Professional Insurance Programs

5 Social Media Security Risks for Businesses (and How to Avoid Them)

We’re in the midst of a malware epidemic and social media is prime breeding ground.

According to Kaspersky Lab, 310,000 new malicious files are created every day, compared to 200,000 in 2010. These include everything from cyber annoyances for consumers to sophisticated and targeted attacks on corporate social accounts—shattering both reputations and bottom lines overnight.

To give some perspective on how common these attacks are, one in five phishing scams targets Facebook. Even though 66 percent of the global population are active social media users, the problem isn’t rooted in system flaws. People are simply too careless with their social media security. For example, 28 percent of social network users don’t change their privacy settings, leaving all posts and photos public (*cringe*).

Here are the top five social media security risks for any business and tips on how to avoid a disaster.

Top 5 social media security risks for businesses

1. Not paying attention on social media

Not paying attention to your social media presence can have serious consequences. If you leave an account unmonitored and it becomes the target of a malicious attack like a virus, you won’t know if it spreads to your followers. And if your followers start receiving spammy messages from your account they will quickly lose trust and confidence in your brand.

2. Human error

Human error is the most common social media security threat. Disgruntled employees airing their dirty laundry or sharing naughty photos on company accounts are mere appetizers in a buffet of security and compliance risks (although still threatening to your reputation).

Human error often causes more severe security risks such as phishing attacks, scams, and other cyber annoyances. People unknowingly click on a phishing link, interact with a fake account, or accidently fill out a spammy form with sensitive information. Compliance issues, relevant to organizations working within regulated industries, are most often triggered by employees or customers accidently sharing confidential personal information on public forums.

3. Malicious apps

The internet is smattered with malicious software and it’s only getting worse. Spyware, for example, is any software that collects personal information or sends spammy ads without your consent. Adware tracks personal and sensitive information in much the same way. All malicious apps steal things like personal or sensitive information, passwords, and data without you knowing. Just like having street smarts, think before you click or share information.

4. Social scams and phishing attacks

Similar to malicious apps that try to collect sensitive data, phishing scams use social media to trick people into giving personal information such as banking details and passwords. Phishing attempts are up this year by 150 percent on major social networks like Facebook, Twitter, Instagram, and LinkedIn. Social scams range from fake customer service accounts or fake accounts of your friends, to spammy contests in social comments that lure you to ‘buy this’ or ‘click here.’

5. Malware attacks and hacks

There are good hackers and bad hackers. Some try to improve internet security by forcing IT departments and protection products to constantly innovate, while others hack for fun or to make a buck. Attacks can be focused and targeted, where ‘cyber gangs’ go after individual organizations with advanced malware campaigns. Other hacks come slowly, with smaller phishing efforts adding up over time. Hacks and malware attacks are the biggest security threats to businesses on social media.

Tips on how to avoid social media security risks

1. Create a social media policy

Create a social media policy and procedures to protect your company. Make sure to consult all relevant parties, whether that’s executives, IT, legal, security and compliance, or PR beforehand. Clearly define the dos and don’ts on every social channel for engagement and employee advocacy. Include best practices, guidelines, and procedures on how your organization plans to implement training and enforce proper use.

Consider including guidelines on how to:

  • Create a secure password
  • Avoid spam, phishing attacks, and human error
  • Share on-brand and approved content
  • Engage properly on behalf of the brand
  • Avoid social media platforms’ default privacy and security settings
  • Proceed in the event of an attack

2. Establish social media training

Reinforce your social media policy with in-depth training. This will bring any potential issues or gaps in security to light. Social media education is the best way to arm your business against avoidable human error. Walk your employees and advocates through what they can and cannot share, how to use secure social media tools, and what an unsafe link or social account looks like.

If your brand is worried about full-scale malware attacks, hacks, or bad press, weave crisis communications training into your policy and education. This should cover exactly what to do in the event of a hack or PR disaster on social and how to recover with minimal damage.

3. Limit social media access

Only give publishing access to employees who have been fully trained in the social policy, procedures, and technologies that protect your brand. In the Hootsuite dashboard you can manage and limit permissions easily. Give as much or as little access to publishing on all or specific channels, assign team leaders, and approve communications before they are public. Always keep track of who has access to what.

4. Put someone in charge

Social media is a full time job. At least one person should be fully trained and educated in social media best practices and policies. They should monitor your brand’s presence, listen for related conversations, oversee training, and security, as well as manage who has publishing access. Having someone act as the eyes and ears of social is a big step in mitigating risk.

5. Get secure technology

With policy and education behind you, technology is the final piece of armor against social media security threats. Arm yourself with security software that automatically checks for malware, worms, viruses, and other cyber risks. Secure login information using passwords stronger than ‘sam1234’ (hot tip: try LastPass to create and store complex passwords).

Likewise, everyone engaging on social media should do so in one secure social media management platform. This allows all communications to be tracked, archived for compliance, measured, and secure. Both your desktop and mobile phone require security software and apps to scan for suspicious apps and links while you’re working on social.

Social media opens a world of opportunity for your business to grow and connect with customers. Arm yourself against threats and go forth knowing you’ve done everything in your power to protect your business.

Source: Hootsuite Blog