Social Media Security has quickly become one of the most important issues facing business and individuals. Unlike a few years ago, social networking has asserted itself as one of the primary means for communication. Large corporations and individual users alike prefer the channel for various reasons. The most common ones are the ability to communicate with millions of users at a go, connecting to people from any part of the world, and facilitating the sharing of all types of media. Such include pictures, videos, text messages, and voice and video calls.
Despite its popularity, social media poses security risks due to the rising number of hackers and sophistication of attacks. Security threats are rife, and as such, social media users need to be aware of the best practices required to secure their social media accounts.
Common security risks affecting social media
Third-party applications
Social media companies are aware of the cybersecurity risks they face. They, therefore, frequently assess their systems and applications for vulnerabilities and implements the best measures for enhancing their security. Due to this, cybercriminals use third-party apps to hack their victims. This is demonstrated by Twitters’ security breach, where attackers exploited a security flaw in Twitter Counter (an application used to analyze Twitter activities). They were able to hack the Twitter accounts of Amnesty International and Forbes.[1]
Malware attacks
Cyber adversaries are persistent in their efforts to create smart and stealth malware programs. They use malicious scripts to hack the social media accounts of unsuspecting victims. By tricking their targets into installing the malware, attackers can easily monitor their activities. The approach allows them to access sensitive information like usernames and passwords.
Unsecured mobile devices
The majority of social media users install applications, such as Facebook and Instagram, in their devices for quick and easier access. Besides, smartphones are easily portable, and this makes them useful for social media usage. If a mobile device connected to social media accounts falls in the wrong hands, it can easily compromise a user’s privacy or security, resulting in identity theft, where malicious individuals use compromised accounts to promote their gains.
Imposters
Internet con artists are excellent at creating imposter accounts. Current technology makes it easy to create a replica social media account. To lower suspicion, they can wait for long periods, monitoring the original accounts to ensure they have similar activity history. As a result, targeted users can fall prey and provide highly sensitive information. Rival businesses can use the same tactic to tarnish the name and reputation of their competitors. Also, hackers can use imposter accounts to gain access to social media accounts used for corporate activities.
Unattended accounts
In some cases, individual users or companies create social media accounts and stop monitoring them after using them for a while. Cyber attackers target such accounts since they are aware that no one is watching them. They do not even need to hack them as they can use an imposter account to post fraudulent messages. Unmonitored accounts are a huge risk since they can enable hackers to disseminate false information or send malicious links to followers.
Staying secure
There are many other types of social media security threats. Although the parent companies invest heavily in maintaining secure systems and social media applications, users also have a massive responsibility to keep their social media accounts safe. Here are the top tips for enhancing social media security.
Social Media Security Tips for individual users
1. Monitor your inbox
For many years, hackers have used email messages to conduct phishing attacks. These are attacks where a cyber adversary uses different techniques to trick victims into installing malware or divulging confidential information. The methods can include appealing to the victim’s interests. Social media has, however, made it easier for hackers to carry out phishing campaigns. At a single glance at the user’s profile and account activities, they can create convincing messages to trick victims into clicking a malicious link or downloading an attachment with malware. Therefore, monitor the messages, links, or attachments sent to the inbox. Phishing attacks are usually sent by unknown people and will mostly request for personal information.
2. Utilize password protection
When creating any social media account, the process includes a requirement to create a unique username and password. Password protection is, in fact, one of the easiest ways of keeping a social media account secure. All social media platforms require users to provide a password to gain access. Creating a unique password is nevertheless different from maintaining best password security practices. Recommended practices for enhancing password security consist of creating strong passwords. Strong passwords can prevent a brute-force attack attempt. Also, periodically changing a password can minimize the possibility of its compromise. Furthermore, it is always essential to log out of a social media account once accessed through another person’s device. Most browsers or applications retain passwords where anyone can sign in.
3. Use multi-factor authentication
Many social media platforms support two-factor or multi-factor authentication schemes. They provide additional security to password protection. Enabling multi-factor authentication requires a user to provide a correct password and a second item to verify authenticity. For example, two-factor authentication may send a code to the provided phone number or email address when signing in. Failing to give the sent code, even with a correct password, denies access. Since only the legitimate account owners can access the authentication items, a malicious user can’t gain access. However, not all social media platforms enable multi-factor authentication in their default security settings. The account owner must hence allow the option in the privacy and security settings. Applying multi-factor authentication is an effective way of enhancing social media security and preventing unauthorized individuals from accessing the account.
