Last Saturday Tesla’s Twitter profile got hacked - here’s what we can learn from the incident, prevention-wise.
As you probably already know, Tesla’s Twitter account got hacked last weekend. Some companies get away with getting hacked and some even garner some good PR, based on an exciting story and how well they deal with the situation. But the Tesla breach wasn’t as “exciting” as some others – there was no direct reason given, nor message the hackers transmitted, apart from spamming the feed with “get a free car” tweets. Knowing that not every hack creates an opportunity for redemption should remind companies to be ever-more vigilant with their social media security.
Twitter’s native user rights management system is fine if one person is managing the account, but when several people need to have access, it leaves you vulnerable to attacks. That’s because the only way for several social media managers to share access to the profile is for everyone to know the password used. That’s pretty weak protection: what if one of the managers loses their phone (or it’s stolen)? What if one of the people gets disgruntled with their job and decides to hurt your company through social media?
These and several other possible scenarios that occur in a shared-management situation mean that anyone wanting to prevent leaks, hacks, and US Airways-like mishaps should opt for better protection. One of the best things you can do for your security is to get a publication and scheduling tool that allows for user rights management and content approval features.
In Socialbakers Builder, you can create user roles for all of your users and then apply them once you create a new user.
It’s a straight-forward process: you create a user and they get a notification via email. Then they log in through Facebook connect; but cannot access your company profiles and pages natively, and they only have the rights you assign to them. Which is where the second half of the benefits of this system arises: get your content creators to create and schedule the posts for Twitter and Facebook, but make approvals mandatory. This creates a two-step verification system, which means you’ll be a lot less likely to find your company’s name all over the web, shamed for accidentally tweeting out something that better belongs on 4chan than your corporate Twitter profile.
And when you use this checking system, and restrict access to the native profile, be vigilant about it. A quick look at @TeslaMotors in Socialbakers Analytics suggests that they use Percolate for publishing to Twitter, but still only use it about half the time. We advise our clients thus: if you go to the trouble of using a system with advanced user rights management features like in Socialbakers Builder, posting half the time natively completely nullifies the security effort. It has to be all or nothing.