Social media has skyrocketed for businesses all over the world, with many companies using it as a way of strengthening their brands and reaching out to new and existing customers.
It’s clear that social media is likely to continue its popularity with businesses although, in an age where information security has never been such a pressing issue, there are still questions that need to be addressed.
1. Is social media really a threat to security?
The threat posed to security by social media is nothing new. A report released by Cisco in 2013 claimed mass audience sites, which include social media, pose a significant threat to information security.
One obvious threat is the potential for blurring the line separating personal information and company data, particularly when a user is using a social media account for both personal and work purposes.
“Our right to privacy and the type of data we consider confidential is no different on social media than on other communication platforms,” says Charl Ueckermann, CEO at AVeS Cyber Security. Leveraging the business opportunities of social media can be done without giving away the right to privacy and without compromising confidentiality. It is therefore important that businesses use the tools at their disposal to help every person in the organisaiton understand the ‘rules’ of the social media game.
The risk may be underestimated by workers, many of whom may believe their social media accounts are not carrying anything of interest for cybercriminals, but it can still be used as a portal into a company’s wider network.
2. So, is social media a weak spot?
Potentially. The use of phishing to compromise e-mail accounts has been well-documented, but they can take on a new dimension when combined with social media. For example, if cybercriminals can compromise a LinkedIn account, they can potentially fool others on the network into thinking they are genuinely one of their co-workers, opening up the possibility of handing over sensitive information.
3. But if they don’t get that far, there’s nothing to worry about?
Not exactly. Social media output is a key component of a brand’s overall image. If a cybercriminal manages to compromise one of these channels it could prove damaging. For instance, in 2013 a hacker was able to gain access to the Twitter account of Burger King and then used it to display a MacDonald’s logo, along with explicit obscenities. Similarly, it’s not exactly reassuring when someone like Mark Zuckerberg has his social networks compromised.
4. What can be done to make things better?
Setting up a rigid social media policy to protect company accounts is always a good start. A code of conduct for employees, as part of a wider cybersecurity program, can include the implementation of strong passwords, with weak logins such as 13456 still all too common. Other potential points include monitoring engagement with brand mentions, offering guidance on how to spot malicious software, implementing two-factor authentication, and ensuring that only brand approved content is shared.
Implementing a policy is particularly important for businesses operating more than one social media account, although it is equally important not to discourage employee participation as this will hinder the benefits these platforms bring.
5. Is it the employer’s responsibility to safeguard social media security?
Employers should always try to educate their workforce on the potential dangers of social media as best they can, but employees themselves need to remain vigilant. For example, it’s important to be cautious of links embedded in email messages, even if they appear to be from a social network provider.
Always ensure links come from trusted sources. If in doubt, connect to a site’s URL directly by typing it into your browser. Always keep a track of what devices have access to your accounts, and utilise any available service that will notify you when a new login occurs.
Furthermore, workers shouldn’t risk leaving themselves vulnerable by potentially sensitive information on social media.
Carey van Vlaanderen is the CEO at ESET South Africa.