Embed Size (px)
Citation preview
HACKED | Secure Your SM Accounts
Tyler Thomas – Social Media Specialist@UNLincoln | [email protected]
August 18, 2015
• Recently higher education and big brand accounts have been under attack from malicious hackers and some disgruntled employees
• Accounts were hacked using Phishing Scams & revealing holes in our protocols and procedures
• The next few slides will provide NECESSARY updates to make with your team
THE SITUATION
2
• Review who is an admin on your page – Make sure only those that are necessary are
FULL ADMIN– Lower the permissions of others to editor and
moderator accordingly – Remove any users that don’t need to be admin at
any level or are not necessary
3
• Facebook will never send official communication via Messenger
• Never enter your password anywhere but facebook.com. Hackers set up fake pages to look like a FB login page so it’s important to always check that you’re really logging into www.facebook.com
• Watch out for fake pages/apps as well as “official” links using URL shorteners such as the gl links from the phishing messages
4 Source: http://socialmedia.umich.edu/blog/hacked/
• Ensure that Admin and Editor roles have “login approvals” turned on. This will add an additional layer of security when someone attempts to login from an unrecognized device.
• Login Approvals (For Admin and Editor Roles)– Each user will login to his/her account– Access Settings (top right arrow drop down) – Under “Security” Left Sidebar– Login Approvals
• Activate this. This will REQUIRE a security code to access your account from unknown browsers and will require you to use your mobile device to authenticate your account.
5
• Password Security via UNL ITS• Use Strong Passwords• Use different accounts and passwords for different
levels of access• Update your password every 60-90 days • For more details visit: http://go.unl.edu/passwords
PASSWORDS
6
• Phishing Emails via UNL ITS• Don’t click on links or attachments in emails you
weren’t expecting • If something looks fishy, don’t click on it and contact
[email protected] or 402.472.5700 and they can verify message legitimacy
• Report suspicious emails to [email protected]• For additional information:
http://go.unl.edu/phishingunl
PHISHING
7
• ALL social accounts (minus Facebook) should be set up with group or non-user specific email address. We want to make sure the communications teams have access and not just one person
• When new employees come on board or employees leave, make sure you’re updating admin permissions and passwords– This is very important when it comes to STUDENTS &
GRADUATE ASSISTANTS or if you’re working with an agency or outside vendor and managers change
OTHER REMINDERS
8
• Please review/forward these slides to your team and take the next steps to securing your accounts
• If you have any follow up questions or need assistance, please contact Tyler Thomas: [email protected] | 402.472.6554
• See what happened to Michigan: http://socialmedia.umich.edu/blog/hacked/
FOLLOW UP/NEXT STEPS
9