4. Set up hard to guess security answers
When creating a social media account like Facebook, users must provide the phone number or email address for resetting passwords, in case they forget. Malicious individuals may have access to the email accounts or phone numbers and use them to rest the passwords. As such, they can sign in as the real owner and use the account to post harmful content or target followers with phishing messages. Using security answers can enhance social media security since resetting passwords might require one to provide answers to the security questions. Providing the wrong answer prevents a password reset, and this strengthens social media security. However, just like multi-factor authentication, the security questions to be used during password reset must be enabled in the security and privacy settings.
5. Manage the privacy settings
As previously stated, social media users have a huge responsibility in ensuring their personal security and that of their accounts. Due to this, they should proactively manage their privacy settings to determine who can see their posts or timeline activities. Maintaining privacy settings protects a user from social media phishers. To create a successful phishing message, an attacker must identify the interests of the target. Enabling privacy settings such as followers or friends can view the timeline history can prevent phishing attacks, thus enhancing social media security.
In that light, it is also advisable to be careful with the messages a user posts on social media. The primary intent of hackers is to access personal information such as social security numbers, credit card numbers, home addresses, and user passwords. Posting such information on a public platform like Facebook only simplifies a cyber adversary’s work. The more a user posts personal information on social media, the easier it is for a hacker to steal the user’s identity.
6. Secure mobile devices and computer
Sometimes, all a cyber actor requires to compromise social media security is a vulnerable computer. Cybercriminals exploit computer or mobile device vulnerabilities to install malware programs. Through the malware, a hacker can remotely monitor all activities, including the social media usage patterns of a particular victim. This can provide a cybercriminal with the necessary information for accessing the victim’s social media accounts.
There are multiple measures one can implement to ensure computer and mobile devices security. Using antivirus solutions can detect malware programs present on the computer. Also, acquiring updates whenever they become available, especially for social media applications, installs the latest security updates. As a result, it becomes difficult for a cybercriminal to exploit security vulnerabilities.
7. Who are your followers and friends on social media?
Verifying requests sent by new friends or followers can go a long way in enhancing social media security. The main aim of social media is to connect people from different parts of the world. As a result, hackers utilize such opportunities to create fake social media profiles and sending requests to hundreds of users as it increases the possibility of finding an easy target. It is prudent to verify the social media profile to determine its authenticity. It is relatively easy since a legitimate profile should contain a history of the owner’s activities. Such include sharing photos and comments on their posts from other friends. A profile with hard to verify information can be a cybercriminal using a fake account. Delete such requests and take the extra step of blocking or reporting them for further investigations.
Social Media Security Tips for Businesses
Businesses are heavy users of social media. They use different sites like Facebook, Instagram, and Twitter, to advertise products and interact with customers. The heavy usage is due to the various advantages, which include responding to user queries in real-time, promoting products in different parts of the globe, and maintaining business image and reputation. Since social media acts as the face of an organization, companies must ensure their social media accounts are secure. The following are the top social media security tips businesses can use.
1. Perform frequent audits
Due to emerging technology and hacking tactics, the threats impacting social media security change constantly. Cybercriminals are always devising new strategies, viruses, or scams that they can use to compromise social media accounts which businesses operate. Therefore, a company aiming to keep ahead of cyber actors should enforce regular audits of all implemented security measures. A quarterly or semi-annual audit is sufficient, and a review on the following should guide a comprehensive inspection:
2. Social media policy
Businesses enforce social media policies uniquely tailored to meet their communication needs. As such, the businesses should review the policies to accommodate changes in social media usage and security practices. A frequent review can ensure that social media security documentations remain useful in securing their accounts.
3. Publishing and access privileges
Auditing publishing and access permissions can enable an organization to protect its social media accounts. Permissions review is necessary since it identifies users with the rights to publish content on the platforms. Some users might have changed their roles or had their access revoked. As such, auditing ensures that only users with the necessary permissions can access or publish on social media.
4. Privacy settings
Social media sites tend to update their respective privacy settings. The updates can impact the security of an account since it will be using the old privacy settings before they were updated. Businesses should ensure that they frequently audit their security settings to ensure they are in tandem with the new updates.
5. Keep track of recent threats
The IT department of any company should track new risks and working solutions. Tracking emerging threats enables a business to implement sufficient measures for responding to them or preventing them entirely.
6.Implement a system for approving new posts
All businesses dread any incidence that can damage their reputation. A malicious individual with the correct login information can access the account and post information that can ruin the company’s reputation. Notwithstanding, an employee with good intentions can use the same platform to post sensitive business information about the business. Such information can include unreleased products or services that have not yet been unveiled. Moreover, a user can also use a work social media account to post personal information. Whereas this does not pose any significant risk to the account’s security, it demonstrates a business’s inability to control information flow, thus affecting its reputation and customer base.
