It's no secret that social media has become a major risk concern for corporations. According to a report by SentinelOne, over 80% of hacked companies reported that the attack entry points were from phishing emails and social media. Creating strong governance practices is essential to managing these social media security risks. Your brand reputation, data protection, and sales demand it!
As in any governance practice, it is helpful to gain an understanding of the potential threats. This is the only way that you can prevent, or at least, mitigate the attacks.
In this post, we highlight seven of the most common social media security issues.
Social Media Security Issues
There are many security risks that target social media. For a little more information on how easy it is to create a social media security risk take a look at this article in The Next Web.To get more insight into this area, be sure to talk with your IT department. In fact, an IT representative should be on your Social Media Governance Team and should be bringing these to your attention.
Here we have listed seven common security issues:
- Ransomware and Virus Attacks
Ransomware describes a variety of malicious software that block access to a computer system until a sum of money (a ransom) is paid. A good example of this is the WannaCry global attack this past May.
Your business’ social media accounts can be used in two main ways for a ransomware attack:
First, a bad actor can capture personal details from social media accounts for the managers (such as their name, location, job description, etc.). Then this information could be incorporated into a fake email asking people to click on a link or download a file. Because the information in the email is accurate, recipients may be mislead into believing the email is safe and then they click a link and download the ransomware.
While we’ll discuss hacked accounts more in the next section, if your business’ social media account gets compromised, ransomware could be distributed through private messages or through posts. The ransomware then gets sent out to your followers and because it’s coming from a verified business account, it’s seen as trustworthy.
In both of these scenarios, customers will associate the malicious software with your company, your brand.
Work with your IT Department to install antivirus software and perform updates.
- Hacked Accounts
When your account access is compromised (via social engineering, DNS spoofing or phishing, your brand can help hackers initiate any one of these security attacks (ransomware, brand impersonation, stolen passwords and shared user data).
While business accounts are different than personal accounts, just to give you some scale, nearly two in three U.S. adults who have personal social media profiles say they are aware that their accounts have been hacked. With this alarming rate of personal accounts becoming compromised, business accounts have to be more conscious of their social media security so they don’t fall victim to the same fate.
- Phishing & Brand Impersonation
Phishing typically involves setting up a website that resembles that of the company whose customers are targeted as part of the phishing attack. The idea is to convince the individuals that the website belongs to the trusted company, such as the person’s bank, so that the victim reveals sensitive information (such as login credentials, credit card information, etc.).
When individuals set up social media accounts or websites posing as your brand, they are representing themselves as your company. This can set your customers up to purchase counterfeit products, or to receive ransomware. Regardless of the bad-actor’s intent, it will create customer confusion when they try to interact with your brand through a malicious website.
Part of your governance process should include a Discovery system to find these counterfeit accounts. Once found, send them to your Legal department to begin Cease and Desist procedures.
- Stolen Passwords
One of the simplest but mostly costly security issues is stolen social media account passwords. If someone uses a stolen password to log in and change the company accounts, this creates a major hassle for your company while you try to manage a PR crisis and revert your accounts back to their original state. A hacker with malicious intent can do a lot of damage (i.e. sending customers links to ransomware) while you are trying to prove ownership of the account and reset the password.
This can also become a problem if an employee’s personal password gets stolen where they have access to company social media accounts. Suddenly, getting into someone’s personal Facebook page could give a hacker access to change your company Facebook page. With 3 out of 4 people using duplicate passwords, many of which have not been changed in five years or more, these same issues can arise (ransomware, changing information, deleting accounts, etc).
- Uncontrolled User Access
Many companies share credentials between social media managers, agencies, and consultants. This is not a good practice for security.
Consider using a password system so you can grant access to managing the accounts without sharing the actual credentials with multiple parties. This maintains the integrity of the credentials and keeps control of credential changes with the governance team.
- Connected Apps
Most companies have applications that are connected to their social media accounts. These may include your listening system, your publishing system, your analytics system, etc. Know that other applications can be in-roads to access, so understanding the security practices around your connected apps is critical.
Be sure to include a governance policy that employees can not connect applications to social accounts that are not approved by the corporate social media governance team.
- Employee Education
Finally, the best security practice you can have is the complete and diligent training of employees who have access to your social media accounts. There should be strict guidelines of what the employee can and cannot do. For example:
- Don't click on ads,
- Don't share passwords,
- Don't engage with suspicious posts,
- Don't accept friend requests from accounts/people you don;t know or you haven’t vetted. (this allows access to business people from fake sites),
- Don't use social media on public WiFi systems,
- Do change passwords often and use a password locker for global team access.
The Bottom Line
Social media can be an effective and profitable way to engage customers and build communities — but only if the risks are identified, mitigated, managed and monitored as part of a comprehensive social media governance plan. To learn more, download our free eBook “The Social Media Governance Plan” and discover the top corporate risk factors that keep CEOs awake at night, and why social media is an inroad to trigger these risks. Then you’ll learn the 12 steps it takes to create a solid Social Media Governance Plan for your company.