The past week will likely go down in history as one where we saw the massive impact of social media in today’s world. Most notably, following the horrible events in Boston, social media, especially Twitter, became a leading distributor of news information. While a combination of bad reporting by the traditional news networks and tweets by ill-informed Twitter users often meant that dis-information was being distributed as frequently as accurate information; it is still impossible to ignore the impact social media had on this story. In order to better get its own message out and provide reliable information, the Boston Police Department started heavily utilizing its own Twitter feed. But as people wanted faster access to information, Twitter lit up with the news that a local Bostonian was streaming a live recording of the local Boston police radio scanner – enabling anyone with an Internet connection to hear live police communications. During the final manhunt on Friday evening, as news of the live audio stream spread on Twitter, over two million people ended up listening to the scanner traffic – with many tweeting on what they heard.
From a business standpoint, the impact of Twitter was illustrated this afternoon when the Dow Jones Industrial Average dropped 145 points between 1:08 p.m. EDT and 1:10 p.m., following an erroneous Associated Press tweet that read, “Breaking: Two explosions in the White House and Barack Obama is injured.” The tweet was quickly re-tweeted, but when the news couldn’t be confirmed, the markets quickly corrected and the @AP Twitter account was suspended. The Associated Press is not alone in being hacked – CBS News, Reuters, and Fox News have all had similar problems.
While most organizations do not have 1.9 million followers like the Associated Press, the damage from a hacked Twitter account could be just as damaging to your brand. Unfortunately, Twitter does not support two-factor authentication, which could significantly reduce the risk of a hacked Twitter account. Apple, Microsoft, and Google have all enabled the optional use of two-factor authentication and when hacked accounts are damaging brands and moving markets, it’s time for Twitter to step up and roll out that functionality immediately. Now that the SEC is permitting companies to share investor information on social media, the potential impact of a hacked account only grows.
In the meantime, organizations must be disciplined in their use of social media accounts. Often, the IT organization is not involved in social media – leaving its control to the marketing or customer service organizations. IT needs to help support these teams to mitigate risks of social media hacking:
- Ensure that corporate password security policies extend to corporate social media assets and that all users of that account understand the requirement to use a strong password.
- Carefully review all applications and cloud products that will have access to social media credentials to confirm that their architectures and policies meet your corporate requirements.
- Ensure that corporate social media users regularly attend security awareness training to minimize the likelihood that they will fall prey to phishing type attacks.
- Insist that social media accounts are completely segregated from personal accounts so social hacking or compromised personal accounts do not put the corporate accounts at risk. Consider utilizing password reset email addresses that are not accessible by the social media team without IT involvement.
- Require that corporate Twitter users only access the account from corporate managed workstations and do not enable mobile phone integration.
- Ensure corporate social media users are in the high-priority group for anti-malware software updates.
Social media has proven its ability to report news, build brands, and engage with customers, but it has also proven an ability to spread dis-information, damage brands, and move the markets. Social media providers must step up their efforts to enable better security and IT organizations must partner with corporate social media users to mitigate risk.