Why Increased Connectivity Means More Cyber Risks
Over the past decade-and-a-half, social media has evolved from a curiosity piece to a colossal powerhouse. For many of us, social media has become embedded into our daily lives, having brought about considerable changes in the way that we all communicate.
While the primary purpose of social media is to connect users with family, friends, and even organizations, it’s become a principal target for cyberattackers as well. After all, with over 3.5 billion daily active social media users worldwide – nearly half the population of the planet! – there’s a wealth of data to be mined for hackers with malicious intentions.
Sharing can be a double-edged sword. Social media allows us to relate many facets of our lives with friends and followers with whom we might not be able to interact personally. But in so doing, we’re also risking the possibility that strangers could gather this info and put it to use for harmful purposes.
Nowadays, social media is not just for individuals. Many online and even brick-and-mortar businesses also use it to build a loyal following, increase awareness for their brand, and engage with customers. In addition, a large majority of small businesses rely on social media to promote their offerings, as this can be one of the most cost-effective channels for marketing.
As social media use for business communications surges, having robust cybersecurity measures in place is more critical than ever. Successful cyberattacks can gain access to a user’s authentication credentials and logins and discreetly pull personal data from users’ online friends and colleagues. Info gleaned from these attacks can be used to develop targeted ad campaigns or engineer virtual or cyber crimes, such as spear-phishing attempts.
Whether you engage in social media activity for business or personal use, it’s important to know how to use it safely and to protect yourself and your organization against common security threats.
How Cybercriminals Use This Info To Their Advantage
Not only can hackers access your usernames and passwords as well as gather confidential data from your online friends, they can also gain entry to your device’s data, including: contact lists, call logs, geolocation, and IP address. They can use this data to guess security questions to your online accounts in order to reset passwords and block you from using your own accounts. At worst, they could use the data they’ve gathered to steal your identity.
They may also engineer spear-phishing attempts, sending you an email mimicking an individual or business you know in order to elicit sensitive info such as bank account information. The thought process behind this method is that people might be more likely to click on links sent via messages – on Facebook Messenger, for example – in a “safe,” seemingly friendly social media environment.
Since there are many different social media platforms widely in use, there are also numerous entry points that hackers can use to gain access to users’ accounts. The rampant use of mobile for practically everything offers cyberattackers even more outlets by which to obtain sensitive information. While most people seem to be well aware of the potential privacy risks, they still choose to use social media anyway.
7 Common Types of Social Media-Fueled Cyberattacks
Hackers are constantly coming up with new ways to ruin your day. Here are a few of the most common types of attacks engineered through social media:
Malware is, in essence, any program installed on a user’s device without their knowledge or consent. More often than not, this type of malicious software is hidden inside emails and questionable download links, but social media networking sites have also become one of the major gateways for malware.
Malware can be used to monitor a user’s computer activities, control their computer for nefarious (or simply annoying) purposes, and even engage in mass attacks on other computers without the user’s knowledge. Malware is known to spread fast and infect multiple devices, and can even cause security defects in existing software.
Social networking and online dating apps can be extremely convenient, but they aren’t exactly known to be the most secure environments. Many users, unfortunately, have fallen victim to catfishing attempts. Catfishing is when your presumed online “partner” is not who they purport to be – they have, ultimately, faked their identity in order to build trust with you, with the ultimate goal being to get you to reveal personal and even financial information.
Unattended Social Media Accounts
While it’s a savvy move to reserve your brand’s “handle” on all the major social media sites, if you aren’t actively monitoring and maintaining these profiles they could be taken over by hackers and used to damage your brand reputation. Even worse, these unattended accounts could be used to commit fraud, post inappropriate messages, and perform illegal activities.
Unsecured Mobile Devices
Recent studies have shown that mobile devices account for more than half the time we spend online. Accessing your social media accounts via mobile devices is easier than ever these days, and is often achieved with just one tap. This is great, as long as you’re the only individual using your phone. But if your phone is lost or stolen, someone can easily gain access to your personal data, your conversations, and even your business’s confidential data. Hackers could use your device to message all your connections with phishing or malware attacks.
Hackers are getting better and better at crafting targeted phishing emails that are likely to be opened by recipients. They are able to create fake web pages that appear legitimate, seeking to get users to enter their credentials, passwords, banking details, and other private info.
Taking Advantage of Human Error
Employees can be a company’s greatest asset or its greatest liability. Gone are the days when workers kept their private and professional lives separate. Today, employees talk openly about their work lives, in person and on social media. While many posts that they share cast their employers in a positive light, some may unwittingly share sensitive customer info or reveal private locations. This can spell trouble for your organization in terms of client confidentiality.
Hackers could also attain the information they need to socially engineer phishing emails. One worker clicking on a bad link or downloading the wrong file could wreak havoc on your entire network.
It’s not as hard as you might think to create a social media account that looks like it belongs to your company, but is actually an impostor account. (This is one reason why it’s so important to get “verified” on social media networks.) Impostor accounts can target your customers or potential recruits, tricking them into handing over their confidential data. Impostors may also try to con your employees into handing over the login credentials for corporate systems.
