Connect with us

Hi, what are you looking for?



Security of Social Media: Preventing Simple Hacks that Carry a Huge Cost

Social Media Accounts are Critical Access Points –  Treat Them as Such. 

Social Media Accounts are Critical Access Points –  Treat Them as Such. 

When we talk about security, we often mention protecting social media accounts as a secondary measure to be handled after everything else is properly shielded. Social media, after all, seems trivial and inconsequential compared to protecting the infrastructure that houses your data. Furthermore, social media is usually managed by the marketing department, not IT. Before you dismiss the damage that can be caused in something novel like “the social sphere,” understand that social media account compromises can result in catastrophe.

Protecting Social Media AccountsIn a string of recent Twitter hacks, the AP’s Twitter account was attacked through what appeared to be social engineering. The offenders obtained entry to the account through phishing attempts, and sent out a tweet that reported false news that a bomb exploded at the White House, injuring the president. Shortly after the tweet, the stock market plummeted. Panic ensued – all because of one little tweet. The bad news is that the repercussions of misleading or inaccurate claims made from a credible source can reach far and wide. But there is good news too. Companies can successfully guard against these attacks by locking down passwords, testing thoroughly and adding security layers. Here’s how to check all three of these tasks off your list.

Password protection

It’s surprising, but it seems like I read about this simple slip up on a daily basis. Even the most sophisticated security teams can fail to implement a consistent policy for password protection. Social media accounts are critical access points – so treat them as such. If your business doesn’t use a single sign-on solution or some sort of credential management solution, don’t delay getting one. This is probably one of the most effective ways to keep your social media accounts safe from attackers. Also, be sure to restrict access to only those who require it to perform their job duties. The concept of least privilege simply works. Regularly conduct self-audits, and guard your password like your data depends on it – it really might.

Thorough testing, training, and awareness

Just like the AP Twitter account compromise, phishing is one of the main ways that hackers gain access to social media accounts. Social engineering, as long as you employ humans, will most likely be one of your biggest security gaps. It’s proven to be an extremely effective tool for cyber criminals. By conducting social engineering penetration tests, a company can understand where its security plan falls short and educate its employees on how to mitigate attacks.

How to Detect Phishing Emails

In other words, continually train your staff on security, especially social engineering. This is the best way to proactively ensure your employees are aware of the risks and not complacent. As security gaps are discovered, they can immediately be handled without hesitation. Test your employees and your infrastructure by conducting social engineering pen-tests and maintaining a thorough and comprehensive risk management program, because both angles matter to the overall sanctity of your public image.

Advertisement. Scroll to continue reading.

Take advantage of every extra security layer when offered

No doubt in response to the flurry of recent hacks, Twitter rolled out two-factor authentication. Whenever a social media company offers an extra way to safeguard your account – investigate it and try to take advantage of the opportunity. Marketing departments are sometimes hesitant to add extra layers because they’re afraid they will become a hassle, slow down internal processes or remove convenience. However, as evidenced by the recent public incidences – you’d rather take one additional tiny step than deal with the PR and financial nightmare a successful hack creates. Maximize your security by refusing to pass up any available security measures that make sense.

Holes in seemingly minor areas – such as social media account access – could pack a devastating punch if exploited. Practice sound password policies, test your security layers and staff like it’s your job (because, well, it is), and don’t bypass supplemental security features when offered. Your brand reputation will be the better for it.

Related: Passwords, Malware and the AP-Twitter Hack

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...