Social media is no longer just a luxury for the consumer, but a vital platform for businesses to reach their audiences in a quick and cost-effective way, as well as a great networking tool for individual employees and freelancers. However, social media is also a popular source for cyber criminals to get easy access to your confidential details, inject malicious software, and tarnish your brand’s trust. To ensure you aren’t putting yourself and your organisation at risk with your online sharing habits, check out the major risks that come with social media platforms below, as well as some key tips to help you improve your security practices.
Phishing Attacks & Impersonation
Criminals attempting a phishing scam or impersonation will often take to social media to find as much publicly available information on their target as possible to dramatically increase the believability of their story – for example, employees will usually include a lot of their work-related details on LinkedIn, including their position, work email, office hours, and maybe some brief mentions of their most used apps. With this, an attacker could target an in-house designer with an outstanding Adobe bill, or an account manager with a Salesforce password reset.
Nobody is safe from hackers, which is becoming increasingly clear as we see more big brands and celebrity social accounts being taken over by hackers. A recent example took control of some notable profiles, including Matalan, Pathe UK, and Pantheon Books – all accounts with a ‘verified’ blue tick. With this verification, the attackers then changed the likeness of these profiles to impersonate Elon Musk before sharing a post asking for bitcoin donations.
An account takeover like this not only leaves any data stored within the account exposed, but can also heavily damage your customers’ trust in your brand, and potentially lead to legal trouble.
Year after year low security awareness among employees is listed as one of the top 3 security concerns for businesses, and with good reason. Organisations are now starting to take this threat seriously by teaching their staff to recognise phishing emails specifically, but what employees get up to out-of-hours is frequently overlooked. With the increasing trends of BYOD and remote working, users are now using the same devices to access work-related data as they are for their personal social media accounts, meaning that clicking on a phoney link like the twitter takeover example above could impact the business as a whole.
5 Key Tips
- Check your privacy settings to ensure only your friends and connections can see your profile and activity.
- Make any announcements – such as taking time off work to go on holiday – as vague as possible.
- Be cautious of surveys, quizzes, and any applications requesting permission to access your data.
- Avoid any links that don’t clearly display the link location, such as shortened links, buttons, or images with attached hyperlinks.
- Use complex and unique log-in details for both business and personal accounts.