1 00:00:00,006 --> 00:00:02,005 - [Man] While many people view social networking 2 00:00:02,005 --> 00:00:05,004 as a way to chat with friends or share cat videos, 3 00:00:05,004 --> 00:00:09,005 organizations take social networking very seriously. 4 00:00:09,005 --> 00:00:12,001 Facebook, Twitter, and LinkedIn are 5 00:00:12,001 --> 00:00:14,006 valuable business tools that organizations 6 00:00:14,006 --> 00:00:16,009 may use to connect with customers, 7 00:00:16,009 --> 00:00:18,008 communicate with stake holders, 8 00:00:18,008 --> 00:00:21,004 and recruit potential employees. 9 00:00:21,004 --> 00:00:23,003 It's very important that these organizations 10 00:00:23,003 --> 00:00:25,007 implement strong security practices 11 00:00:25,007 --> 00:00:29,002 designed to keep their social network account secure. 12 00:00:29,002 --> 00:00:30,006 One of the most common attacks against 13 00:00:30,006 --> 00:00:32,005 corporate social media accounts is when 14 00:00:32,005 --> 00:00:35,006 an attacker manages to hijack an account. 15 00:00:35,006 --> 00:00:39,002 This commonly occurs when an account has a weak password, 16 00:00:39,002 --> 00:00:42,003 or the attacker manages to use social engineering 17 00:00:42,003 --> 00:00:46,008 to trick someone into granting him or her access. 18 00:00:46,008 --> 00:00:49,000 For example, Tesla recently had 19 00:00:49,000 --> 00:00:50,009 their Twitter account hacked. 20 00:00:50,009 --> 00:00:53,000 And the perpetrator posted this tweet, 21 00:00:53,000 --> 00:00:55,007 advertising that Tesla was giving away vehicles 22 00:00:55,007 --> 00:00:58,009 to anyone who called a listed phone number. 23 00:00:58,009 --> 00:01:00,008 The number belonged to a computer repair shop 24 00:01:00,008 --> 00:01:04,006 in Illinois that was inundated with phone calls. 25 00:01:04,006 --> 00:01:06,008 The easiest way to protect your organization 26 00:01:06,008 --> 00:01:08,008 against these attacks is to use 27 00:01:08,008 --> 00:01:11,009 multifactor authentication on your accounts. 28 00:01:11,009 --> 00:01:15,001 All of the major social networks provide this function. 29 00:01:15,001 --> 00:01:16,006 Let's take a look at how you can enable 30 00:01:16,006 --> 00:01:20,009 multifactor authentication on Twitter as an example. 31 00:01:20,009 --> 00:01:24,003 Here I am in the account settings of my Twitter account. 32 00:01:24,003 --> 00:01:25,004 Let's go ahead and take a look at the 33 00:01:25,004 --> 00:01:27,008 security and privacy settings. 34 00:01:27,008 --> 00:01:32,003 Notice, the first security setting here, log in verification 35 00:01:32,003 --> 00:01:35,004 allows you to verify log in requests. 36 00:01:35,004 --> 00:01:37,002 I have this box checked. 37 00:01:37,002 --> 00:01:38,007 And because this box is checked, 38 00:01:38,007 --> 00:01:41,007 every time I try to log into my Twitter account, 39 00:01:41,007 --> 00:01:44,001 after I enter my username and password, 40 00:01:44,001 --> 00:01:46,009 as it says here Twitter will send an SMS message 41 00:01:46,009 --> 00:01:49,009 with a code to my phone and then I have to 42 00:01:49,009 --> 00:01:53,005 enter the code from my phone onto Twitter's log in page 43 00:01:53,005 --> 00:01:56,000 in order to complete the log in sequence. 44 00:01:56,000 --> 00:01:58,001 This is two-factor authentication 45 00:01:58,001 --> 00:02:00,009 because it uses something I know, my password, 46 00:02:00,009 --> 00:02:04,004 in conjunction with something I have, my phone, 47 00:02:04,004 --> 00:02:07,005 to prove my identity to Twitter. 48 00:02:07,005 --> 00:02:09,008 Many organizations use third-party tools 49 00:02:09,008 --> 00:02:12,009 to assist in managing their social media accounts. 50 00:02:12,009 --> 00:02:14,007 Tools like Buffer and Hootsuite 51 00:02:14,007 --> 00:02:16,007 allow many different people to manage 52 00:02:16,007 --> 00:02:20,006 multiple social media accounts across organizations 53 00:02:20,006 --> 00:02:24,003 and include features like approval workflows for posts, 54 00:02:24,003 --> 00:02:26,008 the scheduled release of posts, 55 00:02:26,008 --> 00:02:29,004 the management of comments and replies, 56 00:02:29,004 --> 00:02:32,000 and the tracking of social media statistics. 57 00:02:32,000 --> 00:02:35,001 Organizations that use social media management tools 58 00:02:35,001 --> 00:02:37,008 should ensure that they evaluate those tools 59 00:02:37,008 --> 00:02:40,005 just as they would any other service. 60 00:02:40,005 --> 00:02:43,003 Tools grant access to social media accounts 61 00:02:43,003 --> 00:02:45,007 and should be carefully protected. 62 00:02:45,007 --> 00:02:47,006 Finally, organizations should adopt 63 00:02:47,006 --> 00:02:51,001 formal social media policies that help employees 64 00:02:51,001 --> 00:02:54,003 understand their obligations while using social media 65 00:02:54,003 --> 00:02:57,009 in either official or unofficial capacities. 66 00:02:57,009 --> 00:02:59,000 Let's take a look at the contents 67 00:02:59,000 --> 00:03:02,000 of one such policy from IBM. 68 00:03:02,000 --> 00:03:05,003 IBM Social Computing Guidelines seen here 69 00:03:05,003 --> 00:03:07,000 provide some very specific information 70 00:03:07,000 --> 00:03:10,008 for IBM employees on their use of social media. 71 00:03:10,008 --> 00:03:12,007 After a brief introduction stating some 72 00:03:12,007 --> 00:03:15,002 principles for the use of social media, 73 00:03:15,002 --> 00:03:18,000 IBM has 12 specific guidelines that they put in place 74 00:03:18,000 --> 00:03:19,009 to ensure their employees' use 75 00:03:19,009 --> 00:03:21,008 of social media is appropriate. 76 00:03:21,008 --> 00:03:23,006 We won't go through all of these right now, 77 00:03:23,006 --> 00:03:26,001 but they include the responsibility of employees 78 00:03:26,001 --> 00:03:29,004 to follow the company's business conduct guidelines, 79 00:03:29,004 --> 00:03:30,006 which states that employees are 80 00:03:30,006 --> 00:03:33,007 personally responsible for whatever they publish online 81 00:03:33,007 --> 00:03:36,001 and goes about explaining how employees should 82 00:03:36,001 --> 00:03:38,000 and should not identify themselves 83 00:03:38,000 --> 00:03:42,008 and their role at IBM if it's relevant to the conversation. 84 00:03:42,008 --> 00:03:45,009 The use of social media can be a valuable business tool 85 00:03:45,009 --> 00:03:48,008 but organizations must ensure that they consider 86 00:03:48,008 --> 00:03:52,003 and address the associated security risks.