Reading Between the Lines of Twitter’s Security Memo

Twitter sent a memo to media yesterday with tips and suggestions to prevent account hackings. They believe that media accounts will continue to be targeted and want users to do everything in their power to keep their profiles secure.

What the Memo Said

Twitter presented multiple steps for securing accounts. They’re basic, at best.

  1. Change your password, change it quarterly. Use a mixture of numbers and letters in upper and lower case. Don’t give your password out. This is Internet 101 people.
  2. Keep your email accounts secure and don’t open suspicious emails.
  3. Watch out for any unauthorized applications. Like the announcements you hear in the airport about keeping an eye out for suspicious persons, if you see anything that you didn’t authorize, contact Twitter.
  4. Create a crisis response plan. Have steps in place to stop the bleeding and take down the accounts if you get hacked. The sooner you can take action, the sooner you will recover.

What the Memo Meant

meme1via

The AP’s account was hacked because of a phishing email that got into their system and targeted their main twitter handle. By suggesting to media that they keep their emails secure, they’re washing themselves of the blame from last week’s chaos. By the logic presented in this memo, if employees at the Associated Press knew better than to open malware emails, they never would have been attacked.

The number of hackings aren’t going to stop. At this point, it’s almost inevitable that a brand, organization or media outlet will have its account compromised. Being prepared for an attack isn’t expecting the unexpected, it’s expecting the expected.

What was Missing

Twitter should have included an explanation about what they’re doing on their end to prevent these attacks from happening. Are they starting up the rumored two-step verification process? Are they adding a section to their security team that will exclusively work to prevent hacks from phishing emails?

Twitter didn’t necessarily need to go into detail for this part of the memo. Something vague and corporate like this would have sufficed:

“Our team continuously strives to ensure the safety of our users and their accounts. We are currently testing new technologies to protect the Twitter feeds of media, businesses and individuals. As you take these steps towards safer accounts, we are tirelessly working to make your experience better.”

Adding a conclusion paragraph that tells users that they’re looking for a solution turns the memo from Twitter scolding media about Internet safety to a partnership between a company and its customers to make a better future. It says, “Let’s work together in the name of cybersecurity.”

Yes, we should all follow the steps laid out in the memo, but Twitter shouldn’t get off scott-free either. Too many people have been hacked in 2013 to fully place the blame on the consumer.

About the author

Amanda Dodge