Every organization should, therefore, implement a system that it can use to approve any posted information. Such information can include designating a group of individuals who approve different types of information. For example, an employee from the marketing and finance departments can approve any information originating from their respective sections. In a recent case, a marketing contractor working for Z-Burger posted a graphic image of a killed journalist on the company’s Twitter handle[2]. The contractor had publishing rights, but the company lacked a system for approving new posts.
7. Monitor all social media accounts
As mentioned earlier, unmonitored accounts are one of the biggest threats to social media security. Hackers target unattended accounts since they are easy to hack or impersonate. Monitoring all social media channels is hence a security necessity that a company should consider observing. Monitoring should include accounts used every day, and those that were opened but used for a short while or not used at all. As a result, it can be possible to detect any cyber actor who manages to hack and use the accounts. However, monitoring the accounts usage patterns alone is not enough. It is also vital to monitor the originality and authenticity of all posted information. To achieve this, a business can cross-reference its posts with the company’s content calendar.
Besides, following up on everything can enable a business to maintain sufficient social media security. Social media platforms are designed such that any information communicated through them appears to be from the owner or authorized users. However, this is not always the case. Digging into all activities, even those that look legitimate can uncover risks that can cause security issues in social media usage and access. Some content can be crafted to stray from the intended information. This can be due to human error, or due to unauthorized access. Also, monitoring should include watching out for employees who make inappropriate comments or mentions about the business’s brand, negative conversations regarding the business, and imposter accounts.
8. Designate a social media officer
Creating a role that establishes the position of an employee responsible for controlling social media accounts can enhance their security. It can also bolster the efforts put in place for mitigating risks and threats. The person who fills such a role should be responsible for developing and owning social media security policies. Other vital roles can include monitoring the company’s social media presence and determining individuals with permissions to access or post on the accounts. This is particularly important since unauthorized posts or access can compromise the security and integrity of the account in question.
To ensure the employees responsible for securing an organization’s social media accounts discharges the role effectively, they require to collaborate with the IT department. A good relationship will be valuable in facilitating sufficient risk mitigation and prevention. Also, the social media officer needs to closely work with all departments that require the accounts to fulfill their obligations. Such may include marketing. As a result, the officer can approve or decline to authorize posts depending on how they impact the organization’s strategies, objectives, or regulations.
9. Restrict the use of social media
According to a survey done by PriceWaterhouseCoopers, organizational employees have higher possibilities of causing social media security risks compared to hackers. Employees can make errors when posting on a business’s timeline, which can result in security risks. As a result, restricting the use of social media is one of the best ways of keeping the company’s social media accounts secure. For example, a business may task different teams with roles such as messaging customers through social media, creating new posts, or providing customer services. However, not everyone requires the permissions to post; neither should all team members have access to login passwords.
As such, minimizing the number of employees capable of posting should be a top priority in managing social media security. Once a business identifies employees with permissions for posting, it should consider using software solutions that can provide direct access without requiring a password or username. This would eliminate the need for continually changing login credentials once an employee leaves the business or the permissions are revoked.
10. Train best social media security practices
Adopting the most potent social media security policies can be useless if the employees are ignorant of best usage practices. Whereas such a policy needs to be simple and easy to understand, training staff provides them with an opportunity of actually learning how to enforce it. Training sessions also enable staff to understand social media security threats and their responsibilities in preventing them. Moreover, training sessions provide a business with the time to review implemented policies and updating them accordingly.
11. Maintain social media policy
Any business using or planning to use social media must develop a comprehensive policy to ensure its security. An effective policy should contain guidelines for preventing negative PR or legal struggles, and more importantly, mitigating security threats. Some of the guidelines to include in the policy are:
- The team members or departments with access to company social media accounts
- Guidelines for working password management strategies
- How employees can identify social media threats, attacks, scams, and how to report them
- Rules governing the use of personal social media for work reasons
- Guidelines for talking about the business’s brand on social media
- Invest in automated security technologies
Monitoring social media activities using human operators can be challenging since they can make errors or be unable to ensure round the clock monitoring. Subsequently, some threats can go unnoticed, resulting in disastrous security breaches. An automated solution can prevent that from happening since it doesn’t make errors, nor will it leave the system unmonitored. Automated security monitoring can alert of offensive posts that can harm a business’s reputation. Also, it can detect links or attachments used for phishing campaigns, fraudulent accounts attempting to impersonate a company or scams that target the business’ customers. As a result, a business can enjoy enhanced social media security.
- https://techcrunch.com/2017/03/15/twitter-counter-hacked/ ↑
- https://www.washingtonpost.com/news/local/wp/2018/07/25/z-burger-hamburger-chain-apologizes-over-callous-misuse-of-images-in-twitter-ad/?noredirect=on&utm_term=.4db4fd615913 ↑