Social media security threats can affect businesses of any size in any industry. In order to protect your brand, you need to be aware of the different types of security threats in your social media channels and know what you can do to mitigate the risks.

If your brand is active on social in any capacity, then being aware of security threats and risks needs to be a priority.

Social media security threats can affect businesses of any size in any industry. In order to protect your brand, you need to be aware of the different types of security threats in your social media channels and know what you can do to mitigate the risks.

When’s the last time you changed your social media passwords, updated your social media crisis plan or hosted a social media training event for your employees? Cybercrime continues to rise year on year, and social media has become a soft target for tech savvy criminals.

In 2016, Cybercrime cost the economy over $450 billion and approximately 22% of all social media users have been the victim of a security related incident. This is a major concern for brands who use social media every day to market themselves, provide customer service and build customer loyalty.

Before we work through the list of top risks, it is important to keep in mind that whilst you may have a business account, often platforms require a personal account to manage that business (like Facebook and LinkedIn) – so if an employee’s personal account becomes compromised the hacker can gain access to the businesses account as well.

So, what are the top social media security threats and risks affecting brands today? And more importantly, how can your business start to look out for, and prevent social media security breaches and attacks?
 

Phishing Scams

A phishing scam is when an individual or group attempts to obtain sensitive information by disgusting as another entity online. These scams usually involve acquiring someone’s username, password and credit card details.

There are several different methods used to attempt to obtain this information. The scammer may contact an individual or business on social media pretending to be a trustworthy, authoritative figure. They then claim there has been some sort of unauthorised or suspicious activity on their account and ask to verify their details for security reasons or in some cases just ask them to complete a survey which requires them to login to access it. These alerts and messages often seem genuine, with professional branding and logos.

These scams are a major threat facing brands today. And the attackers are not just targeting the brands themselves but also the employees who manage the brands’ social accounts. Employees who manage their company’s social accounts or work for a digital agency need to be aware of these scams and the different ways they can appear online. This leads us to the second top security risk.
 

Employee Error

Recent industry reports have found that 90% of all cyber-attacks are successfully executed with information taken from unaware employees. This involves employees falling victim to phishing scams but also covers a number of other behaviours.
These include;
  • Failing to change passwords often or not using complex enough passwords
  • Sharing login information insecurely or with unauthorised individuals
  • Accidentally posting or sharing on brand’s social accounts
  • Being unaware of inactive accounts that exist on social
  • Disgruntled ex-employees
The reason that so many companies are falling victim to cybercrime and threats is because they fail to address employee or human error as a potential security risk. Companies are increasingly taking measures to mitigate security risks by installing the latest security software and looking out for major scams, but they fail to adequately mitigate risks around human error.

The best way to prevent security threats that result from employee error is to document a social media policy with clear guidelines that employees must follow. This policy may include guidelines such as;
  • Changing passwords regularly (every 3 months)
  • Using long complex passwords with a combination of letters, numbers and characters
  • Never open an email or message if you are unaware or unsure of the source
  • Never log in to a system from a link in an email, always directly type the URL into the browser
  • Never share passwords without permission
  • Keep passwords secure using a password protection tool where each user has a unique password so that their access can be easily removed if they depart the organisation
As well as creating an employee policy for social media use, companies should also follow this with investing in social media training for employees. In-house training gives managers the chance to inform employees of the latest security threats and what they need to look out for. It also gives employees the chance to ask questions and address any concerns they may have.
 

Privacy & Account Settings

While updating privacy settings may seem like a simple no-brainer, many businesses neglect their social media privacy settings. They also forget to consider their employees’ privacy settings as well. Employees who have social accounts for work or use their accounts to manage brands need to manage their privacy settings too. This should be written as part of a social media policy that includes privacy guidelines that each employee must adhere to. Not managing these privacy settings can leave your brand vulnerable to account hacks and takeovers. These attackers can take control of various social accounts and post maliciously on channels, communicate with a brand’s audience and customers and cause long term, and sometimes irrecuperable damage.

Another related issue is account settings. A brand’s social channels are usually managed by several contributors, either in-house or external. While giving all employees the same levels of access and permissions may seem time saving and convenient, this can open a number of online risks. For example, an intern who is learning different tools should not be given the same access as a digital marketing manager. This may lead to accidental posts or changes that can compromise the account.

These account settings cannot be looked at once and then forgotten about. They need to be reviewed and adjusted based on changes in the business. An ex-employee should not have access to social channels once they leave the business.  Account audits should be performed regularly to ensure all accounts, users and settings are updated and reflect the business’s current situation.
This includes;
  • Taking an inventory of all official and unofficial profiles
  • Looking at each individual employee and only giving them access/permission to accounts that are relevant to them
  • Deleting any extraneous accounts or remove permissions when required
  • Ensuring that this audit is done at least every quarter
In today’s social world, keeping a brand secure online is more important than ever. In order to mitigate security risks, you need to be aware of which threats to look out for, and implement effective checks and balances to protect your brand.
 

You may also like

The basics of eCommerce and marketing your business online

eCommerce is the process of selling products in an online environment. More and more businesses are gearing their operations towards the web, in order to reduce overheads and target their products overseas. Andrew (Managing Partner) from Revium addressed attendees at the 2008 Australian Olive Expo held in Canberra, on solutions and options for eCommerce.

Keep Reading

What Digital Transformation means to Revium

'Digital Transformation' was one of the CMO and CTO buzz topics of 2015 and into 2016. It's a difficult concept to define but this article aims to explain what the concept means to Revium. Digital Transformation is about making a significant change in the way an organisation uses technology to redefine the way they do business.

Keep Reading

Newsletter sign up

Every couple of months we send out an update on what's been happening around our office and the web. Sign up and see what you think. And of course, we never spam.