At first, It seems more embarrassing that damaging, that the United States Central Command, (better known as CENTCOM) has been hacked by pro-jihadi sympathisers. ย CENTCOM is responsible for US military operations in the Middle East and for a while its Twitter account showed the image โI love you ISISโ whilst tweets expressed sympathy for ISIS and the legend #CyberCaliphate. CENTCOMโs YouTube video started broadcasting pro-jihadi videos before it was quickly shut down along with the Twitter account.
The US Military was quick to say that the attack was embarrassing and an โact of vandalismโ, but was not damaging? Well, no classified information or operational networks had been affected, but in this war against terrorism, the speed that images and twitter hashtags can spread is like wildfire, and images and slogans can cause damage to public reputations .
Today, the huge social sharing site Reddit.com is full of users pouring scorn on the American governmentโs IT security systems, especially as the account was hacked on the same day that Barak Obama announced his support for new Cyber Security Legislation. ย As Reddit user /r/xsaicoticx commented โMost advanced and powerful military on the planet? Their network is on par with a company whose SYSADMIN isn't paid enough and has a bad attitude and is also their bartenderโ.
The most important thing is that this attack shows that all companies and organisations are vulnerable to hacks against their social media accounts.
I have dealt with a company who allowed an intern to control their social media platforms on Twitter, Facebook and Youtube. When the internโs contract was terminated, and they werenโt rehired in a paid position, the employee then walked off with their social media passwords and over the next few days posted a series of compromising and embarrassing pictures and images across the companyโs official accounts. The only reason the company actually noticed that they had been โhackedโ was by the fact they were alerted by a customer, who complained at the racist and sexist images appearing under their name online.ย The company had failed to protect their brand, and they were certainly damaged in their customersโ eyes. Forgetting to change passwords and allowing unpaid and inexperienced employees to control social media accounts is a recipe for disaster.
So what should you do to prevent similar attacks?
- Pick strong passwords, donโt use the same one for each site, and change them regularly.
- Donโt entrust your social media to an inexperienced and unsupervised member of staff. Remember this is your companyโs reputation at risk โ you wouldnโt expect a untrained school leaver to create your print adverts, so donโt do the same to your online advertising.
- User two-factor authentication for any online services that support it.
- Train your managers, executives and staff on the importance of cyber security and the risk of social engineering.
Itโs important to remember in all of this that social media sites wonโt actually tell you if youโve been hacked. ย Neither do they bear any liability if you are.. ย Stay vigilant, regularly monitor your social media output and weโd go one further step and recommend you ensure nobodyโs set up fake accounts in your company name either, as this can be just as damaging.