On Monday of this week, Burger King‘s Twitter account was hacked. The assailants took over and started posting stuff that would make any business’s face turn red. Not only that, but they were posing as McDonald’s, using bad language, and just making Burger King look really, really bad in social media.
Don’t think that people only hack big brands.
In 2006, I found phishing sites on my domain. The hosting company that I was using at the time was obviously less than hacker safe, and so I had to go in and remove the pages in question myself. I changed my password and all, but it made no difference.
A short time later, probably the same people (and I’ll never know) went in and deleted all of my databases, which included a blog that I’d been writing in for over two years, my affiliate program, and a redirect/link shortener that I use called “Go Try This.” All gone. All the posts, all the affiliate information, all of my links. I’m guessing there are still broken links floating around out there somewhere. But for me, who was a very small business owner at the time, it was infuriating, and there was little I could do about it.
Of course, it could have been so much worse!
Let’s move this over to you and how you’re handling your security. Some of you, I know, have small businesses online, but also have offline store counterparts. You really don’t want your pizza restaurant, for example, to have its Twitter, Facebook, or any other type account that is the “face” of your brand to be taken over by these ‘Net hooligans. It could do some serious damage with your clients who aren’t terribly Web savvy and who believe that everything they read on the Internet if true. (You’ve seen that insurance commercial, right? I laugh every time I see it.)
Here are some things you should do on a regular basis if you worry about the “security of your sh*t, Osbourne Cox.”. (OK, yeah. Burn After Reading, ):
- Don’t use the same password for everything. This is a major mistake and an easy way for hackers to get into everything you do online, like your bank accounts and stuff like that? This is a very bad idea, and I see it all the time.
- Don’t use simple words for passwords, without including some case difference, numbers, or symbols included, too. “Mustard” or “123456” won’t cut it anymore. (See the 25 Most Commonly Used Passwords for 2012 here.)
- Try to make your passwords a combination of 8 letters and characters long. Some sites will prevent this by requiring fewer digits, but use eight whenever possible.
- Change your passwords often, like once a month. I know. If you have as many as I do, it’s not possible. OK, so change your important passwords often.
- Always change passwords when someone leaves your company, no matter how amicable the separation was. It protects that person, too, by taking the possibility that they are at fault out of the equation.
- Don’t allow everyone to have mobile access to your social or other accounts. Mobile is tricky. The person may not have your passwords secured. Make sure they do.
- Make sure that anyone who uses your accounts on a mobile device has their device password protected, as well.
- Monitor your social account daily or have a trusted employee do this for you. It’s best to catch an attack and deal with it right away, rather than have stuff you don’t want to happen going on for a long time. The longer it goes on, the more the bad stuff becomes credible.
- If your social accounts are attacked, make your customers aware. Mail to your list, post to Facebook, LinkedIn, GooglePlus, etc. Let your fans know what happened.
- Also help your fans to understand that their security is not at risk. (Unless it is, of course.)
No matter how big or how important your brand is (or is not), these are important safeguards that you should follow when you want your accounts, social or not, to be secure. Ignore these safeguards at your own brand’s peril.
Or, if you have other tips that weren’t included here, love to hear them! Just let our readers know in the comments below. Thanks!