{
    "version" : "https://jsonfeed.org/version/1",
    "content" : "resources",
    "type" : "single",
    "title" : "Social media cyber-vandalism toolkit |Digital.gov",
    "description": "Social media cyber-vandalism toolkit",
    "home_page_url" : "/preview/gsa/digitalgov.gov/bc-archive-content-3/","feed_url" : "/preview/gsa/digitalgov.gov/bc-archive-content-3/resources/prepare-recovery-respond-social-media-cyber-vandalism-toolkit/index.json","item" : [
    {"title" :"Social media cyber-vandalism toolkit","deck" : "How to prepare for, recover from, and respond to cyber incidents","summary" : "Cyber-vandalism presents a serious challenge to online-based communication tools. This resource provides information for agency practitioners to prepare for, recover from, and respond to cyber-vandalism.","date" : "2024-02-20T17:50:00-05:00","date_modified" : "2025-01-27T19:42:55-05:00","authors" : {"cathryn-camenzind" : "Cathryn Camenzind"},"topics" : {
        
            "security" : "Security",
            "social-media" : "Social media"
            },"branch" : "bc-archive-content-3",
      "filename" :"prepare-recovery-respond-social-media-cyber-vandalism-toolkit.md",
      
      "filepath" :"resources/prepare-recovery-respond-social-media-cyber-vandalism-toolkit.md",
      "filepathURL" :"https://github.com/GSA/digitalgov.gov/blob/bc-archive-content-3/content/resources/prepare-recovery-respond-social-media-cyber-vandalism-toolkit.md",
      "editpathURL" :"https://github.com/GSA/digitalgov.gov/edit/bc-archive-content-3/content/resources/prepare-recovery-respond-social-media-cyber-vandalism-toolkit.md","slug" : "prepare-recovery-respond-social-media-cyber-vandalism-toolkit","url" : "/preview/gsa/digitalgov.gov/bc-archive-content-3/resources/prepare-recovery-respond-social-media-cyber-vandalism-toolkit/","aliases" : {"0" : "/resources/readiness-recovery-response-social-media-cyber-vandalism-toolkit/"},"weight" : "1","content" :"\u003cp\u003eCyber-vandalism presents a serious challenge to online-based communication tools. This resource provides information for agency practitioners to prepare for, recover from, and respond to cyber-vandalism.\u003c/p\u003e\n\u003ch2 id=\"readiness-phase-1\"\u003eReadiness: Phase 1\u003c/h2\u003e\n\u003ch3 id=\"identify-a-social-media-stakeholder-team-to-prevent-and-respond-to-cyber-vandalism\"\u003eIdentify a social media stakeholder team to prevent and respond to cyber-vandalism\u003c/h3\u003e\n\u003cp\u003eResponsible managers should be aware of their roles in the potential response to any social media cyber-vandalism, including the necessity of quick, decisive action. This team should be connected by email, phone, text and any other appropriate means of communication. The team includes, but is not limited to:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eSocial media team\u003c/li\u003e\n\u003cli\u003eProgram manager\u003c/li\u003e\n\u003cli\u003ePublic affairs representative\u003c/li\u003e\n\u003cli\u003eGeneral Counsel\u003c/li\u003e\n\u003cli\u003eIT Security\u003c/li\u003e\n\u003cli\u003eSenior leader or manager\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch3 id=\"review-resources-for-various-communication-tools\"\u003eReview resources for various communication tools\u003c/h3\u003e\n\u003cp\u003eOnline-based communication tools offer resources. Browse their help centers to become familiar with their support and their unique characteristics.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.facebook.com/help/379220725465972\"\u003eFacebook Security Features and Tips\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://support.google.com/accounts/answer/46526\"\u003eKeeping your Google account more secure\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://about.instagram.com/safety\"\u003eInstagram Safety Center\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://about.linkedin.com/transparency\"\u003eLinkedIn Transparency Center\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://help.twitter.com/en/resources/a-safer-twitter\"\u003eA Safer X (formerly Twitter)\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3 id=\"establish-stakeholder-rapid-outreach-plan\"\u003eEstablish stakeholder rapid-outreach plan\u003c/h3\u003e\n\u003cp\u003ePrepare a list of internal and external contacts and processes for a cyber-vandalism incident. For example:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eWho is the point of contact for incidents?\u003c/li\u003e\n\u003cli\u003eWho is the government point of contact?\u003c/li\u003e\n\u003cli\u003eWho is on your social media stakeholder team?