How to Protect Your Business Against Social Media-Fueled Cyberattacks
Create a Social Media Policy
Define how your business and its employees can utilize social media in a responsible manner. This helps not only protect you from security threats, but from bad PR and legal issues as well. Develop guidelines that explain how to discuss your company on social media; how to deal with confidential data; what social media activities to avoid; how to create an effective password; how frequently to change passwords; how to identify scams, attacks, and other security threats; and clarify expectations for keeping devices and software up to date.
Don’t Give Away Too Much Personal Information
It’s in your best interests, and that of your company, to not leave a trail of breadcrumbs for hackers to follow. Avoid sharing info such as your date of birth, places you’ve attended school, names and/or pictures of your family members, the name of your first pet, the street you grew up on, your city of birth, etc. These bits of data are commonly used as security challenge questions for banks and other privacy-centric sites, and are generally sufficient for most identity thieves to be able to hack your accounts or apply for credit cards in your name.
It’s also not wise to make contact information such as email addresses or phone numbers accessible to the general public. This info could be used by cyberattackers in attempts to obtain your financial information.
Announcing your vacation on social media or “checking in” on social media sites can broadcast to any and everyone that you’re away from home and invite burglars or home invaders.
Don’t post anything on social media that you wouldn’t state publicly or wish to be repeated. Always assume all social media posts will eventually become public information, since tools like the Internet Archive’s Wayback Machine permits you to see previous versions of webpages, even after the data has been deleted.
Update Privacy Settings
Keeping your personal accounts set to private will limit the amount of access hackers have to your data. This allows you to still safely share some things with your friends and family. If your business profile is kept public so you can interact with followers, it’s important to never share specific personal info where everyone can see it. Check your account settings a few times a year to verify that your settings are correct.
This relatively new form of account verification requires a secondary factor, separate from your username and password, that you alone can provide. This often comes in the form of a question you must provide an answer to, or a code that’s sent to your smartphone which you then have to transmit back to the site in order to gain entry to your account. This is especially effective, given the fact that, even if a hacker gains access to your login credentials, they’re unable to directly access your accounts. Nearly all social media platforms enable two-factor authentication now.
Educate Staff on Common Security Issues
Training staff about security issues on social media is beneficial in a number of ways. First, it gives employees the chance to engage, ask questions, and get a sense of how crucial having a social media policy in place really is. Employees are also afforded the opportunity to review the latest threats facing social media users and discuss whether there are any sections of the social media policy that need to be updated.
Two practices, in particular, that are especially important to include in this training process. Discourage employees from clicking on suspicious links – if it looks shady, it probably is! Finally, instruct employees to refuse friend requests from people they don’t know personally. Not practicing these two things leaves you and your network wide-open to malware and phishing attacks, at the very least.
Be Aware of Social Media App Integrations
Be careful about connecting third-party applications (such as games) to your social media account. When you do this, you’re granting those apps access to every aspect of your account. Third-party apps are now free to read messages, view contact lists, online activity, see pictures, etc.
Oftentimes, the app developers then “farm out” data to advertising companies to pad their own pockets. Third-party apps often don’t have the same privacy policies or user agreements that the social media site does. The app’s developers may also have different values and ethics than the social media company to which they’re linked. Finally, third-party integration may have a lower level of security than the social media app itself does.
It’s wise to limit third-party integration to sources that you already know and trust. If you don’t use a third-party app or game, but it’s still tied to your social media account, delete it! If you’re unsure about an app or its developer, research it before granting the app access to your info. If there’s any doubt whatsoever about the third-party app or its developer, don’t install it!
Review Social Media Permissions, Terms, and Conditions
Being aware and appropriately managing your social media permissions helps maintain both your privacy and security. Permissions are what enable social media apps to integrate with other apps and devices.
Consumers rarely scrutinize this info due to the “legalese” that’s rampant in these clauses. Take the time to learn more about the social network’s privacy policies and determine the best way to protect yourself by limiting app permissions.
Apps should be configured to give them the lowest possible level of access. It’s also important to be aware of what the “default” settings are and know how to change them if necessary.
Set Up a System of Approvals for All Social Posts
If only one individual serves as “admin” for your social media accounts, that’s not good! You could be putting your brand name at risk, especially if a personal account is attached.
Limiting access to your social media accounts is the best way to keep them secure. Not everyone on your team needs to to be privy to your social media account passwords. Assigning a key person to be the eyes and ears of your social media presence can help mitigate the risks. This person should own your social media policy, determine who has publishing access, and be a key player in the development of your social media marketing strategy.
Store all important passwords in a shared password manager. Discourage employees from attaching their personal accounts to your company’s professional accounts. Have the ability to revoke access to accounts whenever someone leaves or changes roles. With a solid system in place, having several people within the business can help facilitate damage control in the event of a crisis.
It goes without saying that social media can be an incredibly powerful tool for businesses seeking to market their products and services. In general, social media has dramatically reshaped how people send and receive information. But with its increasing popularity, social media has also become a hub for malicious activity and cyberattacks.
Fortunately, social media sites are devoting lots of time and effort toward bolstering security features to create a safer environment for users. But the onus is on us, as users, to be aware of the risks and proactively avoid them as well.
Make sure that you’re not oversharing personal information, especially in the workplace. Practice good cyber hygiene by not clicking on suspicious links, refusing friend requests from people you don’t know, and using newer tools such as two-factor authentication to make it harder for hackers to access your accounts.
By executing these actions wisely, individuals can help their employers maintain a secure presence on all the relevant social media platforms.