Image courtesy of ZoneAlarm
With ad revenues generated from social media expected to exceed $35 billion in 2017, and the number of active users to over 2 billion, there has never been greater incentive to hackers, scammers and other rather unsavoury folk to look for ways exploit your business on social media. A fact backed up by ScamWatch stating that the number of scams reported on social media reached 155 034 in 2016.
In this article I will take a look at the top 4 security risks your business faces on social media today and why it is imperative that you address them sooner rather than later.
1. Scams
Very imaginative people are tasking themselves with thinking of different ways to try and scam your business and its employees, as a result there are always new and creative scams hitting social media. Usually all of these scams have the same ultimate objective, to get you to hand over private information from which they can profit.
The main social media platforms like Facebook, Twitter and Instagram are generally very secure; the issue is that we humans are not so resilient. For this reason most of the scams on social media use something called social engineering. TechTarget define social engineering as: "an attack vector that relies heavily on human interaction and often involves tricking people into breaking normal security procedures". This deception is only made easier by the large amounts of personal information that is available on social media, it is a lot easier to trust someone if they know significant amounts of information about you or your business.
Although the major platforms are getting better at detecting and removing malicious content, scams still slip through the net. For example, during 2016 a scam hit Facebook in which new profiles were created that were exact copies of real user’s accounts. Once created, the scammers would set about inviting the cloned user’s real friends to the fake account, after building their friend list they would post malicious posts or even message their 'friends' asking for money or other information.
2. Malicious apps and software
Malicious software in particular has been in the news lately, due to the latest version of the WannaCry ransom ware causing chaos by infecting NHS computers and servers.
In addition to desktop software, malicious mobile apps have become common place. In fact, Google regularly removes malicious Android apps from their Google Play store, with over 130 being removed in March this year alone.
The latest game or photo app you downloaded could be doing more than just occupying you on the train or making your photo’s look fancy, it could also be helping itself to your personal information. I don’t mean to scare you into deleting all of the apps on your phone, however a bit more diligence when choosing which apps to download would be a good idea, in particular when downloading apps that connect with your social media accounts.
For the everyday user this does not pose too much of an issue, however if you have your business’s social media accounts linked to your mobile, it could potentially cause you serious problems. You would not want just anyone being able to post from and change the settings of your business's social media pages.
3. Not having a social media policy
If your first thought when reading the title of this section was “what an earth is a social media policy”, pay close attention to what I have to say, by not having a social media policy in place you could be inviting disaster. A social media policy is: “A code of conduct that provides guidelines for employees who post content online either as part of their job description or personal brand” (SproutSocial). Your social media policy should cover a range of topics, including;
- The goals and objectives of your business on social media
- Who can use the company’s social media accounts
- What can be said (and what cannot) on social media
- Employee use of personal social media at the office
- Smartphone app use
- Customer engagement guidelines, for example how to handle criticism (Click here to see Aaron’s recent blog on this topic).
Not having a clear social media policy leaves room for interpretation in what should be posted on your businesses social media pages, as well as making it difficult to inform employees of the best practises when it comes to social media security. A social media policy is not something to create then leave in a draw for a rainy day, if created correctly it should form the basis for training new employees on the company’s social media.
The best approach to take is to have your business’s social media co-ordinated by one person whom is also responsible for keeping the social media policy up-to-date. This means hiring or designating a social media manager, who has oversight of all of the businesses activities on social media and can prevent potentially damaging content being posted.
4. Untrained employees and human error
Following on from not having a social media policy in place, untrained employees or employees that are simply not paying attention can be very damaging to your business. As I mentioned earlier, the biggest vulnerability to any system is, and has always been the human one.
US Airways discovered this in 2014 when an employee posted an X-rated image to the company’s Twitter feed. The company managed to escape the scandal relatively unscathed however had to fend off tough media coverage for weeks after the incident. This is a perfect example of where human error can easily put a business in a very difficult situation.
Adequate training of the employees that handle your business’s social media can reduce the chance of these types of events taking place. However due to human nature this will never be completely removed as long as we are using people to run our social media accounts.
If you are wondering what your employee training should cover, these topics are a good place to start; the dangers of using social media for anything confidential, clicking on strange links, accepting friend requests from people you don’t know, leaving accounts unmonitored and using apps that are not created and distributed by trusted companies. Employees also need to know how to use each site’s security and privacy features so they can lock down or remove any information they don't want to be publicly available.
In closing
This blog post is by no means a comprehensive list of all of the security risks facing your business on social media. However, it is a good insight into the risks that you should address as a priority. Although in this article I have tried to focus the social media specific threats to your business’s security, it goes without saying that it is also important to ensure that you address general security risks, such as using poor passwords for your accounts.
If a lot of the points I have covered have been new to you, start by getting a social media policy in place that address all of the above and you will be in a much better position.
I would love to know your thoughts on this article as well as what you think the other major security risks from social media are, let me know in the comments!
George Rudge - Social 365