Notification of security breach via Twitter?
If your business has a Twitter account, do those responsible for it know how to respond to tweets informing them of a data security breach?
I haven’t compiled any hard data, but it seems to me that less than 5% of attempts to notify companies of breaches via their Twitter team results in any acknowledgement.
Ignoring tweets alerting you that your company has been hacked probably does not give you plausible deniability. In fact, if you’re ever sued over the breach, some industrious lawyer will likely find the tweets and try to use them to show that you were negligent in not responding or taking action sooner.
So what should happen if your Twitter team is notified of a hack or security breach via Twitter? Does your team know what to do? Do they know to immediately escalate the message to your CISO or security? Do they know to acknowledge or thank the person alerting them?
And for those wondering why notify via Twitter instead of email, well, suffice to say that most businesses still do not have any links on their web site for reporting security breaches or urgent security concerns like “all your customers’ data have been dumped on the web.” If the Twitter team appears to be active on weekends, trying to reach out that way may be the fastest way to alert a company – if the Twitter team knows what to do.
So if you’ve got a Twitter team, ensure they know what you want them to do in the event someone tweets to them that they’ve been hacked or that your company’s data have been exposed. Don’t expect those of us trying to be courteous by notifying them to keep trying if our efforts to notify are ignored.