How Much Access Do Your Vendors and Contractors Have?

The president’s Twitter account briefly getting deleted highlights the way that, at many organizations, even lower-level employees or vendors may have discomforting levels of access to information. But while the issues raised here have a technical angle, a bigger problem might be cultural.

Last week, and on a wider scale than basically everyone else, Twitter had a problem that an organization that relies on contractors or industry partners has nightmares about.

For roughly 11 minutes, President Donald Trump found his account taken offline. The reason was that a customer support person, in a final-day blaze of glory, decided it would be a good idea to leave an impact by deleting the Twitter account of a closely watched, if not hugely divisive, user.

This is a worst-case scenario for a company like Twitter, of course. And it was one, according to The New York Times, that was created by a contractor.

That’s a scary situation, and one that could put that contractor into legal jeopardy, even as some folks express their desire to give the anonymous contractor a high-five or eight. (Twitter is strange sometimes.)

It’s also a reminder—not one considered by many—that our social networks technically have the ability to dig deep into our accounts. Wired, for example, notes that customer-service people have the ability to do a lot of things with our accounts.

“These teams can remove tweets that violate Twitter’s terms of service and also have the ability to reset an email address associated with an account,” the magazine’s Issie Lapowsky wrote on Friday. “That means they could, in theory, delete a message from the president they don’t like or create a new address to change the account’s password and tweet from it. Resetting a verified account would, however, trigger an email to the president’s original email address notifying him of the change and set off a flag for review at Twitter.”

To outsiders, it may sound alarming that social networks have this much access to your accounts. Of course, there’s a reason for a customer-service rep to have such a high level of access. Meaghan O’Connell, writing for Slate, suggested that there’s no reason that we should express surprise that this power exists.

“Being surprised by this is like being surprised that the bank teller you bring your deposit slip to can see the last few transactions in your account,” she writes. “They need this information to help you, which is their job.”

Still, it may not make you feel any better to know the problem is there.

Who Accesses Your Data?

If you’re an association executive reading this, you might find the hair on the back of your neck going up, because Twitter’s circumstances in this case sound very much like your own.

Your vendors are in this very same position—with access to important information that could, given the wrong motivation, threaten the organization.

Associations use a lot of contractors, a lot of third-party employees who put out work under the name of the organizational body. They may run your IT infrastructure, write on your website, or even manage your social media accounts. It’s a fact of life in the world of vendors—as more links to the chain are added, it inevitably creates more breaking points.

And if something goes wrong—an errant tweet, a user locked out of an account, someone misusing the member contact info in your database—discovering the root cause of the problem can be a major challenge.

The Role Culture Plays

Clearly, the solution to something like this is strong policy, thoughtful security, and (in the case of vendors) strong contracts. But I think there’s also an issue of respect at play as well—respect for the importance of the unsung role of the customer-service person.

In the case of Twitter, the real issue here might be culture. The fact of the matter is, a customer-support person at Twitter may secretly have one of the hardest jobs at the entire company. They’re the ones stuck trying to deal with the company’s staggering abuse and moderation problems, trying to deal with changing policies, and all that. But despite this important role, they’re treated as much less valuable than the company’s engineers that keep the network running and build new features, creating a situation where a dumb stunt might seem attractive.

“Imagine it. You make $40,000-$60,000 a year and you spend 10 hours a day fielding messages from the angry, the frustrated, the clueless,” Slate writer O’Connell explained of the dichotomy, which is common at other Silicon Valley companies. “People who are thwarted, being harassed, or want to interview your boss for their undergraduate thesis. Your so-called ‘teammates’ on the technical side make five times as much as you and are respected accordingly.”

I’m not saying that the blame for this falls squarely on Twitter’s leadership—the user who did the deed is ultimately at fault—but I do think that it highlights how cultural problems can spiral out of control if they’re minimized within parts of an organization. If a lower-level customer-support person doesn’t feel respected, they’re more likely to act out.

That’s especially a problem as technology makes acting out pack a bigger punch. It’s easier to do digital damage than, say, knock over a wastebasket out of frustration.

I think there’s much to be said about creating a climate where a person doesn’t feel they have to act out, because their concerns and frustrations are being heard. But relationships with people who work for you—whether they’re in your building or across the country—deserve consideration, because respect yields trust, and a lack of respect creates problems way beyond what the tech can do.

Your vendors, your contractors, your freelancers, and maybe even your interns might have their fingers on things that can cause real problems. Give them the motivation to do the right thing.

(cybrain/iStock/Getty Images Plus)

Ernie Smith

By Ernie Smith

Ernie Smith is a former senior editor for Associations Now. MORE

Got an article tip for us? Contact us and let us know!