4 Ways to Mount a Cyber Defense in Light of the U.S. Military's Social-Media Hack
This week’s hijacking of several social-media accounts run by U.S. Military Central Command underscores a powerful message: Just because it wasn’t data or computer networks that were attacked doesn’t mean it’s not detrimental to your business.
While we’ve heard about powerful data breaches at Target, Home Depot and even JP Morgan Chase (to the tune of 70 million customer accounts), social-media accounts themselves are another risk.
As a quick background, this week, the Washington Post reported that hijackers claiming ties to the Islamic State took over both the Twitter and YouTube accounts of U.S. Military Central Command, tweeting out what were apparently military powerpoints and data on retired Army personnel.
Social media is changing the way we think, market and operate. Businesses around the world are scratching their heads, trying to figure out how to operate and leverage this new medium.
So what can businesses do to go on the “cyber defense?”
From an organizational perspective, firms need to consider how they will provide access to social networks, how they will manage the publishing workflow and engagement to posts, detail procedures for securing networks and individual devices, including the heuristic approach to sniffing out possible unpublished malware and attacks, and recovery procedures for handling widespread compromises.
But there are a few other key things business leaders can do:
1. Do the basics
Lock and encrypt computers, use anti-virus software and a password manager and avoid relying on obvious passwords. Train employees and conduct simulations of a data or social-media breach. What would they do? Who would they report the act to?
2. Create a customer feedback loop
It’s surprising the number of financial firms that do not have an easy way for customers to communicate online about issues or a breach. Consider a message in statements or online directing consumers to alert leaders to possible cybersecurity threats.
3. Protect publishing platforms
Web publishing is a straightforward process. The key is in the tools you use to post content. For example, if using WordPress, secure that platform to better protect yourself and prevent the uploading of files that could infect your site or your visitors. Never allow others to upload files without first scanning them for potential risks.
If you are using a content management system, you can mitigate this risk by having third-parties log in as a contributor, which limits them to typing in their content for your moderation and publication.
4. Protect your accounts on Facebook, Twitter, LinkedIn and Google
Using two-factor authentication is essential. It prevents most, if not all, hacks of social accounts.
And what about comments on these profiles? Let’s say someone hacks your Facebook account and posts something unsavory, such as pornography. You’ll need to remove the content, secure your account (changing password, etc.), recover it so you can delete any content, and turn on two-factor authentication to prevent it from happening again.
On Twitter, if someone posts something offensive about you, block them from being connected to your account and report them as a spammer. (The networks are pretty good about following up on this.)
It’s a new world that calls for new ways of thinking and approaching social media. Use this latest breach as a reminder that protecting your business and your reputation is paramount and that these new, powerful and instantaneous communications channels are not to be ignored.