Most businesses take advantage of social media to help market, enhance and provide a personal touch to their products or services. Social media ‘assets’, such as Facebook, Twitter, Google+ and LinkedIn are becoming vitally important tools to engage with the digital world.
It is essential that businesses take into account the full value of these ‘assets’. Like servers, files, funds, equipment and staff, social media assets should be included in stocktake and audits. As a result, their use and management should be afforded the same policies and security protocols that one would apply to any other company asset, as these can be easily mismanaged or breached[1].
USA President Trump has been known to use his Twitter account to relate any and all kinds of news, be they personal opinions or public policy. Earlier this year, wait staff at President Trump’s Mar-a-Lago Resort tweeted photos showing the President and Japanese Prime Minister Shinzo Abe discussing a North Korean missile launch while at dinner. Some US security officials expressed dismay at how easily the public were made privy to an ‘open air situation room’[2].
This week, Australian Defence Industry Minister Christopher Pyne allegedly had his Twitter account hacked. The hack involved his Twitter account ‘liking’ a link of a gay pornography video. It was further reported that there had also been attempts to hack Mr Pyne’s Facebook account as well[3]. As a result, the Labor party called for an investigation on the attempted breaches into social media accounts[4].
We have all known or even personally experienced these kinds of personal account hacks. On occasion you might find that a Facebook friend might post or send questionable links that appear out of character for that friend. Other times, you may find that someone has been posting articles acting as yourself. Sometimes, your private affairs might be inadvertently shared by other people who may not understand or care about your own privacy. Such is the state of social media that often your personal and private affairs can be exposed to the digital world without your consent or permission.
At best, social media security issues & breaches are embarrassments that can be deleted. Facebook has several safety features in place that allow users to identify posts not made by them. Twitter also has some similar measures in place.
At worst, hacked social media activity can cost a company its business, ruin reputations or create diplomatic conflict. Mr Pyne’s Twitter account is both for public and personal use. His Twitter handle and any other kind of account might not always be relevant to his policy or his role as Australian Defence Industry Minister. Nevertheless, because he is a public person, the account must be managed and protected as if it was a government asset.
In this case, the lines between personal and public become slightly blurred. Would any public servant’s social media accounts require management and oversight? How can you regulate personal posts and content from those that affect the government (or any other business)?
Below are some tips to consider:
- Who in the organisation has regular contact with the public? – An organisation doesn’t need to monitor the LinkedIn or Facebook pages of every employee. Senior management, can be subject to financial or press scrutiny and proficient hackers and journalists will be able to access even the most obscure posts on a Twitter feed. It is important to identify senior staff whose online activity may be scrutinised.
(NB: it is also important to ensure employment contracts also include clauses restricting what employees can and cannot say about their own work on social media – this can help regulate lower level staff online.)
- Separation of personal and public – Rather than link personal accounts to a company create new ones. These accounts can be staffed by social media and IT experts who can speak on senior management’s or a high profile employee’s behalf. This ensures that the content sent out to digital social media channels is not only safe, but represents the standards and ideals of the company. A personal account can also be set up to have the highest level of privacy so that anyone, be the government official or CEO can ‘like’ their favourite cat videos or follow their personal pages of interest in peace – free of intense scrutinty.
- (The ever important) Training – This is crucial for any staff member at any level to have. This social media training should include good password practices for accounts; regulating whom to ‘friend’ or ‘like’; and what should be re-tweeted, re-blogged or shared.
These days, the world consumes most of its news through social media. More and more, it is becoming the medium by which the world judges public figures (as opposed to their actual work sometimes). This means that the accidental ‘liking’ of a contentious post, or the offhand tweeted comment might create great repercussions for yourself and your business. Therefore, it is always important to maintain control of these assets, and social media is the ‘public face’ we use to communicate with the rest of the world.
For advice on securing social media accounts as well as intelligence gathering services please do not hesitate to contact Agilient.
The Agilient Team
[1] https://www.jeffbullas.com/what-is-the-value-of-your-social-media-assets-and-is-it-worth-measuring/
[2] https://www.washingtonpost.com/politics/trump-turns-mar-a-lago-club-terrace-into-open-air-situation-room/2017/02/13/c5525096-f20d-11e6-a9b0-ecee7ce475fc_story.html?utm_term=.b36ebb30ae83
[3] https://www.abc.net.au/news/2017-11-17/labor-backs-off-calls-for-investigation-into-pyne-twitter-hack/9160596
[4] https://www.heraldsun.com.au/news/christopher-pyne-claims-gay-porn-like-was-a-twitter-hack/news-story/ebc334e06dbf70321f8b065c867c2d15