How To End Your Social Media Career

Or, possibly, “Why you should always check that the link you’re about to paste is still the one you think it is".

Boom. Yup, there goes your job. Quick, find someone else to blame. Failing that, get your coat and head for the door. A lot of commentators were surprised how long this post stayed online for after it was posted. Having worked in Social Customer Services, my guess would be this:

Their CS operative comes online and starts responding to tweets received since the end of the previous day. If there’s a catch-all Query form, he’d keep the link to this on his clipboard, and paste into each response tweet as needed (“Sorry to hear that, please contact <LINK>“; “Hi there! Thanks for letting us know! Please contact Customer Services here <LINK>“, etc.).

At some point during the day, the offending image will have been tweeted/posted/emailed to the company, our operative has seen it, copied the URL to clipboard and written an email to colleagues/friends/his dad saying something along the lines of ‘LOL, look what just arrived!’ and then gone back to responding to incoming tweets, forgetting to first replace the offending image URL with the correct CS form link.

Then, once that image was sent out in error, he’s gone on answering the backlog of tweets (or spreadsheets, browsing imgur, whatever) as no-one really checks the tweets once they’re sent out; we’re all far too busy.) Someone sees the mistake and, even if they tweeted immediately alerting CS to the offending image, it’s going to take a while for the operative to work through the backlog and get up to date. At which point, it’s time to shovel as many office supplies into his pockets as possible and head for the door.

The lesson? Proofreading doesn’t just mean checking for typos. If you’re including a link, make sure it goes where you want it to. Assumptions on this score can cost you your job. And imagine being asked ‘So, why did you leave your last job?’

(Originally posted on April 18, 2014)

When you have nothing to say...

...say nothing.


Skrillex is just showing off, but the point is valid. Don’t spam people with inane posts about nothing, irrelevant observations about the weather or anything else along those lines.

Look at your post before hitting send and ask yourself “Why would anyone care about this? In what way does sending this post help me / my business / the brand I’m representing?” If it doesn’t, hit delete and try again.

Arguments against this using the ‘But that means I’ll miss posting at my regular time on my regular day!’ can be addressed with the following: No-one notices a lack of a post. EVERYONE notices too many. And any post that lacks value for either poster nor reader is a post too many.

(First posted on January 17, 2014)

Think Before Hitting 'Post'

One of the best things you can possibly do before hitting send on any post, tweet, update or comment is pause for a moment, and think about how your post might be received, and the responses you’re likely to get.

In a lot of ways, this is a rule that applies every single time you open your mouth, also. But if you’ve not worked that out yet, then you’re probably beyond my help.

The key here is to anticipate any negative reaction  and edit your post to mitigate it as much as possible.

In the example above, multi-millionaire superfamous footballer Rio Ferdinand could probably have phrased this a little less ‘poor me’ as he sits in his hotel suite paid for by his employer and contemplates an early night in the king-size bed. He did a good job of clearing it up in his responses, 

“Next time I’ll just put #joking on the end of a “joke” tweet for all the fooooooools! Don’t make me switch on u….I’m here all night mugs!” 

But as with most things like this, it smacks of panic and is rarely reported by any of the sites so keen to point out the original inflammatory post.

Another route, of course, is to plan your response to their response, a bit like planning a few moves ahead in chess:

Go Ex-MySpace Tom.

(Originally posted January 15th 2014)

Crisis Management: What To Do If Your Twitter Account Is Hacked

Squeaky bum time? Not at all. Stop crying, stay calm and follow these steps.

