With the gradual shift to social media and the increased use of social media tools for business communications, over the past decade, and more than ever in times like this, where social tools have taken over entire business communications and ensured that they don’t come to a standstill, the importance of social media tools is now more than ever.
While the benefits of social media to propagate businesses are evident, there are risks that come with it. According to the latest EY Global Information Security Survey, 59% of organizations have had a “material or significant incident” in the past 12 months.
When you first think of social media threats, what most people picture are trolls, fake accounts, and fake followers via purchased services, or maybe the “fake news” accusations flying about everywhere.
What is often overlooked in social media security, though, is how it can be used to harm organizations and their customers via threats such as brand impersonation, fake corporate accounts, and phishing or ID theft scams that are often run freely via social media platforms.
In today’s times, Social media accounts tell your story to the entire world and can be devastating for your image in the wrong hands We’ve often seen hackers taking over Twitter accounts of media outlets and large corporations, using them for anything from basic spam to drawing attention to global issues. Your own accounts might seem too small to tempt scammers, but even with just a few followers, your information is a valuable commodity.
The human element is a company’s greatest security vulnerability. Conversely, there is human activity online that is masked as a typical social media activity. This is often where a high level of social engineering is at work, as criminals enact all manner of virtual scams and schemes aiming to harvest personal data or financial info for their profit.
If your business relies on social media( whose doesn’t btw?), you must be able to protect yourself against the common social media security threats out there. Making your online identity and activities more secure really doesn’t take too much effort at all.
Here are the most common security risks out there:
Unattended social media accounts
It is always a great idea to reserve a common brand handle across all social media platforms like Instagram, Facebook, Twitter, and LinkedIn, even if you don’t plan to focus on all of them right away. This ensures a consistent online presence across all networks, making it easy for people to find you and remove any shred of confusion.
But what’s important is that you do not ignore the accounts you don’t use primarily or the one’s that you have discontinued using as unmonitored social accounts could be a target for hackers, who could start posting fraudulent messages using your name. In case they gain control of one of your accounts, hackers can send anything. This could include, but not limited to false information that could be detrimental to your business and brand image, or virus-riddled links that could cause problems for your followers. These won’t even catch your eye until your customers start reaching out for help, but that might already be too late.
Human Error
To err is human.. In the world today, with such ready access to social media, it is very easy for an employee to accidentally expose their company threats or even something unrelated or personal online. In fact, according to the EY Global Information Security Survey, “employee weakness” was responsible for 20% of cyberattacks.
Something as simple as clicking on a wrong link or downloading suspicious files could wreak havoc and cause irreparable damage.
The “what is your GOT character” and 10-year-challenge posts might seem like harmless fun. But many are specifically spread so that they can actually provide scammers with information commonly used to hack passwords.
Vulnerable third-party apps
Locking down your own social accounts is a great measure. But does not always stop hackers from gaining access to secure social media through vulnerabilities in connected third-party apps
Hackers recently accessed Twitter accounts associated with the International Olympics Committee by getting in through a third-party analytics app. FC Barcelona was a victim of the same hack.
FC Barcelona’s Twitter accounts have been hacked, which is why messages from outside our club have appeared, and which have been reported and deleted. The tweets were made through a third-party tool for data analytics.
— FC Barcelona (from 🏠) (@FCBarcelona) February 15, 2020
FC Barcelona will conduct a cybersecurity audit and will review all protocols and links with third party tools, in order to avoid such incidents and to guarantee the best service to our members and fans. We apologise for any inconvenience this situation may have caused.
— FC Barcelona (from 🏠) (@FCBarcelona) February 15, 2020
Phishing attacks and scams
Phishing scams on social media information are one of the most common and biggest security risks. In a phishing scam, the goal is to get you or your employees to hand over passwords, banking details, or other private information.
Most common phishing scams involve fake coupons for big-name brands like Costco, Starbucks, and Bath & Body Works. Especially popular on Facebook, you have to hand over personal information like your address and birth date, to claim coupons.
@bathbodyworks Friends are spreading a post on @Facebook from AYUDABATH . COM saying:
Báth & Body Works has announced that everyone who sháres this link will receive a $100 coupon! TODAY ONLY.That’s the way it appears, with all the weird accents.
True? Or false?— 💙 Depoetic (@Depoetic) April 17, 2020
We’re sorry for any confusion as we’re in no way affiliated with the social account or giveaways mentioned. We always recommend exercising caution if asked for any of your personal information online. We invite you to follow our verified social profiles for our promotions!
— Bath & Body Works (@bathbodyworks) April 17, 2020
Some scammers take it to the next level, asking for banking information and passwords. The Singapore Police Force recently issued a warning about this type of scam. New variations include hashtags related to government programs for COVID-19 relief.
https://www.facebook.com/singaporepoliceforce/posts/10159667274254408
Imposter accounts
It’s relatively easy for an imposter to create a social media account that looks like it belongs to your company. Impostor accounts aim to target your unsuspecting customers or potential recruits. When your connections are tricked into handing over confidential information, your reputation suffers.
