Reducing the risk of social media hacks

Imagine you are the CEO of a bank. Despite the grey suit you are down with the kids, tweeting regularly, and generally being hip.

And then your twitter account is hacked. Someone sends out a tweet in your name that says your bank has made huge losses in the financial markets and doesn’t have enough money to repay current account holders. People panic and there is a run on the bank…

Couldn’t happen could it! Or could it? It’s only a year since the AP Twitter account was hacked and messages about bombs in the White House caused a massive 143 point drop on the Dow Jones Index.

Social media are very credible and as a result very powerful.

So of course you want to avoid your social media accounts getting hacked. It’s not easy, in fact it is impossible to guarantee absolute security (and I won’t be surprised if someone hacks into this blog just because I am writing about security!), but there some steps you can take to keep them reasonably secure.

How do social media hacks happen?

First of all though, knowing how social media accounts get hacked will help protect you. Generally this happens because someone who wants to cause mischief or wreak revenge gets access to a password. And they get access in a number of ways including:

  • Simple passwords are hacked using “brute force” software that runs through all the possible combinations of letters and numbers
  • Unprotected portable devices are lost or stolen
  • Devices are infected with spyware
  • People who know a password leave a company and that password isn’t changed
  • A shared personal device allows access to a social media account by non-authorised people
  • Password lists are made available to non authorised people

So what can you do about this?

Use strong passwords

The very first thing you need to do is ensure that social media passwords are strong. That means: a minimum of 12 characters including at least one each of an upper case letter, a lower case letter, a number, and a keyboard symbol (like ! % or &).

Words and names should not be used as part of this: so Password isn’t a great password. And guess what. People realise that numbers are commonly substituted for letters. So P455w0rd isn’t great either!

As words and names are a no-no you will need a simple trick to come up with a great password. It’s easy in fact. Think of a phrase such as “I love my wife Delvina and my two boys Caspar and Tarquin!”. Now take the first letters and turn that into a password: “IlmwD&m2bC&T!”. Complex but easy to remember. And so much better than Password!

Next it is sensible to ensure that passwords are different for all your social media accounts. After all if one does get hacked you don’t want them all being hacked. And change them a couple of times a year. Scott Aurnou has written an excellent post on passwords.

Limit access

The next step is to limit the number of people who have access to the social media accounts. Simple if they are your own accounts but more complex in a company where you may want several people to be able to post content.

Start by doing an audit. And remember to check whether any third parties like your PR company also have access (if so do you will want to know whether they share your password with all their employees).

Next, severely limit the number of people who have access in future. And make sure that written into their contracts is a stipulation that passwords must not be shared and an explanation of sanctions if they do so. If necessary appoint an “editor” who uploads content written by other people. Oh, and do make sure you keep a record of who does have access somewhere.

Ideally, and if budgets allow, you will also implement Single Sign On (SSO) technology (such as Nexgate provide) to manage access to your social media accounts. This means that when people sign into their work computers only authorised people will be given access to social media accounts, but they will be given access without having to input a password. As they don’t know the passwords then you can simply deny them access should they leave or their role change.

One more thing to lookout for. Some social media platforms including Facebook and Google+ require business pages to be set up from private social media accounts. If this is the case you will have trouble managing these accounts in the future if the person who set them up leaves your company. The easiest thing to do is probably to start afresh with these platforms, even if it means sacrificing some assets such as people who Like you.

Prevent cookie attacks

Several big social media platforms including Twitter and Facebook are designed to remain open continuously, so that every time you go to your computer or mobile phone you can read and post content.

Convenient; but keeping an account open all the time can give people a really easy way into your social media account, especially if the account is open on a mobile device which subsequently gets lost or if you are using a shared device and forget to log out.

As people will inevitably forget to log off on some occasions, the most secure way to handle this is to require access to corporate social media only via fixed company equipment. This does mean that people won’t be able to post updates from Twitter and Facebook when they are out and about. I’ll come you how you manage that disadvantage in a moment.

Avoid phishing attacks

Another common problem is “phishing” which is where a hacker sends you message that seems to be from your social network, asking you to log in to your account for some plausible reason. They provide you with a handy link. You, thinking you are logging into your Twitter account, enter your username and password into a fake login page, which promptly captures the data. You have been hacked. Often these attacks are highly personalised and will use your name, as a result looking very credible.

The only way to prevent phishing attach is through education. Train people to look for suspicious emails. Get people to check the actual address of the site they are logging into by looking at the address bar or better still avoid clicking on links (especially shortened URLs) in emails and navigate directly to their social media account instead.

Additional security can be provided by using the SSO technology mentioned earlier as these tools won’t automatically complete your log in information if you aren’t on a legitimate site. But if you don’t have that then education (and common sense) is your only defence.