  1. Don’t panic. Seriously. Calm the fuck down. What are you, a schoolgirl or something? This is part of your job and, incidentally, your chance to shine.
  2. Try logging in as normal. It may not have occurred to the bastards currently tanking your career to actually change the password.
  3. If this doesn’t work, hit ‘the ‘forgotten password’ button and check your email account (including spam folders, and any filters that might have eaten it) for the reset link.
  4. While you’re waiting for the link to arrive, or if you’re unable to reset the password, damage limitation is key: Drop the client a quick email, text or phonecall to let them know that the situation is under control. Make sure you sound calm and reassuring.
  5. If you can, login with any third-party software you already use, such as hootsuite or tweetdeck, and minimise damage by immediately deleting any unauthorised posts and explaining to any offended/concerned/amused followers what’s going on.
  6. As soon as you have access to the account via (NOT via any third-party apps), log in and change the password again. Ensure that the email address(es) associated with the account are ALL yours and are kosher. If any of them look a little iffy, or point to a non-work-sounding address (such as hotmail), delete immediately and replace with one that you know to be safe.
  7. De-authorise ALL apps that currently have posting rights, just to be sure. You can re-authorise them one by one, once you know the account to be secure and the crisis over.
  8. Once the bad guys are completely removed from your account, contact the client again, letting them know that everything is once again secure and the cleanup has begun. Transparency is the key here, both to the client and to your followers – make sure everyone affected is aware that this was not intentional, and that you once again have it under control.
  9. Make sure everyone involved knows how amazing you are for dealing with this so quickly and capably.

If you haven’t already, you should also follow these basic password security tips to minimise the chances of this happening again.

(First posted January 4, 2014)

Basic Password Security

This one seems like a bit of a no-brainer, but recently a friend of mine, who is really quite high-up in the digital marketing department of a major brand, had his personal Twitter account hacked because his login was ‘password123′.

This should not be a post I have to write. Still, here we are. 

So, here’s a quick rundown on how to create a secure password: The main insight to start from is that hackers and other such unsavoury types use programmes to guess your password; These use what is essentially a dictionary list of words, names, numbers, etc. in an attempt to find the correct one for your account. The best way to thwart them is to use a combination that won’t occur naturally and so is unlikely to be tried by their bots:

  • DON’T use a single word that already exists (your name, your pet’s name, ‘password’, ‘letmein’, anything from your brand / the dictionary / Harry Potter / Twilight)
  • DON’T just add a number onto the end of a word (‘password123′ being a prime example)
  • DON’T replace obvious letters with numbers (pa55w0rd, for example: Machines work with patterns – if you can see that s=5, o=0, A=4, etc. so can the people who program the hackbots)
  • DON’T use your date of birth, address, phone number or other easily-found information about yourself, your company or your brand
  • DON’T write it down and stick it to your monitor, or anything equally obvious (and make sure to stop anyone else who knows it from doing this)
  • DON’T use the same password for multiple accounts – each must be unique, and not just ‘password1′, ‘password2′, etc. either. Get inventive.
  • DON’T share it more widely than is absolutely necessary – only to those who need access for mission-critical work (posting, responding, data-gathering).
  • DON’T circulate it openly – NEVER in an email with ‘New password for @YourBrand’ in it, and certainly not as a subject: Set a codeword that you and your colleagues will know to mean password, for example ‘New Lamppost notice’ or ‘an update from the Australian office’ etc.
  • DON’T have the password in plain text or otherwise easily copied & pasted – if you must circulate it, do so as an image attached to an email, again not mentioning the word ‘password’ or ‘login’ in the text of the email at all if you can help it

(These last two are to help minimise the risk of a naughty person gaining access to your email account, running a search for ‘password’ and suddenly having the keys to every aspect of your brand’s online identity)

  • DO mix capitals and lowercase, but in sTUpiD pLACes
  • DO spell things wrong (just remember when you do)
  • DO use special characters: @ _ – # ~ ; : etc
  • DO add spaces (but not in the correct places, li ket hisf orexa mple) – some logins won’t allow this, but lots will
  • DO use a combination of all of the above tips in the same password
  • DO use these guidelines for all of your passwords, not just brand accounts. No point coming up with a great, complex password for a brand login if the computer it’s stored on is locked with ‘12345‘ or something
  • DO make sure you can remember the damn thing. There’s no point having a string of letters and symbols that’s unguessable if you forget it before it can be useful
  • DO change it every time someone who has access to it leaves the project / team / company (see also this post on What to do when your security is compromised)

I know what a ball-ache this seems, especially when even this level of precaution won’t totally guarantee safety, but it’s worth it if it discourages the baddies long enough to make them give up.

And, if you ever have to explain to your client why their brand is currently spouting all sorts of potentially damaging content, you can show that you did everything in your power to stop it happening. And that's worth something.

(First posted January 3rd, 2014)