A guide to handle social-media hacks

The Associated Press reported some very disturbing news on April 23, in a tweet saying that the president had been injured in explosions at the White House.

The trouble was, the tweet was fake, sent by someone who had hacked the AP Twitter account.

Now officials from the General Services Administration have laid out some guidelines for how feds should handle social media security, in guidelines issued April 25.

The White House and federal agencies did not acknowledge the tweet from AP, a credible news organization with almost 2 million followers.  The financial markets, on the other hand, reacted almost immediately -- causing the Dow to drop 144 points.

The market later recovered, but no federal officials from positions of power tweeted responses or crafted quick Facebook posts that might have helped alleviate public uncertainty in the brief moments after the hacked tweet. Instead, officials addressed the issue via traditional media after the social media community – including AP employees and other news outlets – collectively tweeted and dispersed correct information.

Better to protect than regret

Justin Herman, new media manager at the GSA's Center for Excellence in Digital Government, wrote in a blog post that simple "common sense" precautions are the first place for agencies to start in shoring up potentially problematic social media account management.

Weak passwords, passwords that are not routinely changed, sloppy device management – such as unlocked mobile devices or computers with account access – or passwords that aren't updated when former staff members leave are all potential problem areas that are easy to fix, Herman said. Recommendations straight from Twitter's support website include:

• Use a strong password.

• Use different passwords for your social media accounts.

• Watch out for suspicious links, and always make sure you're on Twitter.com before you enter your login information to guard against phishing.

• Never give your username and password out to untrusted third parties, especially those promising to get you followers or make you money.

• Make sure your computer and operating system is up-to-date with the most recent patches, upgrades, and anti-virus software.

"The bottom line is to use the same common sense you use elsewhere," Herman said in the post.

Stuff happens, so worry now

Information goes viral as fast as users can point and click, so when social media accounts are compromised, false information can spread like wildfire and cause all sorts of chaos.

With some agency social media accounts having hundreds of thousands or even millions of followers, it's not hard to envision a scenario in which a federal agency faces a PR nightmare thanks to an enterprising hacker or password-ensnaring scheme.

That's why it is important to have a plan in place, Herman said, offering some concrete steps that a good plan should include:

1. Inform Twitter: Fill out a Twitter support request for the hacked account. Then email the ticket number to the Center for Excellence in Digital Government so they can pass it along and monitor for widespread incidents.

2. Change all other social media passwords: Even if you think the security breach is limited to the one account, it is prudent to immediately change the passwords of all other social media accounts, as they are often linked. If you find you're losing control of other accounts, contact those platforms immediately as well.

3. Alert your followers to hacking: If you don't have access to your account yet, use other accounts to alert your community that a breach occurred. Chances are if rogue tweets are sent to your community they will already suspect something is wrong and this will help prevent the spread of false information. Make sure this is sent within four minutes of the initial breach, at most, and that your strategies and policies allow you to respond quickly when it counts.

4. Dispel rumors: Once your account is regained, make a record of the rogue tweets, delete them from your stream, and communicate to your community what happened. Yours won't be the first account hacked, but citizens rely on you to handle it best.

(See more training resources.)

Policies for social media security are often already covered by broader technology policies, but managers should prepare strategies ahead of time to address new challenges posed by social media.

Ultimately, information security incidents, including those involving compromised social media accounts are handled in accordance with agency policies and procedures based on the federal incident reporting guidelines outlined by the National Institute of Technology and Standards.

A timely, clear and concise response from a federal agency could make the difference between a tough PR day and a PR nightmare.

Responding to hacked tweets

Of similar importance is how an agency responds to tweets from a hacked account.

The White House's lack of social media response to the AP's hacked tweet was probably a mistake, according to another source. A simple "everything is okay – this was false information" would likely have helped defuse the situation quickly. When and how to respond should be discussed in plans of action that agencies draft for these types of social media issues. 

Whatever those plans are, Herman said, action should be swift. Once information is verified to be untrue, Herman said agencies should use their social media platforms like power tools, dispelling rumors and communicating correct information as quickly as possible.