\u003c/li\u003e\n\u003cli\u003eWho are key audiences on social media and other channels to alert?\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eIncorporate their relevant contact information, including:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eEmails\u003c/li\u003e\n\u003cli\u003eMailing lists\u003c/li\u003e\n\u003cli\u003ePhone numbers\u003c/li\u003e\n\u003cli\u003eSocial media handles\u003c/li\u003e\n\u003cli\u003eHashtags\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3 id=\"create-communication-templates\"\u003eCreate communication templates\u003c/h3\u003e\n\u003cp\u003ePre-populate different types of messages for emails, texts, social media posts, and more. Also communicate essential information to convey the nature of the compromise such as:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAn account is compromised\u003c/li\u003e\n\u003cli\u003eAn administrator cannot access an account\u003c/li\u003e\n\u003cli\u003eA username or password for an account is compromised;\u003c/li\u003e\n\u003cli\u003eInformation on the account is unauthorized.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3 id=\"review-secure-social-media-best-practices-checklist\"\u003eReview secure social media best practices checklist\u003c/h3\u003e\n\u003col\u003e\n\u003cli\u003e\n\u003cp\u003eInstitutionalize secure web standards, such as HTTPS, as a foundation for secure social media.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eEstablish accounts with official .gov or .mil domains of federal employees.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAllow for more than one employee to administer an account.\u003c/li\u003e\n\u003cli\u003eDesignate an alternative as auxiliary support. Limit this designation to an individual essential to the operation and management of an account.\u003c/li\u003e\n\u003cli\u003eClearly define the criteria for the administrator and alternative.\u003c/li\u003e\n\u003cli\u003eProvide adequate resources to the full-time employee (FTE) administrator, including a mobile device and third-party management tool whenever possible.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCreate a social media policy with standard operating procedures for cyber-security.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eObtain approval from appropriate parties, including your agency’s IT security team and legal counsel.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eTrain stakeholders and others on the procedures and policies of social media cyber-security. Require training before use of an account.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdd all official accounts to the \u003ca href=\"https://touchpoints.app.cloud.gov/registry\"\u003eU.S. Digital Registry\u003c/a\u003e, verifying authenticity of ownership. (For the Department of Defense (DoD), add social media accounts to the \u003ca href=\"https://www.defense.gov/Resources/Register-a-Site/\"\u003eDoD registry\u003c/a\u003e.)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFollow best practices for secure passwords.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch3 id=\"evaluate-two-step-verification\"\u003eEvaluate two-step verification\u003c/h3\u003e\n\u003cp\u003eThis type of authentication (also referred to as “two-factor authentication” or “2FA”) verifies a user attempting to access a device or system. It requires confirmation of two consecutive, yet dependent, entries. It may not be applicable to those without mobile devices or in secure environments that prohibit entry with such items. It may also require the use of third-party management tools to effectively allow multiple content coordinators.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.facebook.com/help/148233965247823\"\u003eHow two-factor authentication works on Facebook\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.google.com/landing/2step/\"\u003eAuthentication tools for secure sign in on Google and YouTube\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.linkedin.com/help/linkedin/answer/a1358878\"\u003eTwo-step verification overview on LinkedIn\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://help.twitter.com/en/managing-your-account/two-factor-authentication\"\u003eHow to use two-factor authentication on X (formerly Twitter)\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3 id=\"review-special-guidance\"\u003eReview special guidance\u003c/h3\u003e\n\u003cp\u003e\u003cstrong\u003eFor supervisors and directors\u003c/strong\u003e: Confirm policy is clear, accessible, and distributed among employees. Review, approve, and document all agency accounts regularly. Identify and eliminate rogue accounts. Instruct staff administering accounts to adhere to agency criteria and undergo training where appropriate.