The official social media accounts of several Major League Baseball teams were compromised Thursday, leading to some embarrassing messages appearing on the Facebook and Twitter accounts and highlighting the risks social media sites can present for the public image of businesses.
Late Thursday afternoon a post on the Facebook wall of the New York Yankees reported that the club's star player, Derek Jeter, would miss the rest of the season because of "sexual reassignment surgery," while the Twitter feeds of the Chicago Cubs and White Sox, Miami Marlins, Washington Nationals, San Francisco Giants and San Diego Padres all also posted suspiciously inappropriate messages. About an hour after initial media reports surfaced the posts in question had been taken off the Yankees' page. Another entry apologized for the "false post" and noted that the account is controlled by Major League Baseball's Advanced Media division.
SOCIAL MEDIA SECURITY: Facebook, Twitter need corporate security policies
The incident highlights anew the risks that can come along with using such social media sites and shows the importance of installing appropriate security measures to prevent such egg-on-the-face situations, says Ben Rothke, a New Jersey-based information security professional and author. "At the end of the day, breaches are inevitable," he says. "Which is why having good practices in place and incident management programs outlined that can quickly identify, and rectify the situation is important."
Companies should take a holistic approach to managing social media, he says, because there are a number of issues to consider. A social media policy regarding if and how employees can use their own personal social media accounts, and whether or not those represent the company, is a decision that may involve the human resource and legal departments. Management of the official corporate social media account is another issue that may involve the IT and public relations departments, he says. In each situation, though, he says there are basic, common-sense security provisions that can be taken to protect unwanted incidents. "We've got all these biometrics and secure IDs, but a lot of this comes down to the password," he says. Having unique passwords for various sites and changing them frequently is a best practice.
Equally important is to have a plan in place in case a situation does arise. "Most security practices fall into the end user's common sense management, but you also have to understand the risks and have a plan to deal with them accordingly," Rothke says.
There have been a variety of attacks and tools developed to more easily allow hacking of Facebook accounts, including last year an Android mobile application that uses cookies to hack a Facebook user's credentials over a Wi-Fi network. Facebook has, in turn, updated its security credentials. Last year, for example, it enabled the more secure HTTPS protocol throughout its site.
As for the situation with the MLB clubs, the fact that the Yankees apparently outsource management of the account to a third-party operation is not an uncommon situation, Rothke says. Choosing the partnerships for corporate image issues is important, though. The organizations catching the flak after Thursday's incident are not the Major League Baseball Advanced Media team, but rather the Yankees and all the individual clubs impacted.
Network World staff writer Brandon Butler covers cloud computing and social collaboration. He can be reached at BButler@nww.com and found on Twitter at @BButlerNWW.
Read more about wide area network in Network World's Wide Area Network section.