Protect mobile devices & manage wi-fi use

Business people who have a requirement to post on social media sites for their employers are highly likely to have a smart phone or a laptop. And mobile devices represent a real risk because:

  • They can be lost or stolen
  • They may connect to the internet via unsecure or dangerous connections

The easiest way to manage risk this is to limit access to corporate social media accounts via fixed computers in secure office locations. This might sound draconian but in practice most social media can be managed in this way with executives who are out of the office mailing posts to colleagues who can post from the secure location of the office.

But what about newsy posts that require immediate publication? For instance tweets at a conference or Facebook posts at an industry event? Here are some ideas:

  • Ensure the mobile device you are using is adequately password protected, especially if you are using a password vault like LastPass to make logging on to a number of different accounts easy
  • Password vaults remember passwords for you. Ideally I wouldn’t use them on a mobile device but if you do make sure you have the ability to lock or wipe it remotely in case you lose it; (IT managers should audit the remote use of social media and where appropriate provide such remote locking or wiping capabilities to privately owned devices)
  • If you are logging on to Twitter or Facebook on a mobile device make sure you log off after you finish
  • If you are accessing social media via wi-fi then check to make sure it is the official wi-fi (check the exact name) and don’t be tempted to use an unsecured wi-fi that seems to offer easy access; (personally I would never use wi-fi outside the home or office for any sensitive purpose, but then I am a cynic)
  • If you are tweeting via wi-fi then don’t use the corporate account, or your own account if you are a prominent person (e.g. a director of a large corporate). Set up a secondary account and use it for out-of-office events. Use the hashtag for the event to ensure that people find your posts. Get colleagues to follow the secondary account and share your posts via the main corporate account as soon as possible


Ultimately a lot of protection can be gained through education. Help people understand where the risks lie and what they can do to minimise them. Education is a cornerstone of security. It won’t protect you all the time (nothing will) but with the right processes and attitudes in place the risks can be reduced massively.


Content marketing or social media?

Content marketing? That’s just using social media isn’t it?

Well, no. The two are really quite different, although they do have a large area of overlap.

Content marketing involves using content for marketing promotion (obviously!) This content can be:

  • paid for (such as an advertorial in a magazine),
  • owned (such as a blog or a white paper in your website), or
  • earned (mentions of your brand by other people on social media platforms).

Social media, in contrast, can be used for marketing promotion but also has a number of other uses including recruitment, market insight generation and CRM.

You can illustrate the two areas this way:

This simple diagram says two things:

First content marketing is far wider in media terms than social media marketing. It encompasses online marketing but also offline marketing (which is where it started). And it involves paid media and owned media as well as the earned media that social media platforms can provide.

Second, social media has a far wider remit than content marketing. It isn’t just about marketing promotion.

It can be used very effectively for CRM (customer relationship management): companies can identify customers with complaints or queries and address them, either publicly or privately.

It can also be used for generating market insights, comparing what consumers think about you and your competitors, or identifying likes and hates they have about your industry. It can be used to support marketing too: by analysing social media conversations, companies can uncover the keywords and hashtags that can be used in search and social media marketing.

And how about new product development? Again, analysis of social media conversations can identify the functionality or features that consumers would respond to in new products.

Or Human resources where social media can be used to paint an informal picture of working like in your company and can even be used to target potential employees who are contributing to online discussions.

So: if you need to explain content marketing to anyone, do go further than social media. And if you need to explain social media don’t forget the many important opportunities beyond marketing promotion.

We hope you are still not confused by the difference (if you ever were!) But if you are, or if you would like to explore the potential of content marketing or social media for your business, then don’t hesitate to get in touch with mosoco on or telephone us on 07855 341 589.

Finding inspiration to tweet

You should always give your Twitter followers content that they want! But how can you get the inspiration for a constant stream of useful tweets?

It’s one thing being a celeb and having an army of fans who are genuinely interested that you had toast for breakfast. But it’s another if you are trying to promote your business to potential clients.

As there seems to be a strong correlation between the number of tweets and the number of followers, tweeting regularly (although not too often) is important for a business.

So where can you get inspiration for that next set of tweets? Here area few ideas:

  • Thought leaders: follow thought leaders and retweet them as a way of basking in their reflected glory; and you never know – they may follow you back and then there is a chance they will retweet some of your posts
  • Company news: services and events you are hosting naturally deserve a mention; and so do new clients (so long as you are not banned from talking about them); also, people may not be very interested that you have a new intern, but mention them by name and your intern will feel the love! Avoid banal tweets about the new kettle though…
  • Media owners: keep an eye on half a dozen business sites in your field of expertise and you should never be short of something to tweet about; but don’t just go for the obvious ones: if you work in ecommerce then follow e-consultancy by all means but if you follow less well known sites like theGrocer you will be able to point people to content they are less likely to have seen already. And don’t forget the financial papers: reporting on business issues that are wider than your particular field will give you an air of authority.
  • Your own content: if you have a new whitepaper or a new case study on your website there is no excuse not to tweet about it – but don’t make all your tweets self promotion as you will quickly lose followers; confine this sort of material to no more than 25% of your tweets.
  • Events: It’s a good idea to tweet about an event you are attending: best to avoid the banal (unless you are mentioning a prospect by name (Sooo looking forward to #AcmeWidget’s MD #CartairsArbuthnot talking at this year’s #WidgetsInternational2013 conference). But bite sized chunks of useful information, or reporting unexpected opinions from speakers, will be impressive. Remember the audience is threefold: delegates who you want to network with(they may be following a hashtag or even seeing tweets on a big screen); prospects who are not at the conference but whom you want to impress (use hashtags to help prospects find your tweets, as they may not be interested in the event but may be interested in some of the discussion); and the event organisers who might give you a speaking slot next year (so be nice about the organisation, venue/location, quality of speakers and networking opportunities).

