Protecting Your Brand from a Social Media Hack
As brands continue to engage with consumers and grow their social media presence, they run the risk of becoming a target for getting “hacked,” as we saw from Burger King’s Twitter on Monday morning. The threat of “hacking” will always be present in the digital space. Even more permanent digital fixtures like websites are not always safe… especially if you’ve pissed off the company that built them, but there are some steps you can and should take to mitigate against having your brand on the front page of all the trades and mainstream media because of an embarrassing scandal like @burgerking’s this morning. This story was a good time for us to gut-check our own process, and after reviewing it internally, we felt it may be worth sharing:
How To Avoid Getting Hacked
- Keep a tight lock on who has access. This should be a no-brainer, but logins to social sites are on a “need to know” basis only. Keep the number of people as small as possible, and keep a running list of who has access.
- Pay attention to what has access. This is often overlooked, but there are thousands of apps out there that will ask permission to “post on your behalf” for networks like Facebook and Twitter. Many of these are for good reason, trusted tools like Hootsuite, Spredfast, and Wildfire can be great ways to schedule content in advance and report on performance. But you should check what apps have this kind of permission. If you don’t recognize one of the apps listed, revoke its access immediately.
- Change passwords, not people. Turnover can be a concern in any organization. We’ve taken a simple approach to mitigating risk when employees who’ve had access leave.
- Whenever possible, we keep one account for each tool, and when someone who had access leaves, we change the password(s) for all the tools they had access to. A general passwords refresh is a good idea anyway, but this also keeps us from having to add/remove multiple people from each social account.
- Use trusted tools as a security layer between your employees and your audience. When possible, give the necessary team members access to a 3rd party tool (again Hootsuite or Spredfast are good examples). This allows you to give people access to perform the function they need, without giving full control over the actual account. This is especially important if anyone on your team is managing accounts from a mobile device. Our strict rule is that native apps for Twitter or Facebook should be kept to personal use only, and 3rd party tools should be used for branded accounts. This will prohibit the mistaken “accidental tweet” that was meant for your intern’s BFFs, but ended up blasting out to all your followers. Hootsuite even has a great “secure account” feature that stops you and asks you to confirm that you meant to send a message to a brand page before it goes live.
Beyond these processes and tips, the most important factor is maintaining the highest level of integrity by hiring talent you can trust. Process is critical, but in the end it’s often human error (or even malice) that could drag your social brand into the headlines. So if you don’t know the young intern who’s posting on behalf of your brand… today might be a good day to walk over and get to know them.
If you’d like more detail on space150’s social process, we’d love to chat. Contact email@example.com.