Skip to Main Content

4 Twitter learnings from HMV and Burger King

Posted by Danny Whatmough on 21st February 2013

What happens when you make your social media manager redundant but forget to revoke her access to your brand’s social channels?

What happens when your Twitter account gets hacked?

Over the last few weeks, HMV and Burger King have very publicly discovered the answers to these questions.

In the first incident, HMV felt the full brunt of disgruntled ex-employee Poppy Rose Cleere as she took to the Twittersphere to live-tweet the latest goings on at the beleaguered retailer. Despite what you think about the professionalism of her actions, HMV seriously dropped the ball here by failing to put in place an effective crisis comms plan that included social media and also by failing to react in a timely manner.

It is harder to criticise Burger King for the incident that occurred this week when its Twitter account was hacked. A McDonalds logo was uploaded and a series of tweets spewed out. Hacking is impossible to entirely protect against but, in both situations, there are actions that both brands could have taken and learnings for companies of all sizes:

1. Keep track of social media permissions

Who has access to your Twitter or other social media accounts? If you struggle to answer this question then you need to take action now. Keep a document that lists all people and applications that have access to your accounts and review it regularly. Remember this can also include third parties such as agencies or other partners. If in doubt…

2. Change passwords

Changing your passwords regularly will help with any issues around permissions. If you change a password and then only give out the new details to those you want to have access, then you immediately cut anyone off that shouldn’t be able to issue updates on your behalf. Changing your password regularly will also protect you against security breaches…

3. Use safe passwords

…and, while we are on the subject of passwords, making sure you use a strong password will help protect you against potential security issues. As Twitter itself has said this week: “Your password should be at least 10 characters that include upper and lower case characters, numbers, and symbols. You should always use a unique password for each website you use; that way, if one account gets compromised, the rest are safe.”

4. Draft social media guidelines

There’s little you can do (apart from points one and two above) to protect against employees that might go rogue. But having social media guidelines and ensuring all employees are aware of what you expect from them will at least help you mitigate any problems that might arise. These should be easy to read and not overly complex. They should also be reviewed, updated and shared on a regular basis.

photo credit: scmikeburton via photopin cc

  • Twitters advice on passwords doesn’t really stand scrutiny when it comes to brute force attacks. This is best illustrated by a rather nifty xkcd strip. (Click on image to view)