Social media security threats can affect businesses of any size in any industry. In order to protect your brand, you need to be aware of the different types of security threats in your social media channels and know what you can do to mitigate the risks.If your brand is active on social in any capacity, then being aware of security threats and risks needs to be a priority.
Social media security threats can affect businesses of any size in any industry. In order to protect your brand, you need to be aware of the different types of security threats in your social media channels and know what you can do to mitigate the risks.
When’s the last time you changed your social media passwords, updated your social media crisis plan or hosted a social media training event for your employees? Cybercrime continues to rise year on year, and social media has become a soft target for tech savvy criminals.
In 2016, Cybercrime cost the economy over $450 billion and approximately 22% of all social media users have been the victim of a security related incident. This is a major concern for brands who use social media every day to market themselves, provide customer service and build customer loyalty.
Before we work through the list of top risks, it is important to keep in mind that whilst you may have a business account, often platforms require a personal account to manage that business (like Facebook and LinkedIn) – so if an employee’s personal account becomes compromised the hacker can gain access to the businesses account as well.
So, what are the top social media security threats and risks affecting brands today? And more importantly, how can your business start to look out for, and prevent social media security breaches and attacks?
Phishing ScamsA phishing scam is when an individual or group attempts to obtain sensitive information by disgusting as another entity online. These scams usually involve acquiring someone’s username, password and credit card details.
There are several different methods used to attempt to obtain this information. The scammer may contact an individual or business on social media pretending to be a trustworthy, authoritative figure. They then claim there has been some sort of unauthorised or suspicious activity on their account and ask to verify their details for security reasons or in some cases just ask them to complete a survey which requires them to login to access it. These alerts and messages often seem genuine, with professional branding and logos.
These scams are a major threat facing brands today. And the attackers are not just targeting the brands themselves but also the employees who manage the brands’ social accounts. Employees who manage their company’s social accounts or work for a digital agency need to be aware of these scams and the different ways they can appear online. This leads us to the second top security risk.
Employee ErrorRecent industry reports have found that 90% of all cyber-attacks are successfully executed with information taken from unaware employees. This involves employees falling victim to phishing scams but also covers a number of other behaviours.
- Failing to change passwords often or not using complex enough passwords
- Sharing login information insecurely or with unauthorised individuals
- Accidentally posting or sharing on brand’s social accounts
- Being unaware of inactive accounts that exist on social
- Disgruntled ex-employees
The best way to prevent security threats that result from employee error is to document a social media policy with clear guidelines that employees must follow. This policy may include guidelines such as;
- Changing passwords regularly (every 3 months)
- Using long complex passwords with a combination of letters, numbers and characters
- Never open an email or message if you are unaware or unsure of the source
- Never log in to a system from a link in an email, always directly type the URL into the browser
- Never share passwords without permission
- Keep passwords secure using a password protection tool where each user has a unique password so that their access can be easily removed if they depart the organisation
Privacy & Account SettingsWhile updating privacy settings may seem like a simple no-brainer, many businesses neglect their social media privacy settings. They also forget to consider their employees’ privacy settings as well. Employees who have social accounts for work or use their accounts to manage brands need to manage their privacy settings too. This should be written as part of a social media policy that includes privacy guidelines that each employee must adhere to. Not managing these privacy settings can leave your brand vulnerable to account hacks and takeovers. These attackers can take control of various social accounts and post maliciously on channels, communicate with a brand’s audience and customers and cause long term, and sometimes irrecuperable damage.
Another related issue is account settings. A brand’s social channels are usually managed by several contributors, either in-house or external. While giving all employees the same levels of access and permissions may seem time saving and convenient, this can open a number of online risks. For example, an intern who is learning different tools should not be given the same access as a digital marketing manager. This may lead to accidental posts or changes that can compromise the account.
These account settings cannot be looked at once and then forgotten about. They need to be reviewed and adjusted based on changes in the business. An ex-employee should not have access to social channels once they leave the business. Account audits should be performed regularly to ensure all accounts, users and settings are updated and reflect the business’s current situation.
- Taking an inventory of all official and unofficial profiles
- Looking at each individual employee and only giving them access/permission to accounts that are relevant to them
- Deleting any extraneous accounts or remove permissions when required
- Ensuring that this audit is done at least every quarter