3. Review Your Social Media Process
Johnson says that because social media can feel both familiar and simple, users in charge of maintaining an account can be lulled into a false sense of security. This is why after an incident-or at any other time-it's a good idea to review and amend your processes for and use of sites such as Twitter.
"Setting up a process for using social media may seem contrary since it should be raw and transparent, but when you're representing a company, it pays to think about what the process around it looks like," Johnson says.
Start by involving your chief security officer or chief privacy officer in a conversation to examine procedures and to look for areas in which you can improve, he suggests.
For example, Johnson says: "Because are people associated with these tweets, if a hacker can figure out who's tweeting-their email address, for example-they can figure out how to phish."
4. Preach and Teach Online Safety
Johnson says that anyone who is involved in a business' social media efforts should receive training not only on how to use it effectively, but on the security risks and how to recognize them.
"Phishing attacks are easy to see through if you take the time and know what you're looking for," he says. "These sorts of things are trainable."
Sign up for CIO Asia eNewsletters.