Recently a local Pittsburgh artist who can rename nameless at this time had his/her Twitter account hacked and then sold. This artist like many of you work hard to build up your brand as well as your follower counts. Here are some tips to help you better protect you accounts and that brand you are building.
1. Beware of phishing.
Never click on a link you receive via email asking you to change your password to Facebook or another social media or email site, says Kevin Haley, director of product management for Norton by Symantec’s Security Response Team. (Norton also offers a free tool called Safe Web, which searches Facebook for malware links.) Hackers often cull passwords through fake sign-in pages that look like real sites.
“In general, these are launched as phishing attacks,” Haley says. “Somebody has been fooled into thinking they’re on the log-in page for their social media, so they type in their log-in or password, and they’ve given it to the bad guys.”
2. Limit access to your passwords.
Brands should think carefully about just how many employees or vendors really need their social media account passwords, says Haley.
“It’s convenient to have five or six people who have access to an account,” Haley says, “but it also means there are now five or six people who could make a mistake or lose the log-in and password to a hacker.”
3. Use a two-step verification.
Gmail recommends that users set up a two-step log-in process that includes entering a text sent to a smartphone or cell phone. Here’s a video explaining how to do that.
4. Don’t use automatic log-ins from your remote devices.
Though it’s a good idea to associate your account with a phone number, it’s easy to hijack an account if a phone is stolen, Bitdefender states in a white paper, co-authored by Petre, about Facebook’s status as “The New Battlefield Against Scammers.”
“That is why log-in from the mobile phone should not be automatic, while the phone should lock automatically,” the paper states.
5. Choose strong passwords.
Twitter also recommends that you use passwords of at least 10 characters—others say 12. Don’t use a password that contains the name of your company or other obvious information that bad guys can easily guess.
Passwords that contain sequential numbers, like 12345, are not very secure (go figure). Avoid the word purple; curiously, it’s “an extremely popular password,” Haley says. Don’t use your kids’, spouse’s or pets’ names; resourceful hackers can often find these.
Still, there are powerful programs that make “brute-force attacks” by testing the words from multilingual dictionaries, James Fallows writes in a alarming new Atlantic Monthly article. He writes that some programs (Gmail/Google+ among them) enable you to use spaces in your password, such as, “Lake Winnebago is deep and chilly,” confusing the evil bots that are trying to crash the gates.
6. Use different passwords for different sites.
Think about it. If your Gmail password is George1776 and you sign on to a less-secure site with your Gmail address and an identical password, that site now has all the information needed to break in to your email account. If that site gets hacked, you could lose control of your email account.
Fallows quotes one Google expert who says, “If you use your password in two places, it is not a valid password.”
7. Manage your passwords securely.
If you’re having trouble keeping all those passwords straight, use a management system to generate and store passwords. Twitter suggests 1password.
8. Enable all log-in notifications.
Facebook enables users to receive notices by email or text every time somebody logs in to your account from a new device, Bitdefender says, in its white paper. This keeps you posted on suspicious activity.
9. Follow Twitter’s @safety account
Twitter recommends doing this to stay abreast of real-time safety tips and updates.
Despite the painful lesson on Facebook, Pfizer hasn’t lost faith in social media as a platform for dialogue about a topic many people are eager to discuss: health.
“Even after the most recent event of the hacking and the changes of the comments section, Pfizer remains committed to our Facebook strategy,” Kerins says.
Portions of this article by Russell Working a staff writer for Ragan.com, where portions of this story first appeared.