Social Media Security

Social media has transformed the way we communicate, relate, interact, and live. The human need for social interaction (albeit online) poses to us today one of the biggest cybersecurity challenges. The sheer amount of personal information that we put on social media today is a cybersecurity disaster waiting to happen; and in many cases – a disaster that has already happened.

So, what are the things that could go wrong on social media? Traditional scams like a message flashing on your screen can promise you a heavy discount on branded shoes. Click the link and you get malicious malware on your device. However, there are those that target your identity as well – you announce details of your life on social media like your latest promotion, the test you passed yesterday, or even a picture of your boarding pass taking you to that travel destination on your bucket list. These are all pieces of an information puzzle that hackers are more than happy to solve. If they can get your identity related information, they can steal your identity – eventually leading to tax fraud, bank account fraud, and other forms of fraud.

Social media is also a place for reconnecting with business colleagues and friends. However, hackers often impersonate those individuals and send you a friend/connection request. Once you’re connected, the hacker is part of your trusted inner circle.

Phishing attacks when done over social media can truly have a cascading effect. And this is helped along its way by “trigger fingers” on social media – the people on social media who click first and think later. In the process, they get infected by whatever they clicked on and shared it with the people connected to them.

When the infection is some form of regular malware, it’s one thing, but it could also be ransomware. And ransomware is an evolving and dangerous species as recent attacks have shown. Ransomware is indiscriminate and targets individuals and organizations all the same. To ransomware attackers – money is money.

Any hacker that gets a foot in your door inherits access to all your information. So how do you protect yourself from hackers on social media?

• Post as little as possible about your lives on social media. It’s counterintuitive, yes, but that’s the best thing you can do for your security and privacy.
• Dive into the account-level security features that your social media platform offers and enable privacy and security settings. They’re not always enabled by default.
• Use strong passwords and different passwords for different accounts.
• Be cautious about strangers getting friendly on social media. When it comes to friends and business acquaintances, let quality, not quantity, be your guiding force.

When technology affects you, it directly affects the organizations for which you are connected. Therefore, it’s important for organizations to adopt adequate security measures as well to protect sensitive information against the cybersecurity risks of social media –

• Provide comprehensive social media security awareness training to employees so that they don’t discuss or post confidential information on social media – even inadvertently.
• Design, implement, and enforce a robust information security program and associated policies and procedures that specifically discuss social media, its associated risks, and protection measures.
• Perform periodic risk and security assessments of social media usage at the organization.
• Enable a social media strategy and function at the organization so that the organization’s channels are used only by defined and authorized individuals whose roles and responsibilities clearly outline that.
• The information security department must be closely intertwined with the social media function at the organization to ensure that security and privacy settings are reviewed and updated on an ongoing basis. What could go wrong with an individual social media account can easily go the same way for an organization’s account.
• Use automated tools to manage and monitor social media and postings that can impact the organization and employees.
• Develop and implement a comprehensive incident response/crisis management program for social media related negative situations. Consider the multi-disciplinary groups that need to be part of this process, encompassing marketing, sales, legal, public relations, communications, risk management, privacy, and security. Ensure that you test and update the program on an ongoing basis.