
security and care that they deserve.
No comments:
Post a Comment