You've probably seen it before: A high-profile company sends out a string of bizarre or inappropriate tweets.
It happened to McDonald's, when its Twitter account was hacked and a message mocking President Trump was posted. Duke, BBC North America, Forbes and Amnesty International were all part of a larger hack into several Twitter accounts.
The threat of embarrassment and backlash is enough to make a social media manager or business owner nervous about what can go wrong at any moment. What can you do?
The upside is that securing your accounts can be done without too much difficulty. Sticking to many of the same protocols that you'd use for securing your everyday bank, social media or email accounts will put you in a much better position to protect your accounts – and your online reputation. Here's how to do it.
Create a complex password
If a secure password is essential for your personal bank account, imagine how important it'll be when it comes to safeguarding the reputation of your business.
There are some agreed-upon password practices that you ought to put into practice. For example, when creating a Google account, the company recommends you use a mix of letters, numbers and symbols. Also, passwords shouldn't be duplicated, particularly with such important accounts.
And while it might seem like an annoying task, change passwords from time to time. This is especially critical if someone on your team had the password and leaves the organization.
One tool that can assist is a password manager or single-sign on solution. Services like 1Password, LastPass, Dashlane and others generate secure passwords and keep them synced across devices. Most have a business plan that lets you control who has access to specific accounts. [Looking for single-sign on solutions? Check out our best picks here.]
Editor's Note: Looking for an SSO solution for your business? Use the questionnaire below to be contacted by vendors with additional information:
Take advantage of security measures
Most social media networks now offer or prescribe layers like two-factor authentication. Twitter, for example, goes a couple of steps further with this. You can a use a generator app like Google Authenticator to generate a code to authenticate your account when you sign in.
Additionally, you can generate an app password that you use to log in to devices that require Twitter credentials.Twitter offers two-factor authentication to minimize the risk of someone breaking into your account. Credit: Twitter
Facebook has a dedicated security site where you can set up two-factor authentication for your page and review where you are logged in to your account.Facebook's privacy settings give you sufficient tools to keep the account secure. Credit: Facebook
From here, you can arrange to be alerted if there are unrecognized logins, enable two-factor authentication and monitor other aspects of your account. For a business that has a social presence as a key part of its brand, taking a moment to adjust these settings is crucial.
Look toward the future of account security
Giants like Facebook, Google, Amazon and others let you use your account to authenticate many of its services on the internet. The strength of this approach is that it's one less password to remember, but it's not foolproof. Organizations like FIDO Alliance are working on an approach that involves biometrics, such as fingerprints, to better authenticate logins.
"The end goal of biometrics is that it'll one day kill passwords," said Bob O'Donnell, president of TECHnalysis Research. "It's a good goal and a means of doing digital authentication that more accurately determines you are who you say you are. But it depends how they do it that will chart its implementation."
O'Donnell said while there may be a password-less future on the horizon, businesses still need to ensure they or their social media team understand and implement accepted practices.
In the meantime, O'Donnell recommends that any business with a social media presence learn and apply security practices like using (and frequently changing) a complex password and using dual-factor authentication when available.