Made with Flare More Info‘>
The Marketing Formula Series: Protecting Your Online Brand Part II
In Part One of this blog post, we discussed simple steps for minimizing brand risk on social media. Simply by registering your brand on the most popular channels before others do you protect your brand from easy threats. This week we’re going to discuss account security. What you need to know, and how to set strong account protection standards across all your social channels.
Right now you may be thinking “why would anyone want to pretend to be our little brand online?” or “hackers always ruin everything!” Both are perfectly natural. Whether you think your brand may be a target or not you should behave as if it is in the crosshairs. Account security isn’t as simple as setting strong passwords (which few of us are good at doing naturally, without a password system in place). With that in mind, there are two major security threats you face on social media channels.
Malicious Programs and Phishing:
Many services exist that add functionality or features to your social media accounts like added analytics, additional followers, or marketing automation activities. It is very tempting to jump on every new tool that offers to help make your job easier. However, some of these tools require access to your account to work. If you are asked to login to a tool using your Twitter, Facebook, Gmail, or other login details you could be giving a third party everything they need to hijack your account. This is one of the most common threats. This does not mean you should never use third party services (we use many here at Talent Formula), but be sure you can trust the ones you do use.
If you have been using social media tools like Facebook or Twitter for long you may have encountered a friend who suddenly starts sending you private messages about secret photos of you online, or warning you that someone is spreading rumours you need to see. These are often accompanied with a link you need to click in order to see the offensive photos or messages. When you click on that link you put your account security at risk. This is one of the most common attacks spread through social media. If you suddenly get a strange message from someone you know, try picking up the phone to confirm they sent the message, before clicking on strange links.
Hackers are extremely intelligent and creative groups of people. Often the hacker is a single individual and it is a crime of opportunity when they notice a back door that has been left open, but sometimes an organized group of people will target a brand intentionally. Why do they do it? Many times its to teach a brand a lesson about security, sometimes they want to embarrass a brand that has offended them, or to punish them for corporate policies the hackers disagree with.
Prevention is key:
The number one way a hacker gains access to an account is through overly simple passwords and security questions. Follow the simple steps below and make them a part of your regular security routine to make sure your brand is not an easy target.
1. Use a Mixture of Letters, Numbers, and Special Characters:
While some security experts believe simple english phrases like “TheRedFoxJumpsHigh” make brute force attacks difficult (automated computer programs have difficulty processing natural language) most experts still recommend using a mixture of letters, numbers, and special characters. For help generating random passwords check out strongpasswordgenerator.com, or use a program like 1Password (https://agilebits.com/onepassword) that keeps all your passwords safe.
2 Don’t use Password Hint Reminders:
If your password is simple enough that a password hint could refresh your memory, then a hacker can probably find the answer by googling your name. Trust me, you may be smart and witty with your password hints, but you’re not as clever as a team of hackers who are determined to accomplish a goal. Does this really happen? It did to Sarah Palin, who saw all of her personal emails posted online after hackers banded together to determine the answers to her Gmail accounts security questions.
3. Use Different Passwords:
We’re only human, and the temptation to simplify our lives means we often use the same password for multiple accounts. Resist this lazy urge and remember that Rome was not built in a day, or by using shoddy construction material (Cue flood of comments about lead pipes, sure I asked for it). Hackers will often focus on cracking one important account, like an email address – and use that account to reset the passwords on all of your other accounts. This is made extremely easy for them if you use the same password so don’t do it.
4. Rotating Passwords:
Set a regular reminder to change your account passwords at least every 3 months, or if you want to be extra careful – once per month.
5. Review Application Permissions Monthly:
On Twitter click on the gear icon at the top right, then click “Settings”, then “Apps”. Regularly review this for apps you are no longer using or don’t recognize and revoke their access. On Facebook click the gears icon in the top right, then “Account Settings” then “Apps”, review these apps and their settings once per month and clean house regularly.
Too Late, I’ve Already been Hacked!
First, don’t panic. While some of your followers might be angry you send them spam DM’s and unfollow you they’re likely no longer fans of your brand anyways. Most will understand that your brand is also run by human beings, and it could have happened to them just as easily. When Burger King’s twitter account was hacked its follower numbers grew by 18% in one day – the largest single growth spike the brand had ever seen. While it is embarrassing, its not a disaster – and no one ever thought “I’d really like to get my Whopper my way today, but they’re twitter account got hacked recently so I’m going to Wendy’s instead!”. If your brand has already been a victim follow these simple steps to regain control of the situation.
1. Try logging in:
If the hacker simply gained access to your account but did not change your account passwords you must:
a) Send them a thank you card, they were very nice.
b) Change your account password right away.
c) Revoke access to all of the third party apps that can access your account (described in step 5 above).
2. If your password does not work:
Your only recourse now, is to submit a support request to the social media site that was compromised, and then wait. And pray?
3. Notify your fans in whatever way you can:
While you wait for support to unlock your account, I recommend posting a message about the incident on the other social media channels that you still have control over. Most people will be understanding of the situation and not take anything posted during the ordeal to seriously. The important thing is not to panic, and show your fan base that you are aware of the situation and working to fix it.
Have you seen any great example of brands that handled hacking situations well or poorly? Lets discuss in the comments below! If you have any suggestions for future posts, we’d love to hear them in the comments as well.