Burger King and McDonalds tweets

Experts offer tips on reducing social media risks

Recent breaches like Burger King's Twitter hacking have brought renewed focus to operators' digital security.

In this Internet-oriented age, anyone with a computer fears the hijacking of a password and the ensuing  problems created by a hacking incident.

But that nightmare scenario is becoming more likely for restaurant brands as they grow increasingly reliant on third-party social media platforms like Twitter, Facebook and LinkedIn for marketing, customer service and even recruiting. Recent hacking incidents suffered by Burger King and others drive the point home.

“This rash of hacks is a wake-up call for marketers, brands and social platforms alike,” Paul Colombo, director of technology at digital agency Deep Focus, wrote in a blog shortly following the Burger King hacking.

“Security is an often-overlooked aspect of social media management, which stands in contrast against the tools, practices and auditing that go into website security,” he continued. “While sensitive information may not be immediately at risk, brand perception and trust can be undermined in an instant, with the bad news pushed directly to users’ feeds.”

Burger King experienced this firsthand midway through Presidents’ Day, Feb. 18, when an unidentified hacker took over its Twitter page, changed the profile-page photograph to a McDonald’s logo and commandeered the Twitter feed for hours, spewing often-nonsensical and sometimes-profane tweets.

The Miami-based quick-service chain declined to discuss the hack, which lasted only a day, but issued this statement:

“Our official BK Twitter account was compromised by unauthorized users,” the company said. “Upon learning of this incident, our social media teams immediately began working with Twitter security administrators to suspend the compromised account until we could re-establish our brand’s official Twitter page.

“We apologize to our loyal fans and followers, who might have received unauthorized tweets from our account,” Burger King continued. “We are pleased to announce that the account is now active again.”

During the hack, the account gained about 30,000 new followers — about the only bright spot in an otherwise dark social media day.

Burger King resumed its regularly scheduled programming in the evening by tweeting: “Interesting day here at Burger King, but we’re back! Welcome to our new followers. Hope you all stick around!”

The social media team at competitor McDonald’s let its followers and Burger King know it shared the chain’s pain by tweeting: “We empathize with our @BurgerKing counterparts. Rest assured, we had nothing to do with the hacking.”

Minimizing risk

(Continued from page 1 [4])

Burger King is not the only brand to temporarily lose its social media identity to an imposter. The day after the Burger King hack, the automobile maker Jeep had its Twitter account hijacked in a similar way. And in late January the Berkshire, England-based music retailer HMV found its @HMVTweets account overtaken by disgruntled employees who live-tweeted their anger over a large-scale firing.

One of the HMV rogue posts read: “Just overheard our marketing director (he’s staying, folks) ask ‘How do I shut down Twitter?’”

While social media evens the playing field, allowing both big restaurant players and small ones to engage with their customers, larger companies have bigger audiences and more brand equity at risk when a rogue hacker takes over an account.

Oyetola Oyewumi, a digital strategist with COBS Group in Manchester, England, said in an e-mail exchange that social media platforms such as Twitter could offer high-profile clients the option of a two-layered password log-in process.

“If you do get hacked, don’t panic or get agitated, especially if it’s not exactly harmful,” Oyewumi said. A social media public service announcement about the situation should suffice, he said, “or even a funny spin.”

When Jeep’s Twitter account was hacked the day after the Burger King incident, and the brand’s Twitter profile page was altered with the Cadillac logo, Jeep responded with the message, “We aren’t rich enough to buy Cadillacs.” That, Oyewumi said, “neutralizes the attack with humor and will probably get more retweets.”

There are even websites available to test password strength, such as the free howsecureismypassword.net [5].

Twitter’s security team has offered simple suggestions [6] to heighten security for its social media accounts as well as across the Internet in general.

Experts also suggested restaurant operators compile a list of contacts for each site that includes how best to reach them in the event of a hacking incident. Brands also should have procedures in place for stopping an attack and have photographs, logos and text available to restore any defiled profiles on social media sites.

Many big brands, which can set up social media accounts for free, often pay for more sophisticated and targeted advertising products on Facebook and Twitter. Those sales contacts can be helpful when a brand finds itself the victim of a hack, according to observers.

Third-party consultants that handle social media accounts also should have strategies in place in case of a rogue takeover, experts said. In addition, they should require all devices that have access to the content-creation side of the social media accounts — such as tablet computers and smartphones — be password protected in case they are lost.

Finally, they recommended that any time an employee who works with social media leaves a company, all passwords should be changed across all platforms.

Contact Ron Ruggless at [email protected] [7].
Follow him on Twitter: @RonRuggless [8].