It was a prolific start of the week for hackers. Over the weekend, Crayola’s Facebook page started posting off-color remarks of an adult variety this weekend. Then on Monday U.S. Central Command’s Twitter account posts threatening messages from ISIS during a major speech from President Obama on data security. To boot, United Airlines and American Airlines revealed late on Monday that their customer databases had been hacked.
Data security has become a major PR issue. The trend of hackers attacking corporations is accelerating. For PR pros, the social media hacks can be horrifying. When hackers get control of corporate social media accounts, they do everything in their power to ruin a brand.
Crayola — a well known brand for kids providing coloring tools — was attacked by hackers posting lewd images. What was supposed to be innocent and cute became dirty and perverted. Crayola responded by apologizing for the posts, and received many warm messages from its understanding fan base.
In the case of Centcom, hackers posted threats from and bold statements about ISIS as well as internal documents. Centcom said they were investigating the breach, and shut down the Twitter feed in the interim. Most security officials dubbed it an amateurish minor breach given that it was Twitter, though not insignificant.
When, Not If
During his speech President Obama said the U.S. had been reminded of “enormous vulnerabilities for us as a nation and for our economy.” He noted the recent Sony hacks, unknowing that his own military’s Central Command Twitter account was leaking internal documents at that moment.
Corporate communicators have to plan for internal data and social media account hacks. This is no longer a crisis of the rare fool. In fact, it’s becoming quite regular with a story about a renegade hack or a data leak unfolding every week. Perhaps this is the terrible rite of passage for PR pros in the digital age.
When your social media accounts get hacked, there are several actions that can help your efforts mid crisis:
1) Get control of your network.
If you log in, change your passwords ASAP. You should also change the email address associated with the account. Find which third party apps are associated with the account (e.g. HootSuite, Buffer, etc.), and go through the same procedure on those email addresses and passwords.
2) Can’t log in? Contact the network.
If you can’t log in, your next step is to contact the social network immediately. It helps to have a native advertising account for obvious reasons. Usually brands that advertise get priority treatment. After gaining access to your accounts, follow the prescribed changing of account identifications and also with your third party apps.
3) Make a public statement.
Acknowledging the hack is critical, even if you still have not gained control of your accounts yet. Your customers must know that these posts were not made by you and that your organization doesn’t endorse the comments. You can issue your statement via a different social media account or in a short press statement or both. Crayola did the right thing by apologizing to their customers for the offensive posts.
We don’t condone the inappropriate & offensive content being posted to the fraudulent Crayola FB page & sincerely apologize to our fans.
— Crayola (@Crayola) January 12, 2015
4) Delete the offending updates.
Let’s be clear: someone else’s crime should not stand on your social media accounts one second longer than necessary. Press that trash can icon with relish.
5) Review data security protocols.
Go through the rigamarole to identify weaknesses and eliminate loose ends. These may be the obvious sources of your hack.
Where are account passwords being kept? Do people who no longer do business as your brand’s spokespersons have access to these accounts? How frequently are passwords updated? Has your brand allowed access to a wide variety of untrusted third party apps? Eliminate all unnecessary third party apps.
Speed is essential when you take these actions. Move quickly!
Afterwards, conduct a larger audit about how your accounts get accessed. Did a team member update from a public computer or wifi network? Make sure smart protocols are being observed so your corporate social media is as secure as possible.
The good news is these hacks are increasingly common. If you acknowledge the hack and clean it up as soon as possible, most customers and other audiences will forgive.
What are your thoughts about social media and corporate data security?