social media

Don’t panic! What to do if you’re hacked on social media

Social media. Are there any other communication tools that offer so many possibilities yet pose so many risks at the same time?

It was Warren Buffet who said “It takes twenty years to build a reputation and five minutes to ruin it.” And he’s right. One faux par on social media today and chaos can ensue. However, while Warren Buffet’s statement is widely used to promote caution when posting on social media, it’s also true of how you manage it. If you fail to manage your accounts properly, you can undo all the time and effort that has gone into establishing a brand.

Enter Hackers, the biggest external threat to your company’s social media accounts. Why they do what they do is open for discussion – for ‘fun’, to force follows, to force shares -, but whatever their motivation, a successful hack can be disastrous.

When fake tweets about an incident involving Barack Obama were posted on Associated Press’ hacked Twitter feed in 2013, the Dow Jones industrial average dropped almost an entire percent as a result – that’s $136 billion wiped from the value of stock because of a few tweets.

Google the term ‘social media hack example’ and you’ll see for yourself a long list of links taking you to pages that reveal hacking horror stories from the last few years.

I know what you’re thinking: why, if the risk is high, do businesses use social media? Well, it’s because social media provides a direct connection with your customers, and allows for two-way communication in real time. Fundamentally, the risk is worth the reward.

With that in mind, your best course of action is to be proactive in protecting your social media accounts. Here’s how:

Secure passwords – The simpler the password, the easier it is to crack. For example, a password as basic as ‘12345’ would take a hacker just .29 milliseconds to crack.

For the most secure password, you’ll want to follow four rules: use a minimum of 12 characters; include numbers, symbols, and both capital and lower-case letters; avoid obvious dictionary words; and don’t rely on obvious substitutions (i.e. tweaking ‘boat’ to ‘b0at’).

For best practice, you should set different passwords for each social media account and update these regularly (we recommend every two months).

If you’re unsure of the strength of your existing password, use this handy password tester to find out how secure it is.

Authentications – Where possible, enable two-factor authentications. LinkedIn, for example, offers a two-stage process, whereby you receive a random six digit code by text message to enter when logging in.

This handy PC Mag article explains which social media accounts have two-factor authentications: Read the article.

Keep schtum – The first rule of social media passwords is: You do not talk about your social media passwords. Share passwords among only those responsible for social media – the fewer the better. You can’t go wrong if you’re as careful with social media passwords as you are about your own debit/credit card pin code. So, for anyone who has their passwords written down on a post-in note on their desk, it’s time to rip it up and bin it immediately.

Beware third parties – The only sites you should ever enter your passwords into are the social media sites themselves. Any third party site, app or email requesting passwords should be ignored or reported.

“But what if I’m already hacked?” I hear you moan. Don’t panic, follow these steps:

  1. Try to log in. If you’re able to, immediately change the password (following the rules above).
  2. If you’re unable to log in, follow the ‘Forgot Password’ feature on the login page. Go through the verification process to prove who you are and set a new password.
  3. Take screengrabs of the hacker’s posts and activity. Then report the breach to the social media provider, supplying the screengrabs as evidence of the offence.
  4. Communicate with your network: After removing all content posted by the hacker, publish an update through the reclaimed account explaining what has happened. It’s possible that the hacker will have posted private or direct messages, so you’ll want to check if this is the case and then send a follow up message informing them of the hack and requesting they do not click any links.
  5. Review your processes to establish how this happened. Was it a result of a weak password? Did the hacker gain access via the ‘Forgot Password’ process due to easy to guess answers? You need to know so you can prevent future hacks.
  6. Update the passwords and security for all social media. Create and test the passwords in the correct manner. Cutting corners at this stage to save time could cost you a lot more in the long term if you’re the victim of another hack.
  7. If the hacker’s content is of a threatening or abusive nature, you may deem it necessary to report it to the police.

So, there you have it. With the basics of social media security taken care of, you can now focus your efforts on the engaging content and activity that will better establish your business on social media and help in the sales process, having peace of mind that you’re safe in doing so.

Any questions on the above? Get in touch today. Our digital team is here to help.