Passwords, Security and Social Media

In the last month, I have received two Twitter direct messages from different nonprofits that had their accounts hacked.  The direct messages were pretending to warn me about bad photos or blog posts that they have seen about me, and then giving me a shortened URL that purported to give me the evidence.

While this can happen to many organizations, I thought it was telling how different the two responses was to this case. The first nonprofit, handled this very well. Within an hour of the messages going out, they were tweeting to their followers not to click on the bad link, and assuring us all that they have changed their password. While we try to avoid mistakes from happening, it can be a great show of strength and character to respond well to issues, and this response – a timely apology with assurances – is a great way to show both.

In contrast, the second nonprofit – now over 5 business hours from the incident – hasn’t posted any messages to their supporters. While the first one showed that they understand this media and how to maintain trust with their followers, the other is potentially losing followers and supporters in the lack of a response.

Here are some tips to help you prevent these kinds of snafus as you move forward and how to deal with them when they do happen:

  1. Respond early and well when these things happen. Make sure that you have staff members at least monitoring the email attached to your social media accounts religiously, if not the feeds themselves. Make sure that staff are checking in over weekends as well, as problems don’t only occur during business hours. Remember that these things do happen to many nonprofits, and a good, timely response will be appreciated by your followers.
  2. Take your social media passwords seriously. The kind of attacks that I mentioned above are almost always caused by a breached password. Many nonprofits will make the poor decision to have a low quality password on social media accounts thinking that these accounts are not important, but in fact, you are potentially handing over the public image of your nonprofit to hackers by using a bad password. Make sure to use a good quality password for all internet accounts, and avoid sharing your login information whenever possible. For more information on choosing good password, visit my previous posts on this topic.
  3. Take your computer and network infrastructure seriously. In addition to problems being caused by bad passwords, they are often also caused by viruses. Make sure that you keep business-class antivirus software updated on all computers, and make sure that you promptly update your operating system (i.e. Windows) and browsers (i.e. Internet Explorer) whenever prompted. Report symptoms of virus infection to your tech support provider as soon as you notice then.
  4. If you see an account sending out these kinds of spam, tell them. Since we don’t get an alert when messages go out in our name, it is possible to not know when these attacks start happening. By sending a note to the user, they may hear of the problem much sooner and be able to deal with the situation better. It’s best to send this as a direct or private message when possible. You know you’d want someone to do this for you, so make sure to do it for others.

Does your nonprofit have a policy on how to respond to problems and snafus such as these? How do you manage or plan to manage these sorts of situations?