Last week someone got into my wife’s Yahoo account. Everyone in her address book received a note that she was robbed in the parking lot of a London Hotel and needed $1200. Luckily enough I didn’t fall for it. For one thing, I can’t remember a hotel in London with a parking lot, that and she was in the next room when I received the mail, and I was pretty sure I wasn’t in London.
My wife’s faux London emergency, could just as well be a fake product recall, or an announcement of a pending acquisition.
Some tips for managing security for you organization’s social media accounts:
- Never send passwords in email or, worse IM.
- Store account information in an encrypted database. There are a number of open source tools out there including the one I use, KeePass.
- Create passwords that don’t contain patterns. Choose random configurations of numbers, letters and special characters. When creating a password, make sure any special characters you use, can be entered on a mobile device. If you are a multi-national company, make sure to use only characters that are universal in the languages you work in.
- Change passwords every 90 days
- Create some type of trigger so when an employee who had access to the account, leaves the organization, you know to change the password.
- Make it clear to employees that storing passwords on their local systems, on a post-it note or in email is not allowed.
- If an account is compromised report it to to your legal department (and security department if you have one). Content posted to social media profiles are considered material by the SEC.
Add a comment with your tips.