Stranded in London

Last week someone got into my wife’s Yahoo account. Everyone in her address book received a note that she was robbed in the parking lot of a London Hotel and needed $1200.  Luckily enough I didn’t fall for it. For one thing, I can’t remember a hotel in London with a parking lot, that and she was in the next room when I received the mail, and I was pretty sure I wasn’t in London.

My wife’s faux London emergency, could just as well be a fake product recall, or an announcement of a pending acquisition.

Some tips for managing security for you organization’s social media accounts:

  • Never send passwords in email or, worse IM.
  • Store account information in an encrypted database. There are a number of open source tools out there including the one I use, KeePass.
  • Create passwords that don’t contain patterns. Choose random configurations of numbers, letters and special characters. When creating a password, make sure any special characters you use, can be entered on a mobile device. If you are a multi-national company, make sure to use only characters that are universal in the languages you work in.
  • Change passwords every 90 days
  • Create some type of trigger so when an employee who had access to the account, leaves the organization, you know to change the password.
  • Make it clear to employees that storing passwords on their local systems, on a post-it note or in email is not allowed.
  • If an account is compromised report it to to your legal department (and security department if you have one). Content posted to social media profiles are considered material by the SEC.

Add a comment with your tips.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: