36508 How to Protect Your Health Agency or Organization Against Social Media Hacking

Emily Zeigenfuse, MPH1, Michael Mangi, B.S.2, Jordan Mitchell, B.A.2, Sarah Van Velsor, BA1 and Kitty Harding, MPH3, 1Social Change, Ogilvy Washington, Washington, DC, 2social@ogilvy, Ogilvy Washington, Washington, DC, 3Social Change, Ogilvy, Washington, DC

Background:  In 2014, the social media channels of several high-profile companies, individuals, and Federal Agencies were compromised, indicating the need for agencies and organizations to follow best practices for keeping their social media platforms secure. However, this task has become more challenging as organizations are using a greater number of social media platforms to distribute their health messages, and involving a greater number of staff to manage the platforms.

Program background: In January 2015, the Twitter and YouTube account for the U.S. Central Command (CENTCOM) was hacked by the jihadist group ISIS, sending the agency scrambling to shut down the accounts, remove tweets posted by ISIS containing contact information for military personal, and ensure that no classified information was obtained. Although the most notable of the cyberattacks, CENTCOM is only one of many instances of this in recent history. Other high-profile companies that have had their social media compromised include Newsweek, Delta Airlines, Associated Press, and Burger King, among others. In each of these instances, the organizations had to work to recover their accounts quickly to minimize the damage to their brand, and then rebuild the trust of their audiences. Health agencies and organizations are particularly vulnerable to having their social channels compromised, given the sensitivity of data that they handle. Should hackers obtain personally identifiable information and then use the social channels to broadcast that information—not dissimilar to what happened to CENTCOM—the organizations would have far to go to regain the trust of their followers, and of the American public. Responding to the CENTCOM hacking, the General Services Administration (GSA) released guidance for government agencies on how to prepare and respond to social media hacking. The GSA guidance offers an excellent starting point for agencies and organizations to protect their social channels, and be prepared to respond quickly should their accounts be compromised.

Evaluation Methods and Results:  This session will review the recommendations provided by GSA and offer additional recommendations for safely managing social media accounts, including:

  • Email security:
  • Why you should maintain unique emails/passwords for each social media account
  • The importance of enabling two-factor authentication
  • What not to do to your email safe
  • Administrator management:
  • Why there should be at least two page admins
  • Why to avoid “shared” organization/agency profiles
  • How frequently to update your admins page
  •  Password Protection
  • How often to change your passwords
  • How to share your passwords safely
  • Why you shouldn’t access your social channels with public wi-fi
The session also will address how to be prepared to respond if an your organization’s social media channels are compromised, including who to notify, and what pre-written content you should keep handy to use to let stakeholders know.

Conclusions:  Understanding how to keep social media platforms secure is more complex than ever, but also more important. Employees responsible for their organization’s social media platforms must know what to do to keep the platforms safe, and ensure best practices are followed.

Implications for research and/or practice: Participants in this session will leave with the skills needed to best keep their social media platforms safe from being compromised.