For all the time, money, and effort that corporations spend on securing their data, email, websites, etc., there’s a surprisingly small amount of consideration given to corporate social media accounts. Need I remind you about Scriptkiddies’hack of Fox @FoxNewsPoliticsthat put a number of secret service agents on high alert? Whether it’s your organizations social media channels, or just your ownpersonal repon the line, taking the time to shore up your account against hackers is time well spent.

The Setup

To be clear, the scenarios I’ll outline below are not actual hacks. A hack is the end goal of a sometimes quite sophisticated method of obtaining your social media account details. The beginning of this chain usually begins with a phish. If you’ve ever received a notice from a Nigerian prince, then you’re already privy to what a phish looks like. If it’s too good to be true, too awful to not have heard it multiple times elsewhere, or simply a message out of the blue from a random stranger; there’s a good chance you’re looking at chum.

A common phish that’s been making it’s way around the Twitterverse for a bit now is the “Is this you in this video?” or similar derivations thereof. Sadly, hackers are preying upon natural human curiosity, especially when it comes to oneself. What this actually is, is a redirect to any number of harmful URLs floating around on the ‘net that are worms that once clicked, self replicate and can make their way through networks. Once an outside source’s worm has infected enough, or the right areas of a network, say goodbye to control, as a hack is now officially in progress.

Another growing trend across social networks is for phishers to capitalize on popular news events, quickly set up a site that mimics a true source, or sometimes not even bother, and spread their infected URL’s across the social web.

The 💜 of EU tech

The latest rumblings from the EU tech scene, a story from our wise ol' founder Boris, and some questionable AI art. It’s free, every week, in your inbox. Sign up now!

On the Facebook front, 9 times out of 10, a phish is propagated from a previous hack (thinkFaceNifforFiresheep). Once a user account is infiltrated, the hacker will then post, what appears to be, a link to a video. If you look carefully, this “OMG! Most amazing (fill in the blank here)!!” video is pointing towards apps.facebook.com, something you’d not normally expect for a video link. This link then takes you to a Facebook app that then quickly redirects you to a very much Facebook looking site (also known as a spoof), and prompts you to login. Enter those precious details, and congrats, the phish is over and the hack may begin at any time.

Remember, if your social media account is greeted with any links to web pages, videos, photos, etc.: Shields Up!

The Solution

Ok, ok. I get it. Not everyone is hyper vigilant in their day-to-day dealings with their favorite social networks. So what can be done to avoid such nastiness?

A good starting point is to carefully control and limit who has access to the corporate, or personal, social media login details. That’s not to say that collaborative interactions with customers and fans is discouraged, but how many key players do you really have running the show? I’d bet that Jim from Accounting probably has a few more forecasts and budgets to focus on before he gets to converse with the public about Acme Corp.’s intricate financial reporting details. And for those that do have access to the social media login details, are they trained? Have they read the paragraphs above, are they well versed in spotting a phish?

Once you’ve put the lockdown on who has the keys, it’s time to put your social media house security in order. Here’s a rundown on what you should be taking a look at:

Why? If your organization is using socialmedia@acmecorp.com to login to the majority of social media channels, you’re already one step behind the hackers, as they now have one of the two crucial elements of gaining access to your account. If you’re using the same password all over the place, brother, your day just got a whole lot more interesting, and not in a good way. Do not simply go down the line, twitter@acme, facebook@acme, etc., rather, apply some variation that most can remember, but not all can guess. Twlt3r@acme, and f4c3b00k@acme could be some possible combinations.

The Cleanup

So you’ve done just about everything that you can do to secure your social media channels, but it looks like Matthew Broderick has beensent to the Principle’s Officeand managed to obtain your passwords (again). What now?

Follow, to a T, the social media hacking procedure you and your team put in place months ago. I’m sorry, what? You don’t have a, “Holy kaw! We were hacked! Ok everyone, remain calm, this is what we do,” plan in place? Fear not, here’s a handy outline:

While a number of these points and actions seem simple and obvious, most of us are juggling 5 things at once, and don’t always stop, think, view, and then click. With a bit of pre-social security training, and a well thought out and in-place social media disaster program, you can cut, “OMG, we’re doomed!” down to a simple, “When was the last time we were hacked?” or at worst, “Ok, that’s not fun…but we managed it, and we’ll continue managing it, ensuring that it doesn’t happen again.”

Story byDan Taylor

Dan Taylor is a professional Photographer and freelance writer based in Vienna, Austria. Dan is a co-founder at Heisenberg Media and speci(show all)Dan Tayloris a professionalPhotographerand freelance writer based in Vienna, Austria. Dan is a co-founder atHeisenberg Mediaand specializes in conference photography. You can find him onFacebookandTwitter

Get the TNW newsletter

Get the most important tech news in your inbox each week.