A restaurant fires its head chef a week before Christmas and doesn’t realize he has full access to their Twitter account.
Disgruntled much?
With access to do damage?
Oh yeah.
The chef, Jim Knight, posted a series of tweets ridiculing the restaurant, the Plough Pub, from their own account.
The tweets stayed up long enough to collect thousands of retweets, probably because Knight had access to the Twitter account and likely changed the password so the Plough Pub couldn’t log in and remove the tweets.
Oops.
You wouldn’t think we need this kind of social media lesson, but we do.
Churches, with our host of volunteers in public roles and sad history of disgruntled partings, should definitely take note:
- Keep track of who has access to all your social media accounts. Don’t forget about volunteers, contractors or freelancers.
- Remember to keep passwords updated and change them when staff or volunteers come and go.
- Note that on some social networks, including Facebook, you’ll need to go in and actually remove access with the account manager. The same holds true for social media services like Hootsuite.
- Create a policy for all the things you need to do when an employee or volunteer moves on.
While you shouldn’t treat people so poorly that they feel the need to lash out, you also shouldn’t leave the door open for that kind of attack.
MeredithGould (@MeredithGould)
December 16, 2013
No joke, I just worked with a church that experienced this very thing with a disgruntled volunteer who not only went a bit nuts on Facebook but took down the church website. No one else had administrative access or even knew where the website was hosted. A totally predictable and avoidable mess…that I got to help shepherd them through. Oy to the World.
Kevin D. Hendricks
December 17, 2013
Yikes. I was pretty sure the horror stories existed, but I didn’t want to know them. ;-)
Or live them.
So, full disclosure, I’ve spent some time today making sure my various accounts are as secure as they can be.
In some cases there’s not a lot you can do. If someone has top level access and decides to go rogue, you’re kind of screwed. It seems like the best you can do is make sure that top level access is somehow shared so you’re not relying on a single person. That and minimizing access (every volunteer doesn’t need your Twitter password) and changing passwords when people transition.
That and treat people well so they don’t flip out on you. ;-)
Carl Bliss
December 17, 2013
For twitter, don’t forget to revoke and reset all app access as well. With oauth, changing the password won’t necessarily change how apps are able to write to your account.
Luke Andrews
December 23, 2013
That is too funny. This is a great reminder to treat everyone with kindness and respect and to keep track of who is on your Twitter account.