Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

4/22/2019
10:30 AM
Guy Bunker
Guy Bunker
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

4 Tips to Protect Your Business Against Social Media Mistakes

Don't let social media become the go-to platform for cybercriminals looking to steal sensitive corporate information or cause huge reputational damage.

Social media has become the No. 1 marketing tool for businesses, with 82% of organizations now using social media as a key communication and promotional tactic. It has become the window to a business, enabling companies to build a following, engage with clients and consumers, and share news and updates in a cost-effective way.

While social media can be a great tool, there are also a number of associated security threats. Just by having a presence on the platforms, organizations of all sizes put themselves at risk.

There are four main ways that social media threatens businesses:

1. Reputational Damage
High-profile individuals, brands, and organizations are regularly caught out for saying the wrong thing or posting something inappropriate. For example, last year, Jeff Bezos, CEO and president of Amazon, tweeted an image of himself dog sledding in the Arctic Circle while on vacation. This was amid a wave of criticism around the company's wages, causing a huge backlash from employees and high-profile individuals about its insensitivity and the pay gap within the organization. 

These incidents can happen via the corporate account itself, or via employees who are associated with the company. Businesses must understand that the networks created on social media act as the face of the company. If an employee, director, or owner posts pictures of themselves drinking excessively or discussing views that aren't held by the company, behavior or sentiment is often attributed to the company itself, with the reputational damage faling on the organization rather than the individual.

2. The Slip of a Finger
With 64% of marketers confirming that social media is just one aspect of their job, it's clear that many employees cannot always dedicate the time needed to properly manage corporate accounts. This is where mistakes happen and have the potential to ultimately cost businesses.

A common occurrence of this happening is when an employee accidently responds to the wrong message. An employee might be responding to one customer enquiry but actually sends their reply to a totally different customer — meaning sensitive information about a customer is shared with an unintended recipient.

A further threat is when a private message is instead shared via the corporate social media feed. While an employee thinks they're replying privately, they actually share the entire message — again, containing sensitive information relating to a customer — publicly. While the message can be removed from the timeline, anyone could have taken a screengrab of the information. In this public setting, companies must be conscious of the fact that this is not only a compliance breach but a reputational issue as well.

With General Data Protection Regulation compliance fines of up to €20 million (or 4% of global revenue), a small mistake like this can have big consequences. For example, if Google were to share customer data accidentally on its corporate Twitter account, this could mean a fine of $1.4 billion.

3. Social Phishing
Phishing is a prevalent cyberattack method, often carried out via email as a way to steal sensitive information from businesses or to infect corporate networks with malware. However, cybercriminals use social media to trick employees into allowing access to sensitive information about the company for which they work.

LinkedIn, in particular, has the biggest challenge with this because some employees use it a lot. Salespeople use the platform every day to find new business, track down information about people they're going to meet, and look for new job roles. Salespeople quite frequently receive incoming messages asking them to a click a link, and links can be malicious. Furthermore, those using LinkedIn tend to go to the site via a laptop during working hours, so cybercriminals know they're more likely to reach the corporate network because laptops often offer the quickest route to the company server.

4. Lack of Awareness 
Social media use has become a part of our everyday lives, both personally and professionally. However, there are some simple steps that businesses should take to ensure everything stays safe on company social accounts:

  • Employees should be trained on corporate social media policies and be given a "best use" guide, demonstrating what they can and can't do on corporate social media accounts.
  • Information about cyberattacks via social platforms should be circulated so employees know what to look out for and how to prevent a potential attack from happening.
  • Having simple practices in place, such as internal reviewing of content, means no tweet goes live without multiple approvals, reducing mistakes that have huge reputational impacts.
  • Limited access to the social corporate accounts should be in place. Not all employees should be given the passwords for the accounts; instead, the individuals that require access, or have been granted access, should have the login details sent to them privately and confidentially.
  • Passwords should be changed regularly and most definitely changed when an employee who had access leaves the organization.

Social media is a great marketing tool for businesses. However, if companies continue to ignore — or misunderstand — the threat that it poses, it will become the go-to platform for cybercriminals looking to steal sensitive information or cause huge reputational damage when silly mistakes are missed.

Related Content:

 

 

Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry's most knowledgeable IT security experts. Check out the Interop agenda here.

Guy Bunker is an internationally renowned IT expert with over 20 years' experience in information security and IT management. He currently holds the position of CTO at data security company Clearswift, and was previously the Global Security Architect for HP. Prior to that, he ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
niajax
50%
50%
niajax,
User Rank: Apprentice
4/23/2019 | 1:24:19 AM
Good to the know valuable tipls
Hi Guy,

There is a great relationship between Business & Social Media as most people believe Social Media really helps to a Business on social platforms.

But sometimes some mistake really hearts to a Business. A Business can heart by a small social media mistake. So these shared points are good to be aware of social media mistakes.
I 'Hacked' My Accounts Using My Mobile Number: Here's What I Learned
Nicole Sette, Director in the Cyber Risk practice of Kroll, a division of Duff & Phelps,  11/19/2019
DevSecOps: The Answer to the Cloud Security Skills Gap
Lamont Orange, Chief Information Security Officer at Netskope,  11/15/2019
Attackers' Costs Increasing as Businesses Focus on Security
Robert Lemos, Contributing Writer,  11/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-10854
PUBLISHED: 2019-11-22
cloudforms version, cloudforms 5.8 and cloudforms 5.9, is vulnerable to a cross-site-scripting. A flaw was found in CloudForms's v2v infrastructure mapping delete feature. A stored cross-site scripting due to improper sanitization of user input in Name field.
CVE-2019-13157
PUBLISHED: 2019-11-22
nsGreen.dll in Naver Vaccine 2.1.4 allows remote attackers to overwrite arbitary files via directory traversal sequences in a filename within nsz archive.
CVE-2012-2079
PUBLISHED: 2019-11-22
A cross-site request forgery (CSRF) vulnerability in the Activity module 6.x-1.x for Drupal.
CVE-2019-11325
PUBLISHED: 2019-11-21
An issue was discovered in Symfony before 4.2.12 and 4.3.x before 4.3.8. The VarExport component incorrectly escapes strings, allowing some specially crafted ones to escalate to execution of arbitrary PHP code. This is related to symfony/var-exporter.
CVE-2019-18887
PUBLISHED: 2019-11-21
An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. The UriSigner was subject to timing attacks. This is related to symfony/http-kernel.