Lately, news organizations have been in the news not just reporting it. In recent months and weeks, several major news organizations have been victims of hacking in which they have had their social media accounts, computer systems and/or email compromised.
Here are just a few news organizations recently affected:
Twitter accounts hacked/compromised:
Computer systems hacked/compromised:
In lieu of these recent events, whether you are a for-profit or nonprofit news organization, are your digital accounts secure? This week I explore options on how you can safeguard your social media accounts, email, and content management systems.
Social Media Account Protection
As stated earlier, social media venues are not immune to digital threats and can be compromised. There are ways you can help protect your account from this situation by a few simple steps:
- Change your password today. Make sure your password is a combination of letters, numbers and symbols. Don’t make your password an actual word. The harder your password is, the harder the hackers will be able to figure out.
- Set your calendar to change your passwords for all social media accounts every 30 days.
- Have different passwords for each social media account. Nowadays, if a hacker or computer robot can figure out your password, they can enter your account in no time and if you have a similar password for all accounts, it will test out that password across all social media venues in an instant.
- Have your social media accounts tied to different email accounts for registration. Having your account information tied to one email account can be risky especially if that one email account is ever compromised and it can make it easier for hackers to get access to all your digital accounts.
- Check the security features of your social media account and enable two-step authentication. Twitter is currently working on this feature but other social media venues do enable this feature now. For example, Facebook has two-step authentication and it will allow you to set up alerts when you login and post to your account from a different location and device type. Google Plus also has a two-step authentication process that is tied to your password and your phone.
- Don’t keep your passwords saved on a digital device. It can be easy for someone to access it if you save that information on your computer, in a dropbox folder, etc. and someone hacks into that system.
Also, make sure to set up a contingency plan in case you and your staff have your social media accounts compromised. The plan should include information on:
- Who will dismantle the account when it happens?
- Who will communicate to the public when the compromise occurs? What message will you give to the public at that moment and how will you update them?
- What other accounts will you use in lieu of the compromised account?
- How will you delete the information that was posted when the account was compromised?
Be Alert – All Systems Can Be Compromised
When social media accounts are compromised, it’s likely your other systems may also be compromised including email systems, content management systems and overall computer servers. So, you should be aware of how to protect your other digital accounts. In the case of the Associated Press situation, the AP found that there were other phishing attempts on their corporate network prior to the Twitter hacking situation. So it’s important to be alert when any suspicious activity occurs on any digital platform and it should raise a flag in your organization to be on the lookout for anything unusual.
Email Account Protection
Email accounts can also be compromised. Here are ways you can help protect your email account with a few simple steps:
- Change your password today. Make sure your password is a combination of letters, numbers and symbols. The harder your password is, the harder the hackers will be able to figure out.
- Set your calendar to change your password every 90 days.
- Check the security features of your email account and enable two-step authentication. For example, Gmail has a two-step authentication process by using your password and your phone.
- Change your security questions and answers. Don’t make them easy for someone to figure out such as where you live now, what your profession is, what your favorite sports team is, etc. People can easily find that information out about you nowadays through social media profiles and plug that information in when they enter your account.
Content Management System Account Protection
Content Management Systems are also not immune to hacking. Recently, WordPress was in the news for a massive botnet that was hitting WordPress sites that had the “admin” username.
As many nonprofit and for-profit news organizations use platforms like WordPress and others, it’s important to safeguard your digital CMS accounts.
Here are some steps to help:
- Change your username today – if you are using WordPress and have the admin username, change it now. Here are the steps on how to do that. Make sure your username and password is a combination of letters, numbers and symbols.
- Use two-step authentication for your CMS accounts. WordPress currently offers this features for users.
- Update your WordPress or CMS as new versions come out. New versions will include patches and security fixes. Failure to install the new version can leave your site open to risk for bots and hackers to attack.
- Install security plug-ins on your CMS. WordPress offers a variety of security plug-ins that can help to scan your system and content on a regular basis and alert you when something is wrong.
- If you are new to WordPress or your CMS, remove all default posts and comments to the system. When you first install or setup your CMS, these default content areas are placeholders but should be removed after you have started using the system otherwise they can be a welcome mat for robots or hackers to attack. Remove the WordPress name from the footer area, it can also be a sign to bots and hackers that you are a newbie to using that CMS.
- Conduct Website Back-Ups Regularly. It’s important to have a regularly scheduled back-up of your website. This can be important in the event your site is hacked, you can have the most recent back-up to rely on.
- Check your Website Host Provider Security Features. If your CMS and website is hacked, you should be aware of the policies and procedures your website host provider has. They should also be on the forefront of protecting your site and its content.
- Have a Contingency Plan. Just as I mentioned earlier for social media accounts, you should have a contingency plan for your website too in case it is compromised:
- Who will help with bringing the website back up?
- What content will you feature while you are trying to bring the site back up?
- Who will communicate to the public when the compromise occurs?
- What message will you tell the public when it happens and how will you update them?
- What platforms/venues will you use to update them?
Deleting Old Accounts
It’s important safeguard the digital accounts of your current staff but also have policies when a person leaves your news organization. You should make sure to delete the digital accounts that person had so those accounts could not be compromised in the future. If the accounts must remain in use, make sure to change the username and password the same day that person has left the company.
Other Helpful Resources
There are several other ways to safeguard your staff in this digital age. Here are some other articles that touch upon other digital security measures.
- Online Security Tips for Journalists from ICFJ
- Security Tips When Using Mobile
- Information Security from Journalist Security Guide by CJR
- 15 ways for journalists to protect themselves while using social media and the Internet from the Knight Center for Journalism in the Americas
- Anonymous Blogging with WordPress and Tor by Global Voices