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFor social media managers\u003c/strong\u003e: Make security a part of regular social media meetings. Conduct security checks on a regular basis. Regularly update passwords. Keep the list of social media accounts updated. Keep account manager contact information accessible and updated. Remove access for users who are no longer with the agency. Develop a secure method of storing account names, owners, and passwords.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFor social media coordinators\u003c/strong\u003e: Use a protected, official government device. Use protected connections. Do not post from an open Wi-Fi network. Use a work VPN, 3G, or the work-related Internet connection. Generally, use network locations with strong firewalls and on standalone equipment. Preview shortened links to see the address of where they lead. Review the URL of a website in the address bar. Make sure the websites you visit use HTTPS encryption. If you are unsure of a link, double-click the `secure browsing icon` to the left of the URL in your browser’s address bar to display the digital certificate for a website (this will be a padlock icon in most browsers).\u003c/p\u003e\n\u003ch3 id=\"increase-knowledge-on-secure-use-of-social-media\"\u003eIncrease knowledge on secure use of social media\u003c/h3\u003e\n\u003cp\u003eIt’s crucial for staff who manage social media functions to be knowledgeable about cybersecurity best practices to safeguard their public agency accounts.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.us-cert.gov/ncas\"\u003eCISA cybersecurity alerts and advisories\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://pavilion.dinfos.edu/search-results/social-media/\"\u003eDefense Information School training on social media\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://dodcio.defense.gov/Social-Media/SMEandT/\"\u003eDoD social media education and training\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://consumer.ftc.gov/scam-alerts\"\u003eFTC consumer advice for scams\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.onguardonline.gov/\"\u003eFTC consumer advice for online privacy and security\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.login.gov/\"\u003eLogin.gov authentication tool\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://digital.gov/2021/06/08/deep-fakes-and-social-media-a-qa-with-alex-cohen/\"\u003eDeep fakes and social media: A Q\u0026amp;A with Alex Cohen (blog post)\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://digital.gov/2020/10/26/true-crime-detectives-how-we-used-free-web-metrics-tools-to-uncover-a-cybersecurity-incident/\"\u003eTrue crime detectives: How we used free web metrics tools to uncover a cybersecurity incident (blog post)\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2 id=\"recovery-phase-2\"\u003eRecovery: Phase 2\u003c/h2\u003e\n\u003cp\u003eAlerts of suspicious activity on social media can come from anywhere, including social media itself. If the social media cyber-security stakeholder team or responsible manager determines an incident is in progress, remember that minutes and even seconds count. Within minutes you’ll need to alert internal stakeholders, alert outside stakeholders to help you regain control, and act to isolate the compromise.\u003c/p\u003e\n\u003cp\u003eImmediately alert your social media cyber-security stakeholder team, and copy them on subsequent messages. Then, attempt to change passwords to isolate the incident and contact your points of contact at the platform to help regain control.\u003c/p\u003e\n\u003ch3 id=\"information-to-regain-control-after-cyber-vandalism\"\u003eInformation to regain control after cyber-vandalism\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eFacebook\u003c/strong\u003e Help Center: \u003ca href=\"https://www.facebook.com/help/131719720300233/\"\u003eHacked and fake accounts\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eLinkedIn\u003c/strong\u003e Help: \u003ca href=\"https://www.linkedin.com/help/linkedin/answer/a1340402\"\u003eReport a compromised account\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eInstagram\u003c/strong\u003e Help Center: \u003ca href=\"https://help.instagram.com/368191326593075/\"\u003eHacked Instagram Account\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eX\u003c/strong\u003e (formerly Twitter) Help: \u003ca href=\"https://help.twitter.com/en/safety-and-security/x-account-compromised\"\u003eWhat to do if your account has been compromised\u003c/a\u003e and \u003ca href=\"https://help.twitter.com/en/safety-and-security/report-x-impersonation\"\u003eHow to report impersonation accounts\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3 id=\"audit-your-social-media-inventory\"\u003eAudit your social media inventory\u003c/h3\u003e\n\u003cp\u003eFirst audit your list of social media accounts, password holders, agency hosted websites. Ensure no former employees, contractors, or interns have access to current passwords.