Social Media Security Risks: Obvious, yet Effective

When considering the potential business advantages to companies, a lot of people fail to take into account the ever-increasing number of social media security risks. Yes, social media is one of the best ways to connect and engage your customers, but it does not exist in a vacuum – free from people with malicious intent.

Reportedly, during 2020 approximately 60 percent of companies reported social media related incidents. Organizations invest millions of dollars in marketing across online platforms, unconscious of the fact that there are hackers or other agents waiting for them, exploiting security loophole to damage their businesses and steal their information.

Ok, the benefits of social media are clear, but what are these security risks?

Most Common Social Media Security Risks

Even in cases where you’re not dealing with an actual hacker, there is still a myriad of ways in which security misgivings occur simply through employee activity or some specificity of the network in question.

For instance, do you know how many hidden apps are connected to your corporate social media accounts? Left unmonitored and ungoverned, each of these is a potential liability to yourself and your organization. Simply ask yourself:

• How many people could have accessed these apps?
• Who still has the credentials to access them?
• Which other apps have access to your social media accounts?

So, if you and your company are using social networks – and, let’s be honest, who isn’t nowadays, you need to be aware of social media security risks.

Unmonitored accounts

Sometimes, even if you don’t plan to use them right away, it’s not a bad idea to reserve a place on a social network by creating an account. This makes it easier for people to find you and allows you greater presence across all channels.

However, it’s of vital importance not to ignore or forget about the accounts you are not using currently. Forgotten accounts are attractive targets for people want hijack them. And once they gain control, they can do you harm in a number of ways.

They can send fraudulent messages under you company guise, spread false information or even send infected links, causing problems to your followers and brand.

Malware & Fake Links

In 2019, a group of hackers posed as the University of Cambridge on LinkedIn and targeted professionals from the oil and gas industry. Once contact was established, the hackers sent a link to a file containing malware that stole the professionals’ login credentials and other data.

And, in 2020, as many as fifteen NFL teams were targeted by a hacker group called OurMine, hacking their team accounts over a number of platforms – Facebook, Instagram, Twitter etc. More tasteless tactics include using the global pandemic, and spreading malware through links supposedly about COVID-19.

This is why suspicious links and unsolicited messages need to be included into your company’s social media policy and practices.

Employee Error

As if it was not enough for you to deal with the social media security risks listed above, an additional priority is to monitor how your employees use social media for business. According to an EY Global Information Security Study, a whopping 20 percent of all cyber-attacks happen through employee mistake.

This means that your employees need to be trained and educated on the dangers of social media and to avoid doing things like:

• Clicking on strange links
• Accepting suspicious friend requests
• Using apps made by untrustworthy developers.

Third Party Apps

So, keeping a tight check on your own and your business account is a must. But that does not alleviate the danger. Criminals may still be able to get access through faults related to connected third-party apps. Overlooking this led to the hacking of the International Olympics Committee’s and FC Barcelona’s Twitter accounts.

How does this happen?

Well, quite easy as it turns out. All it takes is for you or your employees to use your phones, tablets or computers without knowing which apps on your personal devices have access to your social media accounts.

Phishing Scams

Ah phishing, a staple of cyber-crime.

For all of you who have never gotten an email from a certain Nigerian prince, the goal of phishing is to get you or our employees to provide funds or important information – like passwords, bank account details and other private data.

Some of the most common scams of this species include getting offers of coupons for brands like Starbucks or Costco – especially via Facebook. All you have to do in order to get the coupon is to write down a bit of information. *wink *wink

The best advice we can give you to avoid falling for the scam is to accept that you are just not that lucky and that unsolicited prizes are too good to be true. Because they are.

Your Take-Away

Your security on social networks is directly dependent on how seriously you take social media security risks. A lot of people buy a device or open an account and never beyond the default settings. These are usually envisioned so as to facilitate ease of use, and not further your safety.

However, there is a certain trade-off in matters of social media security. The safer your account and the more precautions you take, the more restricted your profile becomes. You are trading traffic and visibility for security.

A good place to start working on raising your security is to put a company social media policy in place.

If your business is using social media—or getting ready to—you need a social media policy. And yet even the most well-written policy will not help you if your employees don’t abide by it. This means you have to organize trainings and educate your employees on the potential dangers of social media. That way they will have chance to ask questions and understand how important it is to follow your policy.

Finally, limit access to your social media accounts and assign a person to be the “eyes and ears” of your social media presence. And should something untoward begin to happen put in place an early warning system and monitor your social media security.