“We will get hacked; it’s inevitable. And it will probably happen more than once.”
Helen Patton shared those opening words when she attended the recent University Communications monthly social media meeting. One of the topics at the September meeting was a discussion about the recent hacker attack affecting three University of Michigan Facebook pages. On Wednesday, August 12, the Michigan Football, Michigan Basketball and Michigan Athletics Facebook pages were defaced with malicious postings.
Helen shared the following tips for protecting our institutional social media accounts from hacker attacks.
1 – If you suspect your institutional social media account is being hacked or compromised, contact Ohio State Enterprise Security at email@example.com or call 614-688-5650. Be sure to contact Enterprise Security in addition to contacting the IT Service Desk.
2 – Proactively inform Enterprise Security if you are promoting specific Ohio State people who may then become hacking targets themselves. Think of our news features that celebrate high-profile faculty, researchers, etc.
3 – Use extreme care to not share FERPA protected information. For example, students who are being interviewed about receipt of financial aid should sign a release prior to being referenced in a news item.
4 – Follow administrative best practices:
- Keep an inventory of social media accounts you manage, including others who can access them
- Use two-factor authentication with your social media accounts and regularly change your password
- Maintain different passwords for your personal and professional social media accounts using password management apps such as KeyPass or mSecure
- Have a social media crisis management plan
- Regularly review the privacy standards for the social media apps that you are using
5 – Make sure your university owned computer equipment has the latest patches
6 – Avoid using personal devices for managing your professional social media accounts
If you remember only one thing, don't try to handle a hacker attack on your own. Please contact Ohio State Enterprise Security at firstname.lastname@example.org or call 614-688-5650, if you suspect your institutional social media account is compromised.