Post Burger-King Hacking, 3 Digital Security Tips for PR Pros

Heavy lies the crown. Burger King's Twitter account was hacked on Feb. 18 for a little longer than an hour before Twitter shut it down, at Burger King's request. But that was plenty of time for hackers to publish 55 tweets, including some that contained racial epithets, references to drug use and obscenities.

"We just got sold to McDonalds! Look for McDonalds in a hood near you," the @BurgerKing account tweeted at 12:00 p.m. ET Monday. Burger King's Twitter profile photo was changed to a McDonald's logo, and its profile information said, "Just got sold to McDonalds because the whopper flopped."

In a statement Monday afternoon to the Chicago Tribune, Burger King apologized to its fans, adding: "We have worked directly with administrators to suspend the account until we are able to re-establish our legitimate site and authentic postings.”

At 10:00 p.m., Burger King tweeted: "Interesting day here at BURGER KING, but we're back! Welcome to our new followers. Hope you all stick around!"

It’s now up to Burger King to make the most of its new followers and capitalize by turning a negative situation into a positive one.

But what can other PR pros learn from the situation in terms of managing their own corporate channels on social media? Offering complete details around a breach is a PR/communications responsibility, according to Pete Pedersen, executive VP and global chair of Edelman’s technology practice.

Since time immemorial, data security issues have been relegated to IT and/or the legal department of an organization, leaving PR out of the loop. No longer.

It’s a different ballgame today, says Pedersen, what with the 24/7/365 news cycle and the rise of social media. “It’s become a reputational issue,” he says. “That’s why the No. 1 priority for communicators should be to make sure they have a robust privacy policy in place for customers and other stakeholders.”

The privacy policy is just one preventative measure communicators should take before a security breach occurs. Here’s the full rundown from Pedersen.

1. Deploy proactive and transparent communication of what the privacy policy is: “They are often riddled with legalese and language that is tough to understand,” says Pedersen.

2. Engage with industry advocacy groups and stakeholders: Put your policy in front of them for feedback. “That can really help in terms of trust and reputation if a breach does occur,” says Pedersen.

3. Communicate the risks of a security breach to other departments: “We’re operating in an environment of heightened sensitivity,” says Pedersen. Thus, every part of an organization should know about the threat.

Follow Bill Miltenberg: @bmiltenberg