A little planning plus the use of an editorial calendar, and you should find that tweeter’s block disappears as if by magic!

Want to know more? Get in touch with mosoco: email us at to ask us a question about this post or to see how we can help with your social media marketing.

Five free tools for analysing hashtags

How popular is your brand? Are people talking about an event you are running? Are people really interested in that new reality TV show? Hashtag analysis tools can help you build up a picture of how people are talking about a particular subject.

In this post I describe five tools that are (at the time of writing) genuinely free: these are not tools that you get free for a month, say; so you should be able to keep on using them. If you know of others then do let me know and I will update this post.

The tools described can:

  • Measure sentiment
  • Identify popular words used
  • Identify related hashtags
  • Track the popularity of different hashtags over time
  • Identify how frequently different hashtags are re-tweeted
  • Identify the potential reach of hashtags
  • Suggest some illustrations that people use when tweeting on different hashtags

At the time of writing the Great British Bake Off reality TV show has just reached its final so I have used this an an example. Apologies if you don’t like the programme. (I find it strangely addictive, like Battenberg cake.)

Five great free hashtag analysis tools

Social mention is always a great place to start your analysis. This impressive free tool allows you to type in a keyword and delivers a wealth of information including sentiment, keywords, and hashtags. It also identifies sources so you can see whether flickr is more important than youtube for a certain word. The advanced search option is very useful at cutting down irrelevant mentions.

social mention screen shot is a really lovely free tool that allows you to examine the hashtags that are linked to another hashtag (i.e. the two hashtags regularly appear in the same tweets). This is a great way of understanding how topics are related in social media.

In the image below I have searched for “GBBO” (appears in the red circle); the top ten linked terms are in the blue circles. I have chosen one of those, “bakeoff”; this now appears in yellow and I can see the terms that relate to it; I can see that it shares a number of terms (baking, bakeoffinnuendo, and greatbritishbakeoff) with GBBO.

screenshot from showing how hash tags are related

The tool also has shows recent tweets and has data on languages and on the top “influencers” for the topic. And if you sign up to the beta version you will also be able to see a popularity graph over time where you can compare the popularity of several hashtags.

Topsy is a very useful tool where you can see the number of tweets for up to three hashtags over one month period. In the chart below you can see very clearly the weekly peaks when the Great British Bake Off TV show is aired and the massive spike around the final.

screenshot from

This tool is very useful for comparing a brand with a competitor brand or looking at which hashtag is the best one to use in future.

Hashtracking is another useful tool that shows you how many times a particular hash tag has been retweeted. The free tool will only look at the last 1500 tweets but that seems to be a good sample.

So for instance I can see that about 60% of tweets with #gbbo were retweets while only 20% of tweets with #bakeoff were retweets and #greatbritishbakeoff scored 30% for retweets. This could be a useful indicator of what tags are best for generating engagement.

screenshot from

The tool also shows you a simple measure of exposure in terms of reach and “timeline delivery” (total followers of retweeters).

Twubs is really a tool for managing twitter chats but it comes with a nice picture feed which could be useful for analysis and for illustrating reports.

screenshot from


As with all hashtag analysis, care must be taken. No one owns a particular hashtag. So if the Great British Bake Off is on TV at the same time as the Great Basin Bird Observatory is having a conference then the results for #GBBO may not represent purely people tweeting about BakeOff.

Nonetheless, with due diligence, all of these tools are useful ways of analysing the popularity of a particular topic in social media.

Picking the right hashtag

Poor old Kimberly seems to have been left out of the social media popularity stakes in the Great British Bake Off. There are Team Ruby and Team Francis in the top ten hashtags related to #gbbo, but nothing for Kimberly who seems about as popular as #soggybottom, according to

The top ten hashtags are: win, giveaway, competition, comp, baking, greatbritishbakeoff, bakeoff, baking innuendo, teamruby, and teamfrancis.


It’s not all bad news for Kimberly though as her apparent popularity has been diminished by the fact that lots of people spell her name “Kimberley”. it’s a bit like splitting the vote between the Tories and UKIP! If she had a name that was easy to spell like “ruby” she would be up there with the others.

Just goes to show the importance of picking an easy-to-spell hashtag if you are promoting an event!