What You Can Learn From Snapchat's Security Breach
More than most social networks, Snapchat has worked to sell users on the promise of privacy. At the network’s heart are vanishing photos--images (often of the racy variety) that disappear seconds after opening, ostensibly leaving little or no digital footprint. The dream of anonymity and consequence-free texting, however, was seriously tested earlier this month.
Exploiting a known security flaw, hackers were able to access the usernames and telephone numbers of 4.6 million Snapchat users (including, apparently, the CEO himself). Much of this private information was then made accessible online, for anyone to see.
For Snapchat’s detractors, all of this is timely comeuppance for the brash young network, fresh off turning down a $3 billion offer from Facebook. For companies that find themselves committing more and more resources to social media, however, this should also be a sobering wake-up call: Security and social media rarely go hand-in-hand.
In the last year, businesses have adopted social media in record numbers. 77 percent of the Fortune 500 now have active Twitter accounts and 70 percent maintain a Facebook page, according to a University of Massachusetts Dartmouth study. Perhaps most eye-opening, 90 percent of small businesses now report using social media. But behind the enthusiasm for Twitter, Facebook, and other networks is a sobering truth. Many companies, including some of the planet’s largest enterprises, are underestimating the risks they’re exposed to on social media.
There are, of course, the obvious ones. Twitter is public: Posted content can be seen by anyone and can never really be put back in the box once sent. Start a Facebook page, by the same token, and your company “wall” is as vulnerable to vandalism in the form of vicious or off-color comments as any back alley.
Then, there are more insidious threats, internal and external. Organizations from the Red Cross to KitchenAid have been shamed by employees--either accidentally or intentionally--posting compromising tidbits on corporate social channels. Meanwhile, malicious hackers have made short work of some of the biggest consumer brands on social media, co-opting feeds from the likes of McDonalds and the Associated Press.
Yet, for some companies, opting out of social media is no longer a viable option. According to a recent Nielsen survey, nearly half of all U.S. consumers now turn to social media for information from brands and businesses about their products and services. At the same time, companies able to navigate the shoals and use social media to its potential stand to unlock some $1.3 trillion in value in the years ahead, McKinsey reports. In many cases, there’s too much at stake to turn back.
Security technology plays catch up
Slowly, however, social media technology is catching up and starting to fill in the security gap. Over the last several years, software systems called social relationship platforms have emerged, offering companies ways to take at least some of the risks out of social media. Big software--like Adobe and Salesforce, among others--all have their versions, though dedicated vendors focused exclusively on social media (my company is one of these) have also emerged on the scene.
At their most basic level, all of these platforms force companies to consolidate and organize their social media presence. According to an Altimeter study, the typical enterprise has 178 Twitter, Facebook, and other social media accounts associated with it; some official, others started informally by employees (and many started by brandjackers with no affiliation at all with the company). Security risks here range from lost passwords and hacked accounts to rogue employees sounding off and confused customers who mistake imposter accounts for the real thing.
The standard social relationship platform centralizes these accounts in one software program--a kind of master dashboard for viewing and using all social channels. Access to accounts can then be regulated by a central administrator. At the same time, different permission levels can be extended to different employees, enabling, for instance, junior staff to draft messages and managers to approve them. Alerts for unauthorized access and special security features also make it considerably harder (but not impossible) for hackers to hijack company accounts.
The most secure platforms also offer an array of behind-the-scenes services from live support teams. Some vendors assist with audits to identify a client’s social media channels--both the real ones and knock-offs--then consolidate and map the legitimate accounts. Others provide crisis simulations to ready employees should a PR disaster ever go viral on Twitter or Facebook.
Increasingly, however, the real power of these systems lies in automation. A major consumer brand like Coca-Cola, for instance, may get tens of thousands of social comments everyday on Twitter, Facebook, Instagram, and other channels. Many social relationship platforms will have features to automatically weed out offensive or irrelevant content, as well as the increasing amounts of spam and malware distributed on social channels. Custom filters can even be set up to identify and eliminate comments containing flagged keywords, phrases or images.
As for Snapchat, in the wake of this month’s breach, members of the famously discrete network have been besieged by spam--of the intimate variety. A steady stream of messages featuring topless women and ads for male enhancement, not to mention fake rolexes and diet pills, has invaded users’ phones, prompting many to cry foul over the network’s repeated violations of trust. For companies for whom social media is more than a one-night stand, however, the path forward it seems isn’t anonymity or privacy but precisely the opposite--transparency and vigilance.
RYAN HOLMES | Columnist
Ryan Holmes is the CEO of HootSuite, a social media management system with eight million users, including 79 of the Fortune 100 companies. In the trenches everyday with Facebook, Twitter, Google+ and the world's largest social networks, Holmes has a unique view on the intersection of social media and business. Follow him on LinkedIn.