\u003c/p\u003e\n\u003cp\u003eThen, review any third-party app you use to monitor or post to social media, plus other digital services, including websites, for signs of cyber-vandalism and any vulnerabilities.\u003c/p\u003e\n\u003ch3 id=\"confirm-cyber-vandalism-recovery-process-on-different-channels\"\u003eConfirm cyber-vandalism recovery process on different channels\u003c/h3\u003e\n\u003cp\u003eOnce securing your other accounts, release pre-approved initial messages alerting your communities that an incident is occurring and that steps are underway in order to recover cyber-vandalized accounts.\u003c/p\u003e\n\u003ch3 id=\"initiate-restoration-activities-after-regaining-accounts\"\u003eInitiate restoration activities after regaining account(s)\u003c/h3\u003e\n\u003cp\u003e\u003ca href=\"https://www.archives.gov/records-mgmt/bulletins/2014/2014-02.html#contact\"\u003eContact your agency records officers\u003c/a\u003e and office of general counsel to discuss social media records management issues.\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003e\u003ca href=\"https://www.archives.gov/records-mgmt/bulletins/2014/2014-02.html\"\u003eArchive cyber-vandalism messages\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eDelete cyber-vandalism messages.\u003c/li\u003e\n\u003cli\u003eStop all pre-scheduled messages.\u003c/li\u003e\n\u003cli\u003eRestore normal settings and features.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"response-phase-3\"\u003eResponse: Phase 3\u003c/h2\u003e\n\u003cp\u003eAgencies must not only prepare for and recover social media accounts after a cyber-vandalism incident, they should also quickly and effectively respond to their stakeholders and audiences as soon as possible using social media in order to maintain trust in digital services. Initial responses to the cyber-security stakeholder team and the public should be within minutes of recovering control of your accounts.\u003c/p\u003e\n\u003ch3 id=\"confirm-incident-and-recovery\"\u003eConfirm incident and recovery\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eCyber-security team confirmation\u003c/strong\u003e: Send initial report of recovery to social media cyber-security stakeholder team.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ePublic confirmation\u003c/strong\u003e: Distribute, as soon as possible, social media posts confirming the cyber-vandalism incident and your recovery of affected accounts. Announce a return to regularly scheduled activities.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eCommunity confirmation\u003c/strong\u003e: Deliver additional communication with pre-determined internal audiences and stakeholders to prevent the spread of rumors and misinformation.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3 id=\"confirm-and-verify-changes-to-access\"\u003eConfirm and verify changes to access\u003c/h3\u003e\n\u003col\u003e\n\u003cli\u003eReview account holders.\u003c/li\u003e\n\u003cli\u003eConfirm verification of login status.\u003c/li\u003e\n\u003cli\u003eConfirm changes and updates of passwords.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch3 id=\"conduct-a-review-of-lessons-learned\"\u003eConduct a review of lessons learned\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eWhat type of response worked well?\u003c/li\u003e\n\u003cli\u003eWhy did this work so well?\u003c/li\u003e\n\u003cli\u003eWhat did not work?\u003c/li\u003e\n\u003cli\u003eWhat unforeseen events occurred?\u003c/li\u003e\n\u003cli\u003eWhat changes will lead to a better response?\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3 id=\"apply-data-and-analysis-of-outcomes-to-improving-your-program\"\u003eApply data and analysis of outcomes to improving your program\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDevelop an after-action report.\u003c/li\u003e\n\u003cli\u003eEnsure future relevance with accurate information.\u003c/li\u003e\n\u003cli\u003eInclude lessons learned and best practices.\u003c/li\u003e\n\u003c/ul\u003e\n"}
  ]
}