There is nothing like a social network hack to remind us all that the social media security concerns touted by IT and Risk departments are not only valid but critical. While this recent Twitter hack attacked mainly high-profile verified personal accounts, it is certainly a reminder that security threats exist for corporations. In fact, the larger the digital footprint is for a company, the greater the social media security concern. For marketers and digital governance professionals, these risks are known and we do our best to manage them. Managing governance for a large digital footprint has always had its challenges; and managing social media governance from home adds even more security risks!
A large connected digital footprint is like a beautifully set-up domino display; but once one domino tips over, a cascade of tumbling pieces ensues. Like the dominos, if one corporate account or page is hacked, it can set-up a chain of events via the other connected accounts. The bad actors may gain access to customers for phishing, may post to the company's pages, or gain access to the credentials of other pages for future plans. All of these events cause damage to the company and potentially long-term brand reputation damage.
However, most companies with a significant social media footprint have decent social media security processes. Mainly, this involves limiting access to credentials to few people, creating and storing credentials in a system, changing passwords regularly, and limiting direct access from a personal account. Additionally, a corporation's IT department has set-up the corporate firewall to manage other system attacks via the web. These security practices either prevent a hack or can stop the progression of a hack once started (like stopping the next domino from tipping over).
Enter the pandemic and working from home.
For those of us who are fortunate to be working, we are still mainly working from home. Some companies already had a work-from-home technical policy to secure corporate work, but most did not. In fact, most people have simply made due the best they can with what they have. And this is where current social media risk concerns have really escalated.
What are some of these social media security concerns? Several of the cybersecurity challenges of working from home are highlighted in this CNN Business article. They include things like people using personal instead of work computers, not using anti-virus software, mixing device use between family members, and more. It appears that the Twitter hacker targeted an employee's administrative access to those accounts hacked, and I do wonder if this avenue was more accessible because an employee's security practices from home were relaxed. (Twitter did not share their work-from-home technical policy so it is unclear if working from home was the issue.)
It is important to consider what you need to do to up your security practice at home. This will not only protect your company but will protect you and your family as well. You might be saying, "but I'm pretty safe in how I conduct my business activity". That's what we wish to believe, but if that were true, cybercrime wouldn't be at a $6 trillion dollar annual projection. We also know that cyber-attacks via social media have been on the rise the past several years and current world events of the pandemic, the economy, and elections offer plenty of material for bad actors to attract new interest. All it takes is just one click — yes, it is still the case that 99% of cyberattacks require a human to click something!
Take this opportunity to refresh your education on the topic. And then share that education with your team. Staying on top of social media security concerns and educating employees is an ongoing, but necessary, challenge. We wrote about it in the post 6 EmployeeTraining Requirements for Corporate Social Media Security. These key items still apply:
- Don't click on ads.
- Don't share passwords..
- Don't engage with suspicious posts.
- Don't accept friend requests from accounts/people you don't know or you haven’t vetted. Pay very close attention if it appears the CEO, President or VPs are attempting to connect with you. (This is a common hacker ploy to get you to accept the connection and then they hack into the corporate accounts via your credential connection).
- Don't accept duplicate friend requests.
- Don't use social media on public WiFi systems (unless you know you are running over a VPN),
- Do change passwords often and use a password locker for global team access.
- If you have corporate publishing tools, do not post natively to social media.
To ensure that you weather the current stay-at-home conditions without any cybersecurity event (personally or professionally), it is a good time to step up social media governance and:
- Secure your computer (and all devices).
- Secure access to corporate records.
- Secure access to corporate social media.
- Limit credential access to corporate social media.
- Limit App access to corporate social media.
- Set privacy/security items on personal social media.
- Don't click on unknown Message links.
We also encourage you to follow your corporate technology protocol for working from home, or reach out to your IT department if you need guidance.
If you want to learn best-in-class social media governance and security processes, just download our Social Media Governance Plan e-book.