Sunday 22 July 2012

Corporate identity theft in Social Networks


Colaboration by Beth Ojeda, Social Media Manager at Continuam

One of the most common and relevant problems in social networks are the company identity theft. This kind of attacks generate business chaos if they are not covered in Business Continuity Plan due to recovery from this attacks are laborious, although is not imposible. This attacks use to generate a lot of inconveniences, because one of the main reasons for a corporate identity theft is discredit and damage their reputation, generating distrust in customers, providers and general followers.

There is also present a latent threat of fraudulent actions which carry theft of followers information, controlling confidential information that could be exchanged between the Community Managers and users.

Preventive measures:

  • Owning an alternative corporate account, with corporative image and not publicly available, in order to be activated only if a crisis occurs.
  • In those social networks that could be possible, define a super-administrator account
  • Having an email, from other domain than the corporate, to access social networks and store the initial codes that the social network gives to recover the account, deleting it from the email account.
  • Establish different passwords for each social network, and further, define strong passwords.
  • Send to each follower in social networks an initial message with the official customer attendance email, for more information.
  • Designate a spokesman for on-line crisis situations who will use his or her own profile in this situations.
  • Write down all actuation plan, password recovery methods and actors that has to participate in the recovery
  • Conduct a drill to identify faults.
  • Develop a template for reporting to the police, since it must be done immediately after the theft.
  • Create monitoring alerts in each social network in order to receive feedback about the company reputation and to identify problems in communication.
«Remember that everything you can think of, the cyber-criminal has also thought it before»

Managing Crisis:

  • Activate the crisis profile
  • •Publish an online press release, advertise the corporate identity theft and announce the new social network account and the spokesman designation.
  • Forward the oficial email to users communicating that the social network profile has been theft and that they can establish contact with the company in case of problems.
  • Maintain a relaxed communications level and focus on the situation, without personalize the attack.
  • Send the account recovery codes to the social networks administrators.
  • Identify the spokesman as a VIP user (with a special character adjacently the name singing he messages)
  • Create internal report about the monitoring in order to know the impact of the identity theft.
Although in a first approach could be the better response, silence is not a good option because ciber-criminals will continue casting doubts in the company followers, even creating false offers to compromise organization credibility. Even revealing internal information, although this information could be false, they are talking on behalf of the company.
Beth Ojeda
Social Media Manager at Instituto de Continuidad de Negocio.
Tags:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)