Over the last decade, social media has quickly become a prominent way for businesses to advertise, communicate, and educate. On the flip side, it can be a huge risk for those businesses that cannot keep up with the ever changing tools and trends in privacy, security, and marketing. We often see businesses and even public figures falling prey to social engineering scams, ransomware, hacking, and a multitude of other cyber risks. Luckily, with some planning and diligence, mitigating these risks can be quite simple. Below are examples of some threats as well as solutions you can implement now that will help protect your business from some of the most prevalent social media threats.
Threat: Human error – People make mistakes. They accidentally click a “bad” link, visit a website they aren’t supposed to or share information without realizing with whom they are sharing it. The truth is, “people” are, possibly, the largest element of a cyber-risk to which an organization may be exposed. Social Media accounts may be used to mine personal information that can be used against someone in a social engineering scam, which can lead to malware and ransomware attacks.
Solution: Schedule regular awareness training with your staff. If you don’t have a specialist on the team, bring someone in or use an online resource. Emphasize the importance of slowing down to read messages and posts they receive, often employees are quick to reply and miss essential clues that are indicative of a fraudulent message. Giving your team the chance to learn social media best practices is one of the most effective ways to mitigate this risk. Encourage them to share anything they notice that may be a threat on social media. If they receive a phishing message, ask them to share a screenshot with the whole team, that way everyone internally stays alert and active in reducing risk.
Threat: Old and Weak Passwords – Login information is critical to the safety and security of the accounts your business uses. Unsecured passwords are often the cause of many breaches including hacked and stolen social media accounts.
Solution: Your business should implement guidelines on the upkeep of passwords. It is recommended that you change your passwords to new and diverse ones every 60-120 days. Do not use the same password across multiple accounts. New passwords should be eight (8) or more characters long, and include varying numbers and special characters.
Threat: Hacking and unused social media accounts – Social media hackers are becoming progressively efficient and sophisticated. Notably gaining access to various celebrity accounts, even that of Facebook CEO Mark Zuckerberg, and advertising accounts such as that of HBO. Once a hacker gains access to your idle account, he or she will be able to use it to spam your friends list, send fraudulent messages, and access your inner circle.
Solution: Deactivate idle accounts and monitor your company’s active social media accounts. Put someone in charge who will maintain the account and recognize any suspicious activity. Simply logging in daily and changing the password on a reasonable schedule should do the job and deter potential hackers.
Threat: Unsecured Mobile Phones – Do you view your social media accounts on your mobile phone? Do your employees also view their social media accounts on their mobile phones? There may be sensitive information, like passwords on these devices that will, certainly, be exposed if these devices are lost or stolen.
Solution: Speak to your IT department about implementing a Mobile Device Management solution that can wipe company and even personal data as soon as a phone compromised. Another option is implementing Two-Factor Authentication, which will prompt users to verify their identity when logging into a social media account. Reassure your team members that it is okay to report lost or stolen mobile device without repercussions, so that the device can be wiped or locked as soon as possible.
Protect your organization from future claims by having an Acceptable Use Policy that is clear and covers all of you bases when it comes to mobile devices and social media platforms.
Unfortunately, even with careful planning and employee awareness, “things happen”. It is important to have a business continuity/disaster recovery plan respond when something does occur. A Cyber insurance policy that will respond properly to an event is an equally critical component of any cyber risk mitigation plan.
If you have any questions relating to this risk or need help with any risk related issues, please contact Jon Edwards, Partner, Cyber Risk Advisory, at 732-395-4281 or jedwards@thealsgroup.com.