By Hanna Basha, Partner at Payne Hicks Beach,
Almost every company has a Twitter handle. Many companies also run accounts for their key figureheads to make communication feel more personal. However, Twitter is not without security concerns.
Jack Dorsey’s Twitter account was hacked recently with the hackers posting offensive, ugly and racist tweets. If the CEO of Twitter cannot ensure that his account is secure then we need to accept that the hacking of a Twitter account is a real threat.
Companies can take steps to prevent hacking and should put strategies in place to minimise the disruption and damage to reputation if accounts are hacked.
It is essential to protect your Twitter account and always consider two-stage log in verification. Insofar as is possible, ensure that it is being accessed in a secure way, such as from secure company servers rather than on smart phones.
Do not allow too many employees to have access to your Twitter passwords. However, do allow a key cluster of trusted people to have access so that you can act quickly if you are hacked and you minimise the vulnerability of one user turning against the company for whatever reason.
Make sure you have relevant contractual terms in place with those who can access your Twitter accounts. These contracts should include terms to protect confidential information, protect the company’s reputation and include protocols for use of Twitter.
Monitor your social media accounts, so that you are first to know when there is any unusual activity and you can take steps to take back control and mitigate any reputational damage.
If your Twitter handle is compromised, you should reset your password quickly to prevent further damage. Once you have reset your password, log all users out of Twitter to make the change of password effective. Check the email which you use to reset passwords is secure.
Delete unwanted tweets and put out an agreed form of words, however brief, confirming that there has been a hack and that you are investigating.
After you have taken all urgent steps to prevent further damage you should investigate the position. Consider also whether to make any further statements to deal with any damage the hack has caused.
If the hack is serious and you want to take action against the hacker, it is often possible to obtain enough details from Twitter to identify the IP address used by the hacker.
The precise civil claims you may have against the hacker (and the criminal offences they may have committed) will depend on how they accessed your account and precisely what they have posted but exposing the identity of the hacker and the liabilities they face can be an effective way to deal with a hacker who is persistent or who has some animus against the company.
Hanna Basha is a specialist in defamation, privacy and breach of confidence. She contributed to ‘Share This Too’ the pragmatic guide to social media use for PR professionals.