Five Ways To Protect Your Business on Social Media
July 26, 2016
Over the past few weeks, various social media networks have been hacked, proving once again that social media presents a very real and dynamic risk to organizational security. Companies including Tumblr, MySpace, LinkedIn, and even VK (Russia’s Facebook) have been breached, exposing the data of millions of users, now for sale on the dark web.
In the 2015 Social Media Marketing Industry Report published by the Social Media Examiner, it was reported that 96% of businesses use social media marketing and 91% of marketers said the use of social media is integral to their business. At the enterprise level, our reliance on social media as a marketing tool makes it highly critical that we protect our digital assets, as well as our brand reputation. Passwords, log ins, access points, controls and administrators must all be considered from a security perspective.
If your business uses social media, here are five ways to protect your digital presence.
1. Use Multi-Factor Authentication
Multi-factor authentication requires the user to identify themselves in multiple ways when logging in. When enabled, the social platform sends an additional verification code to the user’s phone as a text message. That code must be entered online, prior to access being permitted. From an enterprise security perspective, when multi-factor authentication is in place, if an account is accessed from an unknown device or IP address, the administrator will automatically get an alert notifying him/her of an unauthorized attempt to access the account. Using multi-factor authentication to protect enterprise social media accounts limits access to a select group of individuals who have been approved by the account administrator and helps protect the account from being breached.
2. Construct Strong Passwords
We still can’t believe the most common passwords found in the LinkedIn data breach: 123456, linkedin, password, 123456789, and 12345678. These passwords were exposed as part of a data compromise, but many could easily have been accessed through brute-force login. When constructing your passwords, be sure to use a combination of alpha-numeric characters, including special characters and spaces if possible. We recommended short, but complex phrases. In addition, make it corporate policy to change all social media passwords at least every 90 days.
3. Use Different Logins for Different Platforms
One common mistake many businesses make is using the same email address and password for all social media platforms. This is dangerous for two reasons:
- If a hacker breaks into one account, they will try that same email/password combination with all existing platforms.
- The hacker is more likely to use that particular email in a phishing scheme.
By using different login information for different platforms, you can minimize the risk of your accounts being targeted at the same time. To go one step further, we recommend using secret email addresses that you and only a select few know about (straying away from the all too common firstname.lastname@example.org) to better protect your logins.
4. Discard Unused Platforms
If your business tried out Pinterest at one point but ultimately decided it wasn’t worth the marketing effort, delete that account. Old accounts are often ignored and if their passwords are not updated frequently, you may be leaving your business open to a possible hack.
5. Beware of Phishing Scams
Attackers have used the low cost, large scale and trusted nature of social media to develop a new breed of highly effective attacks, from targeted phishing campaigns to account impersonations. For example, scammers work hard to create a near mirror site of a real social media website (particularly the log in page) using practices including typosquatting (creating a nearly identical domain URL and relying on common typos to use it for phishing scams).
These attacks can lead to the hijacking of social media accounts or the loss of corporate credentials. Businesses must ensure that all employees with direct access to corporate social media accounts can identify a phishing scam, as all too often, the weakest link in an organization’s security infrastructure is human error. Training and awareness are imperative across all team members engaged in any digital marketing or social media.
To support this employee training effort, Herjavec Group Social Engineering Assessment Services test your organization’s susceptibility to Social Engineering techniques with safe, approved, and authorized replication email-based attacks on targeted employees. The goal of the engagement is to help an organization understand and improve upon its present security posture.
Imagine the consequences of your business experiencing an account takeover and subsequent vandalism. What would your organization do if attackers spread malware to your entire social media follower base? It is highly critical to ensure that businesses are taking social media security seriously and protecting themselves in face of this specific type of cybercrime. By using the simple tips we’ve outlined above, your business may be able to avoid the most common pitfalls leading to social media account hacks.
To learn more about Herjavec Group's Social Engineering Assessment services, click below.
About Herjavec Group
Dynamic IT entrepreneur Robert Herjavec founded Herjavec Group in 2003 to provide cybersecurity solutions and services to enterprise organizations. Herjavec Group delivers SOC 2 Type 2 certified managed security services globally supported by a state-of-the-art, PCI compliant, Security Operations Centre (SOC), operated 24/7/365 by certified security professionals. This expertise is coupled with leadership positions across a wide range of functions including consulting, professional services & incident response. Herjavec Group has offices globally including head offices in Toronto (Canada), New York City (USA), Reading (United Kingdom) and Sydney (Australia). For more information, visit www.herjavecgroup.com.