The Twitter password security breach is a good reminder of why it is important to always protect yourself by using good online security. You should be doing it on your personal accounts, but if you are responsible for corporate social media accounts it is even more important to get it right. They are more vulnerable to potential attack because they are higher profile than most personal accounts.
LinkedIn has also suffered similar security breaches. That’s why it’s so important not to use the same password across different accounts as if you do then one is breached all of the others are vulnerable as well. The @HMVtweets incident where an employee that was being made redundant used the official HMV Twitter account to tweet about it is another good example of why you need a good password management policy in places. It appears in the HMV case that management didn’t immediately have access to the Twitter account.
If a brand or corporate social media account is breached then the corporate reputation consequences can be serious. Not only is the actual breach embarrassing, but it also raise serious doubt about the company’s or organisation’s ability to keep other information secure. The fact that sensitive data is dealt with securely by a different team to the social media won’t stop people worrying and doubting you.
Some good tips for password security are:
1) Use a different password for everything. Yes, if you’ve got lots that might mean hundreds of different passwords, but there are ways to manage that. And also in reality you’ll be using far fewer on a day to day basis as some of these accounts will be ones that you aren’t active on.
2) Lots of secure password advice is wrong. Lots of people think a secure password means an eight character word with a mix of capital/lower case letters, numbers and symbols. One problem with this is that you’ve very little chance of actually remembering it, especially if you’ve used a different password for everything. Another is that most people use the same ‘tricks’ to change the word. They’ll replace ‘O’ with ‘0’ (zero), or ‘S’ with ‘5’, or ‘l’ with ‘1’. You seriously don’t think hackers don’t know that and haven’t developed programs designed to use the same logic to crack passwords?
3) A long nonsense phrase is far harder to crack. This great graphic (via @absinthetweets) explains it better than I can:
4) Use a password management service. Personally my favourite is LastPass. The basic version is free and it makes it really easy to generate and store a unique secure password for every website or service you use. The premium version is just $12 a year and lets you use the service on most mobiles. The enterprise version which is ideal for managing password security on corporate social media accounts is $24 a year per user and lets you securely share groups of passwords with other users. The obvious point of vulnerability for systems like LastPass is the master password which is why you need to make sure it is both secure and changed regularly.
5) Always remember to change passwords, third party access permissions and administrator privileges when employees change or you change external providers who you’ve given access to such as digital or PR agencies.