Scams on social media skyrocketed by 150 percent across Facebook, Twitter, Instagram, and LinkedIn in 2016. And the number is likely to continue climbing as more cyber crooks see social as a fruitful target.
So, what are businesses to do? Pull away from social altogether? Well, no.
For most brands today, social media is critical to their marketing and customer service success. To pull away would mean risking important stakeholder engagement and market opportunity.
Instead, brands must ensure they’re educated about the risks and take steps to protect themselves.
In this post we’ll look at five of the most common social media security risks and offer tips on how to protect your organization from them.
5 social media security risks to business
1. Human error
From accidental tweets, to unknowing clicks on phishing links, human error is one of the most common social media security threats to brands today.
Back in 2014, a US Airways employee accidentally posted an X-rated image to the company’s Twitter feed. Dubbed ‘the worst tweet of all time’, the error brought on days of tough press coverage. While the company ultimately made it out unscathed, the situation highlighted just how quickly things can go wrong due to human error on social media.
2. Not paying attention on social media
Related to human error, not paying attention to your social media accounts can have serious consequences. Leaving your account unmonitored, for example, puts it at risk of being infected by a malicious virus that could spread to your followers.
Worse still, if that virus sends spammy messages from your account you could run the risk of losing followers who no longer see you as trustworthy.
3. Malicious apps and attacks
The internet is rife with malicious software—ranging from malware and spyware to adware and the evil ransomware variety (of which there were over 4,000 attacks every day in 2016).
One of the most sophisticated attacks to go down on social media in recent memory was that of the Locky app. Initially spread through email attachments, Locky directly targeted social networks through the circulation of corrupt jpegs (those sneaky Locky hackers found a way to embed malicious code into an image file).
When an unknowing user clicked and opened the image, Locky would immediately put a lock-down on all their computer files. A nasty little note would soon follow demanding the user make a payment (via the anonymous Tor network) in exchange for a key to unlock the user’s files.
4. Phishing scams
Like malicious apps, phishing scams use social media to trick people into handing over personal information (like banking details and passwords). Phishing attempts on social media soared by an astounding 500 percent in 2016—largely attributed to fraudulent customer support accounts targeting customers on Facebook, Twitter, Instagram, and LinkedIn.
One such example was the Facebook “fake friend” phishing attack that made the rounds in 2016. According to global cybersecurity watchdog, Kaspersky Lab, thousands of users received a Facebook message saying they’d been mentioned by a friend in a comment. When users clicked on the message, the scam would automatically download a malicious Chrome browser extension onto their computer.
Once installed, the malicious file would take hold of the user’s Facebook account—where it would then extract the user’s personal data and further spread the virus through that user’s friends.
5. Privacy settings
Privacy and protection on social media is extremely important. Yet many businesses continue to put their reputations at risk by not implementing strict privacy settings. As a result, hackers can easily take control of a brand’s social channels and wreak havoc at will— sending fraudulent posts to followers or making adjustments to a channel’s appearance.
7 tips on how to avoid social media security risks
1. Create a social media policy
Before people can avoid making social media blunders, they need to know what things to watch out for. One of the most effective ways to do this is by creating a social media policy.
Social media policies can help to keep your brand safe while encouraging participation from your employees. While policies will vary from organization to organization, typically they’ll include best practices, safety and security guidelines, and procedures on training and enforcement.
Policies are especially useful for organizations that operate more than one social media account to stay coordinated.
Viewing the policy as a “living document,” the university uses Hootsuite’s monitoring and insights features to keep employees informed of best-practices related to their various social networks.
Be sure to include clear guidelines on how to:
- Create a secure password
- Effectively monitor and engage with brand mentions
- Avoid spam, phishing attacks, and human error
- Avoid malware and related malicious software (spyware, ransomware, etc.)
- Proceed in the event of malware attacks
- Engage on social media following a corporate crisis
- Share on-brand and approved content
Check out our complete guide for more tips on writing social media policies.
2. Give your employees social media training
Next, bring your policy to life with in-person social media training. Doing so will give your employees the chance to ask questions about policy items they don’t understand. It will also bring to light any gaps in your policy that could become potential security threats.
Organizations like famed publisher Wiley, for example, regularly deliver in-house social media training to keep their social efforts streamlined and secure.
During the training, clearly highlight your company’s do’s and don’ts of sharing, how to use secure social media tools, and what phishing links or malicious accounts look like.
If your brand is worried about full-scale malware attacks, hacks, or bad press, weave crisis communications training into your policy and training—detailing what to do in the event of a hack or PR disaster on social.
3. Limit access to social media
You want to make sure that only the right people have publishing rights on your social media channels. This applies regardless of how many people contribute to message drafting and content creation.
Read-only settings, like those offered by Hootsuite, can help mitigate the risk of human error caused by employees who aren’t properly trained on the channels and tools.
If you’re using Hootsuite, you can easily set-up permission levels and a system of approval to follow the natural hierarchy of your organization. Staff members can be given limited permission to draft messages, which must then be fed into an approval queue for senior management to sign-off on before publishing.
Limited permissions also allow you to restrict employees to specific social accounts and capabilities.
Learn how to get even more out of Hootsuite with free social media training from Hootsuite Academy.
4. Put someone in charge
Too many cooks in the kitchen spoil the broth, or so the saying goes. Similarly in social media, one key person should lead the charge on all of your brand’s social media activities.
Having a key person acting as the eyes and ears of your social presence can go a long way towards mitigating your risks. This person should monitor your brand’s presence, listen for related conversations, be responsible for your social media security, and manage who has publishing access.
5. Invest in secure technology
With social media hacks on the rise, brands must take vigilant and innovative measures to keep their accounts—and their reputations—safe. One of the most effective ways to do this is by investing in secure technology.
Safeguard your passwords
Not so long ago, shared social media accounts meant shared passwords—which also meant more opportunities for crooks to get their hands on your information. These days, a slew of password management tools are available to keep your passwords safe.
Lastpass is a great example of a site that can generate and store complex passwords on your behalf. Two-factor authentication tools, like One Login, add an added security layer where users are required to use two devices (computer and mobile device) in a series of commands to access an account.
One social platform to rule them all
Secure social media management platforms, like Hootsuite, are another great way to keep your content secure. By using a single platform to manage all your networks, you can confidently keep control of who’s publishing and accessing your accounts.
Scan for threats
Arm yourself with security software, like ZeroFOX, that automatically scans for and sends alerts of any brand impersonations, scams, fraud, malware, viruses, and other cyber risks.
6. Monitor your social media channels
If a social media blunder happens, you’ll want to make sure you immediately hear about it. But to know what’s being said, you need to do more than keep an eye on each of your networks—you also need to know what to look for.
For an even more comprehensive understanding of the conversation happening around your brand on social media, try an app like Brandwatch, which lets you monitor and analyze social mentions from more than 70 million sources.
7. Perform a regular audit
As you would with any other business function, be sure to perform regular audits of your social media security measures to make sure your efforts are up-to-date and that potential security gaps haven’t crept in. At least once every quarter, check on:
- Network privacy settings: Networks routinely update their privacy settings which will likely have an impact on your account.
- Access and publishing privileges: Perform a scan of who has access to and publishing rights on your social media management platform and sites and update as needed.
- Recent security threats: Perform a scan of reputable news outlets and security sources for an update on the latest social media threats in circulation.
Social media opens a world of opportunity for your business to grow and connect with customers. Arm yourself against threats and go forth knowing you’ve done everything in your power to protect your business.
From monitoring social channels to managing permissions, Hootsuite can help you secure your social media.