Social Media Security Matters; Just Look at the Trump Twitter Account Debacle

Last week’s Trump Twitter account incident – where the president’s Twitter feed was deactivated for 11 minutes – was fodder for many late-night television jokes. All kidding aside, though, enterprise social media security is serious business.

A social media presence is an integral part of B2B and B2C digital marketing. From multinational corporations to home-based micro businesses, companies in all sectors use Facebook, Twitter, Instagram, and other social media channels for SEO and reputation management purposes, to establish credibility and thought leadership, to interact with current and potential customers, and, for many B2C companies, to drive sales directly, especially during the holiday shopping season.

Organizations should look at what happened to the Trump Twitter account as an example of why they should keep social media security at top of mind during the holiday season and throughout the year.

Proactive Tips for Social Media Security

Social media security shouldn’t be an afterthought. The first thing to keep in mind is that your company’s social media feeds are as important and sensitive as your email system, databases, employee PCs, cloud servers, and other enterprise systems. You may have laughed at what happened to the Trump Twitter account, but it wouldn’t be so funny if your company’s social media feeds were disabled or hijacked. Your social media feeds need security controls just as much as your databases and cloud servers do.

Tightly control access to your enterprise social media feeds. Your social media feeds should be treated just like your internal and cloud systems; if an employee doesn’t need access to them to perform their jobs, they shouldn’t have it. Twitter has found this out the hard way. For years prior to the Trump Twitter account incident, the company was warned about handing the keys to the kingdom to too many employees. Even worse, the Trump Twitter account wasn’t the first one that was breached.

Use social media management platforms to control access levels. Cloud-based social media management platforms, such as Hootsuite and Buffer, allow enterprises to control how much access each employee has to the company social media accounts. A particular employee may be allowed to compose messages, for example, but not have access to the actual account passwords, and their messages can be set to not go live until they are screened and approved by a manager.

Never give interns or temps unfettered access to your social media feeds. At first, Twitter thought that a rogue employee had deactivated Trump’s account. Now, it is believed that a rogue third-party contractor did so on the way out the door. It is not uncommon for companies to use unpaid interns to manage their social media accounts, and many other companies hire temps to tackle social media work during the holiday shopping season. From a social media security perspective, these are terrible ideas, especially if the intern or temp has complete and unsupervised access. At the very least, use a social media management platform to limit the temp’s access. Never give them account passwords or allow them to post directly; always have a permanent, trusted employee screen the messages.

Be careful when outsourcing social media management. If your company chooses to hire a third-party social media management firm, vet them as carefully as you would any other service provider. Get references and check them, and never hire a third-party social media vendor based on price alone.

Author's Bio: 

Michael Peters is the CEO of Lazarus Alliance, Inc., the Proactive Cyber Security™ firm, and Continuum GRC. He has served as an independent information security consultant, executive, researcher, and author. He is an internationally recognized and awarded security expert with years of IT and business leadership experience and many previous executive leadership positions.

He has contributed significantly to curriculum development for graduate degree programs in information security, advanced technology, cyberspace law, and privacy, and to industry standard professional certifications. He has been featured in many publications and broadcast media outlets as the “Go-to Guy” for executive leadership, information security, cyberspace law, and governance.