Social Media Security is a serious risk for every corporation.
Since 2011, cyber criminals have found a home on social media where they perpetuate fraud. During the past six months, CIO Insight states that cyber criminals have increased 70% (and it does not appear to be slowing down). CIO Insights also states that worldwide security breach costs will grow from $3Billion in 2015 to $6 Trillion in 2021. That's a lot of crime, and a lot of damage to your company and brand reputation!
- Some of the security risks include:
- Hacking and hijacking accounts
- Ransomware attacks
- Phishing: Impersonating brands or executives to gain an audience
- Stealing passwords to gain access to account or to other accounts associated with that person.
- Social platforms share user data
According to Cisco, Facebook scams were the most common form of malware distributed in 2015; the FBI said that social media-related events had quadrupled over the past five years; and PricewaterhouseCoopers found that more than one in eight enterprises suffered a security breach due to a social media-related cyber attack.
The first thing you must come to terms with is that social networks can’t secure their own environments, let alone yours. As much as they aim to mitigate security threats and terrorist propaganda on their platforms, they aren’t close to 100% effective. For example, Facebook reported that for 2015 up to 2% of its monthly average users—31 million accounts—are false, Twitter estimates 5%, and LinkedIn openly admitted, “We don’t have a reliable system for identifying and counting duplicate or fraudulent accounts.”
Despite this, social networks remain some of the most trusted channels online.
Nick Hayes, Forrester Analyst, in Dark Reading
Developing a security protocol as part of your Social Media Governance plan is essential. Make sure you include these 7 critical steps:
- Discovery – Which accounts, pages, channels, boards, etc. (i.e. points-of-presence or POPs) appear to be associated with or represent our business?
- Assessment – Which POPs do we want to keep and which do we want to shut down?
- Inventory – Where do we keep track of these POPs now that we’ve found them?
- Team – Who is responsible for those POPs? Who created them and/or who currently manages them?
- Access & Control – Who has the credentials to each POP and what happens when that person leaves the company? What is the process to create a new POP and get into vetting process. What is the password system and security protocol for accounts (such as forbidding social login to new accounts)?
- Compliance – Are our POPs compliant to brand, corporate or regulatory standards?
- Securing the Tool Chain – What tools are currently being used to manage the content at each POP?