Imposter accounts may also try to con employees into handing over login credentials for corporate systems. Another type of imposter scam targets brands hoping to work with influencers. In this scam, someone impersonating a social media personality with a high following reaches out and asks for free products. Working with real influencers can be a valuable marketing strategy. But it’s important to verify that you’re dealing with the real person rather than an imposter.
Unsecured mobile phones
Mobile devices, especially taking current times into consideration account for more than half the time we spend online. They make it easy to access social media accounts with just one tap.
That’s great as long as your phone stays in your own hands. But if your phone, or an employee’s phone, is lost or stolen, that one-tap access makes it that much easier for an imposter to access social accounts. They can then message all of your connections with phishing or malware attacks.
Social media security tips
1. Create a social media policy
If your business is using social media,or getting ready to, you must establish a social media policy and ensure it is communicated across your whole organization. These basically are guidelines that specifically outlines how your organization as a whole and individual employees should conduct themselves when engaging in social media activity of any sort.
Your social media policy should include:
- Brand guidelines that explain how to talk about your company on social media
- Rules related to confidentiality and personal social media use
- Social media activities to avoid, like Facebook quizzes that ask for personal information
- Which departments or team members are responsible for each social media account
- Guidelines related to copyright and confidentiality
- Guidelines on how to create an effective password and how often to change passwords
- Expectations for keeping software and devices updated
- How to identify and avoid scams, attacks, and other security threats
- Who to notify and how to respond if a social media security concern arises
2. Staff training on social media security issues
Even the best social media policy won’t protect an organization if its employees don’t follow it. Your policy should be easy to understand and specific training must be conducted for all employees and new hires so as to get a chance to engage, ask questions, and get a sense of how important it is to follow.
These training sessions also present an opportunity to review the latest threats on social media. You can talk about whether there are any sections of the policy that need updating.
When employees understand best practices, they feel confident using social media for their work. They’re then well-equipped to use social media for both personal and professional purposes.
3. Limited access to enhance social media data security
Limiting access to your social media accounts is the best way of reducing the probability of human error. Your main focus might be threats coming from outside, but employees within your organization are a significant source of data breaches.
You might have entire teams of people working on social media messaging, post creation, or customer service. But that certainly doesn’t require everyone to know the passwords to your social accounts. It’s critical to have a system in place that allows you to revoke access to accounts before someone leaves your organization or switches roles.
4. Set up a system of approvals for social posts
Not everyone who works on your social accounts needs the ability to post. It’s an important defensive strategy and reduces human error further by limiting the number of people who can post on your accounts. Think carefully about who needs posting ability and why.
5. Have a dedicated social media manager
A key-person whose sole responsibility is to be the eyes and ears of your social presence can go a long way towards mitigating risks. This person should:
- Own your social media policy
- Monitor your brand’s social presence
- Determine who has publishing access
- Be a key player in the development of your social media marketing strategy
6. Set up an early warning system with social media security monitoring tools
As mentioned early on, unattended social accounts are honey-pots for hacking. All of your social media channels must be regularly monitored. That includes the ones you use every day and the ones you’ve registered but never used.
Assign someone to check that all the posts on your accounts are legitimate. Cross-referencing your posts against your social media calendar is a great place to start. Follow up on anything unexpected. Even if posts seem legitimate, it’s worth cross-checking whether it matches your content plan. It may be a simple human error or a sign that someone has gained access to your accounts and is testing the water before posting something more malicious.
You also need to watch for:
- Imposter accounts
- Inappropriate mentions of your brand by employees
- Inappropriate mentions of your brand by anyone else associated with the company
- Negative conversations about your brand
7. Regularly check for new social media security issues
Social media security threats are constantly changing and since social media platforms are continuously working towards making their platforms more secure,hackers are always coming up with new strategies, and new scams and viruses can emerge at any time.
Regular Social media audits(contact us to know more) will help keep you ahead of the bad actors.
At least once a quarter, be sure to review:
- Social network privacy settings. Social media companies routinely update their privacy settings. This can impact your account. For example, a social network might update its privacy settings to give you more precise control over how your data is used.
- Access and publishing privileges. Check who has access to your social media management platform and social accounts. Update as needed. Make sure all former employees have had their access revoked. Check for anyone who’s changed roles and no longer needs the same level of access.
- Recent social media security threats. Maintain a good relationship with your company’s IT team. They can keep you informed of any new social media security risks they become aware of. And keep an eye on the news—big hacks and major new threats will be reported in mainstream news outlets.
- Your social media policy. This policy should evolve over time. As new networks gain popularity, security best practices change and new threats emerge. A quarterly review will make sure this document remains useful and helps to keep your social accounts safe.
