Within a span of little more than a day, the Twitter accounts of Burger King and Jeep were hacked. Then it was MTV and BET. Do the hacks mean that there will be fewer Whoppers eaten or fewer Jeeps sold? Not likely. It doesn’t appear that any intellectual property or customer data was or is at risk in any of the attacks. But the affected companies’ reputations have been tainted: Moving forward, they will become footnote examples of social business victims. And, although Burger King at least got several thousand new followers out of the situation, no company wants to be a victim.
As with all things security, there are no guarantees, but here are three guiding principles for keeping your business as safe as possible on social.
1. Guard Login Credentials.
It is not clear how hackers gained access to Burger King’s or Jeep’s official Twitter accounts, but for any company, protecting login credentials to public social networks is critical. This might mean limiting the distribution of account user names and passwords to a select few employees who post on social media outlets, or not distributing them at all. Using a solution like HootSuite, companies build social media teams through permissions-based profiles. This keeps the keys to the kingdom safe while also ensuring that users post only to the accounts they should be posting to. It’s also important to formally train any user who is or might be posting to social networks on behalf of your company, and to get them to sign off on your social media policy. (If you don’t have such a policy, now is the time to develop one.)
2. Be Aware.
Companies should continually be auditing their social media presence to make sure that nothing untoward is going on. The updates that were posted on Burger King’s and Jeep’s Twitter pages after the organizations’ accounts had been hacked made it pretty clear that something fishy was going on. It will be harder to catch on to a hacker who is more subtle in his or her approach.
The cautions apply to employees’ email communications too, of course. In an ironic twist, last November Twitter let users know that its servers had been breached by sophisticated hackers who might have made off with the user names and passwords of 250,000 users. Twitter sent an email to affected parties and asked them to reset their logins. The trouble was, some users rightly feared that the emails purporting to be from Twitter were not legitimate and were a clever phishing scam. They were legit, but the lesson here is that organizations need to be constantly vigilant and that nothing — not even a warning from a relatively trusted source — can be taken for granted.
3. Be Honest With Customers.
Hacks happen. When they do, affected organizations should respond immediately and honestly. Let your customers know that you are aware of the situation, that you are doing everything in your power to make sure that they are not compromised in any way, and that you are also doing everything in your power to make sure a hack like this doesn’t happen again.
Above all, own it and apologize (sincerely) if warranted. On the day that that Burger King hack occurred, the company released the following statement:
“Earlier today, our official BK Twitter Account was compromised by unauthorized users. Upon learning of this incident, our social media teams immediately began working with Twitter security administrators to suspend the compromised account until we could re-establish our brand’s official Twitter page. We apologize to our loyal fans and followers, whom might have received unauthorized tweets from our account. We are pleased to announce that the account is now active again.”
This statement was clear, honest and direct, and it paved the way for Burger King to re-establish its social credibility.
What do you think is behind this flurry of hacks? Do you think we should expect to see more of the same? What is your company doing to protect itself? Please let us know in the comments section below.