December 29, 2016
Does your pharmacy use social media to promote your business?
Social media is becoming an increasingly popular platform for businesses to spread awareness and market their brand. Your pharmacy likely has a Facebook or Twitter page for this very purpose.
But, what if someone gained control of your social media account and used it to hurt your reputation or further their own agenda? For example, if your Facebook account is hacked and your posts suddenly became vulgar and inappropriate, your patients may not want to shop at your pharmacy anymore.
Social media cyber vandalism refers to an outside party taking control of someone else’s social media accounts and misdirecting them. This type of cyber vandalism is a very real threat facing small businesses today, including your independent community pharmacy.
Follow these guidelines to prepare for—and recover from—a social media intrusion, adapted from the U.S. Small Business Administration’s (SBA) Social Media Cyber-Vandalism Toolkit.
When it comes to social media cyber vandalism, preparation is the key to recovery. Here’s how to get prepared.
Designate a social media team
The first step to prepare for an intrusion is to identify who will be responsible for working to prevent and respond to cyber vandalism. This will likely be a team of people, and could include internal as well as outsourced employees.
Your social media team should consist of an owner or manager, the employees in charge of your social media accounts and any IT security personnel your pharmacy uses.
Use provided resources
It’s important to review the security resources provided by the social media sites you use (like Facebook), as they’re beneficial in preventing a hack. Each site has its own security and privacy settings and guidelines your pharmacy should follow.
Additionally, you should have a social media cybersecurity policy in place. This includes following best practices for creating secure passwords and training your employees on how to safely and appropriately use your social media accounts.
Establish communication guidelines
Part of preparing for a hack includes establishing a list of who should be alerted, should a hack take place. The list should include your social media team, your patients and anyone else you work with who may be affected by the incident.
Create communication templates that can be quickly distributed should the need arise. For example, craft a generic message to send via email or post on your other social media sites stating that your account has been compromised.
If any suspicious activity is detected on your social media account, it’s vital to act as quickly as possible. Here are some next steps to take.
Alert your team
You’ll first need to alert the members of your social media team so they can begin taking the necessary steps to recover your accounts.
Report the intrusion
Next, you need to contact the site on which your account was compromised, such as Facebook or Twitter, so it can aid you in recovering control. Nearly all social media platforms have online forms to fill out if you think your account has been hacked.
You should also go through your list of accounts and passwords to double check if any of your former employees or partners had access. Additionally, review your website and other social media accounts to ensure nothing else has been compromised.
Restore your account
Once you’ve confirmed the cyber vandalism and recovered your account, you can begin the restoration process. Be sure to archive and delete any messages or postings by the intruder. Then, restore all of your normal settings and features.
Your response plan is key to recovering from a cyber vandalism attack. Here’s what you should include in your response plan.
Notify the public
After you’ve notified your team, you need to notify the public. Confirm to your patients, physicians and other concerned parties that an incident has occurred and that you have recovered your accounts.
Learn from your mistakes
Reevaluate who should have access to your accounts, and verify password and security changes with those people.
Then, review how the event occurred and the effectiveness of your response plan. Take what you’ve learned to improve future preparation, training and best practices for social media cybersecurity.
Learn how to protect your pharmacy from a cybersecurity data breach.