Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

4/22/2019
10:30 AM
Guy Bunker
Guy Bunker
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

4 Tips to Protect Your Business Against Social Media Mistakes

Don't let social media become the go-to platform for cybercriminals looking to steal sensitive corporate information or cause huge reputational damage.

Social media has become the No. 1 marketing tool for businesses, with 82% of organizations now using social media as a key communication and promotional tactic. It has become the window to a business, enabling companies to build a following, engage with clients and consumers, and share news and updates in a cost-effective way.

While social media can be a great tool, there are also a number of associated security threats. Just by having a presence on the platforms, organizations of all sizes put themselves at risk.

There are four main ways that social media threatens businesses:

1. Reputational Damage
High-profile individuals, brands, and organizations are regularly caught out for saying the wrong thing or posting something inappropriate. For example, last year, Jeff Bezos, CEO and president of Amazon, tweeted an image of himself dog sledding in the Arctic Circle while on vacation. This was amid a wave of criticism around the company's wages, causing a huge backlash from employees and high-profile individuals about its insensitivity and the pay gap within the organization. 

These incidents can happen via the corporate account itself, or via employees who are associated with the company. Businesses must understand that the networks created on social media act as the face of the company. If an employee, director, or owner posts pictures of themselves drinking excessively or discussing views that aren't held by the company, behavior or sentiment is often attributed to the company itself, with the reputational damage faling on the organization rather than the individual.

2. The Slip of a Finger
With 64% of marketers confirming that social media is just one aspect of their job, it's clear that many employees cannot always dedicate the time needed to properly manage corporate accounts. This is where mistakes happen and have the potential to ultimately cost businesses.

A common occurrence of this happening is when an employee accidently responds to the wrong message. An employee might be responding to one customer enquiry but actually sends their reply to a totally different customer — meaning sensitive information about a customer is shared with an unintended recipient.

A further threat is when a private message is instead shared via the corporate social media feed. While an employee thinks they're replying privately, they actually share the entire message — again, containing sensitive information relating to a customer — publicly. While the message can be removed from the timeline, anyone could have taken a screengrab of the information. In this public setting, companies must be conscious of the fact that this is not only a compliance breach but a reputational issue as well.

With General Data Protection Regulation compliance fines of up to €20 million (or 4% of global revenue), a small mistake like this can have big consequences. For example, if Google were to share customer data accidentally on its corporate Twitter account, this could mean a fine of $1.4 billion.

3. Social Phishing
Phishing is a prevalent cyberattack method, often carried out via email as a way to steal sensitive information from businesses or to infect corporate networks with malware. However, cybercriminals use social media to trick employees into allowing access to sensitive information about the company for which they work.

LinkedIn, in particular, has the biggest challenge with this because some employees use it a lot. Salespeople use the platform every day to find new business, track down information about people they're going to meet, and look for new job roles. Salespeople quite frequently receive incoming messages asking them to a click a link, and links can be malicious. Furthermore, those using LinkedIn tend to go to the site via a laptop during working hours, so cybercriminals know they're more likely to reach the corporate network because laptops often offer the quickest route to the company server.

4. Lack of Awareness 
Social media use has become a part of our everyday lives, both personally and professionally. However, there are some simple steps that businesses should take to ensure everything stays safe on company social accounts:

  • Employees should be trained on corporate social media policies and be given a "best use" guide, demonstrating what they can and can't do on corporate social media accounts.
  • Information about cyberattacks via social platforms should be circulated so employees know what to look out for and how to prevent a potential attack from happening.
  • Having simple practices in place, such as internal reviewing of content, means no tweet goes live without multiple approvals, reducing mistakes that have huge reputational impacts.
  • Limited access to the social corporate accounts should be in place. Not all employees should be given the passwords for the accounts; instead, the individuals that require access, or have been granted access, should have the login details sent to them privately and confidentially.
  • Passwords should be changed regularly and most definitely changed when an employee who had access leaves the organization.

Social media is a great marketing tool for businesses. However, if companies continue to ignore — or misunderstand — the threat that it poses, it will become the go-to platform for cybercriminals looking to steal sensitive information or cause huge reputational damage when silly mistakes are missed.

Related Content:

 

 

Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry's most knowledgeable IT security experts. Check out the Interop agenda here.

Guy Bunker is an internationally renowned IT expert with over 20 years' experience in information security and IT management. He currently holds the position of CTO at data security company Clearswift, and was previously the Global Security Architect for HP. Prior to that, he ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
niajax
50%
50%
niajax,
User Rank: Apprentice
4/23/2019 | 1:24:19 AM
Good to the know valuable tipls
Hi Guy,

There is a great relationship between Business & Social Media as most people believe Social Media really helps to a Business on social platforms.

But sometimes some mistake really hearts to a Business. A Business can heart by a small social media mistake. So these shared points are good to be aware of social media mistakes.
US Turning Up the Heat on North Korea's Cyber Threat Operations
Jai Vijayan, Contributing Writer,  9/16/2019
MITRE Releases 2019 List of Top 25 Software Weaknesses
Kelly Sheridan, Staff Editor, Dark Reading,  9/17/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "He's too shy to invite me out face to face!"
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-17789
PUBLISHED: 2019-09-20
Prospecta Master Data Online (MDO) allows CSRF.
CVE-2019-11280
PUBLISHED: 2019-09-20
Pivotal Apps Manager, included in Pivotal Application Service versions 2.3.x prior to 2.3.18, 2.4.x prior to 2.4.14, 2.5.x prior to 2.5.10, and 2.6.x prior to 2.6.5, contains an invitations microservice which allows users to invite others to their organizations. A remote authenticated user can gain ...
CVE-2019-11326
PUBLISHED: 2019-09-20
An issue was discovered on Topcon Positioning Net-G5 GNSS Receiver devices with firmware 5.2.2. The web interface of the product is protected by a login. A guest is allowed to login. Once logged in as a guest, an attacker can browse a URL to read the password of the administrative user. The same pro...
CVE-2019-11327
PUBLISHED: 2019-09-20
An issue was discovered on Topcon Positioning Net-G5 GNSS Receiver devices with firmware 5.2.2. The web interface of the product has a local file inclusion vulnerability. An attacker with administrative privileges can craft a special URL to read arbitrary files from the device's files system.
CVE-2019-14814
PUBLISHED: 2019-09-20
There is heap-based buffer overflow in Linux kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code.