Social media is the most powerful marketing and communications tool available. For a fraction of the cost of traditional marketing tactics it allows companies to reach and engage with established and potential customers. A growing number of companies are now using Facebook, Twitter, and LinkedIn to post content in order to engage with customers and as a result, the number of social media experts being hired within these companies is increasing as well. Social media usage is growing at a rapid pace and the security risks are growing with it. Generally, social media sites are monitored by a marketing or brand team instead of IT which has resulted in an increased need for a social media security solution that will not only secure social networks but also keep social media a low cost marketing platform.
The adoption of social media by global brands has attracted cyber hackers who conduct attacks for financial and disruptive purposes. In order to secure and govern existing online platforms, IT professionals have implemented a series of key technologies such as spam, antivirus, malware and URL filters. Overtime, they have also added application controls, government risk and compliance technologies (GRC), data loss prevention (DLP), and other broader technologies to protect these collaboration channels. Although advances in security have been made, social media sites such as Facebook, Twitter, and LinkedIn are still ripe for hackers to exploit due to the lack of control that otherwise is found in existing infrastructure behind the firewall.
The Security Shortfalls of Social Media
The majority of companies are now aware of the benefits of social media, however many fail to comprehend the serious vulnerabilities and security risk they create for their brand when they use social media. Furthermore, even fewer companies know how to properly and safely address these social media security issues.
The most common social media attacks are phishing, baiting, and clickjacking which use seemingly innocent posts to encourage a social media user to click on a harmful link. Once a user clicks on one of these links, a malicious code known as malware will automatically download onto the computer, and attempt to steal sensitive information. These types of attacks have become so sophisticated that it is virtually impossible to distinguish a malware post from a normal social media post. If sensitive data becomes compromised and falls into the wrong hands, it could be catastrophic for any business.
The government has also been a victim of these attacks and as a result, is actively trying to educate corporations on the need for social media security. The FBI Counterintelligence unit has put together a comprehensive list of common social media security concerns that have been cataloged to date.
Spearphising and Social Media Engineering
Since social media provides hackers with specific details about a company and its employees, they can use this information to put together a targeted spearphising campaign. A spearphising attack is socially engineered and thrives on familiarity by using a person’s name, email address, and other information captured from social media profiles to get a user to voluntarily hand over sensitive information such as credit card numbers, social security numbers and financial information. These attacks typically come from a familiar source such as an email from a friend or a company asking about an online purchase recently made. By referencing explicit details mined from social media accounts, hackers are armed with private information that makes their request for sensitive information much more plausible. This personal communication combined with social engineering is lethal and often exploited by hackers.
Protecting Yourself from Attacks
There are two main steps that all companies need to take in order to improve security on social media platforms and protect against attacks.
The first step is for all companies to implement a social media security policy and a process to enforce this policy. This will require training employees on how to safely utilize their social media accounts. By having a social media security policy in place, the company is acknowledging a very real risk which in turn, will encourage employees to follow security measures and precautions as well as to be more aware of what they are posting on various social media platforms.
In addition to a social media security policy, all companies should also have a social media security tool in place. The volume of posts, tweets, likes, and shares requires a software that can scan and process information quickly and effectively. Employee awareness of social media security policies and processes combined with a social media security software is the only way to ensure a company will be fully protected against social media hackers and attacks.
To learn more about the security tools that will keep your business and its social media accounts safe from hackers and attacks, please contact us and speak with one of our social media security professionals.