By now we all know that LinkedIn recently disclosed that up to 6.5 million user account credentials were breached.
LinkedIn has claimed that no accounts have been compromised as a result of this incident. LinkedIn is primarily a site that your employees use personally and so isn’t one that CIOs necessarily need to worry about. Nonetheless it’s forced a lot of people who don’t normally worry about online security incidents to think about what to do when it happens.
For a social media marketer, there’s probably nothing worse than finding one day that you’ve lost control of your social media channel. One day your channel is giving you good interactions with your customers, providing them with valuable information, and building a real, trusted relationship. The next day you awake to find that someone has taken over that trusted channel and is using it to spread spam and viruses, insult your company and customers, and sometimes even post and disseminate offensive materials.
It doesn’t make sense to stay up nights worrying about this happening. But if it does happen, knowing what to do can help cut through the panic and lost feeling that events like this can cause.
As someone who’s handled major incidents like this, I can tell you that recovering your social media channel and working to restore your trust consists of a few simple but key steps. If you take time now to learn these and build a recovery plan before this happens, you have your answer to the first question that arises when this happens: what do we do now?
- Assess the situation: Your first step is to assess the situation and understand what you’re dealing with. What channel was hijacked? Were any others hijacked? What’s being done on your channels? Build up a list of what’s been compromised so that you can use that to systematically guide your recovery efforts.
- Update and clean your systems: Before you work to regain control of your channels, you want to make sure that the systems that you use to manage those channels aren’t used to re-take control away from you. Some hijackings occur because of viruses on your systems, so the next step is to update, scan and clean your systems. These are things you want to always be doing on your systems, so if you haven’t been doing these two things, make sure you make them a regular practice.
- Ensure systems that access your channels have updates for all software: viruses often spreads through known security issues in software, so make sure you’re fully up-to-date for software updates on the systems you use for social media. Microsoft and Adobe products and Java are particular favorites for attackers. All of these have “auto update” capabilities so make sure you’ve enabled those features.
- Update your antivirus and perform a full scan of your systems: Running a full antivirus scan will identify and remove any viruses that may have stolen your account information and been used to hijack your channel.
- Regain control of your social media channel:Now that you understand the scope of the event, and have cleaned your system you can start your recovery efforts. You want to regain control of all the channels that have been hijacked and take steps to better protect your access to ensure you retain control.Each social media site has different options for account hijacking recovery, so go to the “help” section for the relevant sites and follow the instructions for regaining control of your account. Some sites offer expedited account recovery options that you can set up ahead of time (like those I outlined for Facebook): use those if you’ve set them up. If you haven’t already, you also want to go ahead and implement enhanced security where you can to help you retain control. Specifically, look to implement these options where you can:
- Implement a strong password (this Microsoft guide can help you build a strong password)
- Implement security questions that are hard to guess or answer through research on the Internet (e.g. don’t use your high school name if it’s on your LinkedIn profile)
- Configure the site to use a secure connection (HTTPS) where available
- Utilize two-factor authentication where possible (for example, Google and Facebook offer two factor authentication)
- Notify your customers:When something like this happens, it happens in full view of your customers, so transparency is the rule. Your customers can see that your channel has been hacked: don’t try to cover it up. Once you’ve gained control, use your channel to let your customers know that your channel was hacked but that you’ve regained control.Apologize and let them know that you’re working to address the issue and take steps to ensure it doesn’t happen again. Your tone should be contrite and factual. Be concise and clear. If this is a complex or ongoing situation, go early with a message showing you’re in control and handling the situation and follow up later with more details.Every company that has followed this playbook for communications has come out of these situations with credit for their handling of the situation. Depending on the complexity and severity of the issue, you may also want to consider bringing in expert help around communications in online security and privacy incidents.
- Clean up your social media channel: Once you’ve taken control of your social media channel and the situation by communicating with your customers, you can focus on “clean up”. What you do here will depend on what your attacker did with your channel while they had control. Quite simply, you want to undo as much of what they did as you can. Here too, you may want to consider bringing in expert technical resources to identify and undo all the damage to your channel. Clean up can be a lengthy process but it’s important to take the time to do it right and remove all traces of the attacker’s malicious activity.
Following these steps will help you regain and retain control over your social media site after a successful hijacking. But while the goal is to undo what the attacker’s did to your site, once you’ve accomplished this, then the hard work begins: working to rebuild trust with your customers.
By following these steps quickly, efficiently and most of all, with open, clear communication, you’re as well-placed as you can be to begin rebuilding that trust. A key step in rebuilding that trust is taking steps to ensure that a situation like this never happens again. Implementing these online security practices can help.
Of course, there’s no reason not to take the time to review these steps today, build a plan to handle this situation should it arise and most of all, implement these online security practices now, before something bad happens.
Has your company built a social media account recovery plan to prepare for the worst in advance?