Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

4/22/2019
10:30 AM
Guy Bunker
Guy Bunker
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

4 Tips to Protect Your Business Against Social Media Mistakes

Don't let social media become the go-to platform for cybercriminals looking to steal sensitive corporate information or cause huge reputational damage.

Social media has become the No. 1 marketing tool for businesses, with 82% of organizations now using social media as a key communication and promotional tactic. It has become the window to a business, enabling companies to build a following, engage with clients and consumers, and share news and updates in a cost-effective way.

While social media can be a great tool, there are also a number of associated security threats. Just by having a presence on the platforms, organizations of all sizes put themselves at risk.

There are four main ways that social media threatens businesses:

1. Reputational Damage
High-profile individuals, brands, and organizations are regularly caught out for saying the wrong thing or posting something inappropriate. For example, last year, Jeff Bezos, CEO and president of Amazon, tweeted an image of himself dog sledding in the Arctic Circle while on vacation. This was amid a wave of criticism around the company's wages, causing a huge backlash from employees and high-profile individuals about its insensitivity and the pay gap within the organization. 

These incidents can happen via the corporate account itself, or via employees who are associated with the company. Businesses must understand that the networks created on social media act as the face of the company. If an employee, director, or owner posts pictures of themselves drinking excessively or discussing views that aren't held by the company, behavior or sentiment is often attributed to the company itself, with the reputational damage faling on the organization rather than the individual.

2. The Slip of a Finger
With 64% of marketers confirming that social media is just one aspect of their job, it's clear that many employees cannot always dedicate the time needed to properly manage corporate accounts. This is where mistakes happen and have the potential to ultimately cost businesses.

A common occurrence of this happening is when an employee accidently responds to the wrong message. An employee might be responding to one customer enquiry but actually sends their reply to a totally different customer — meaning sensitive information about a customer is shared with an unintended recipient.

A further threat is when a private message is instead shared via the corporate social media feed. While an employee thinks they're replying privately, they actually share the entire message — again, containing sensitive information relating to a customer — publicly. While the message can be removed from the timeline, anyone could have taken a screengrab of the information. In this public setting, companies must be conscious of the fact that this is not only a compliance breach but a reputational issue as well.

With General Data Protection Regulation compliance fines of up to €20 million (or 4% of global revenue), a small mistake like this can have big consequences. For example, if Google were to share customer data accidentally on its corporate Twitter account, this could mean a fine of $1.4 billion.

3. Social Phishing
Phishing is a prevalent cyberattack method, often carried out via email as a way to steal sensitive information from businesses or to infect corporate networks with malware. However, cybercriminals use social media to trick employees into allowing access to sensitive information about the company for which they work.

LinkedIn, in particular, has the biggest challenge with this because some employees use it a lot. Salespeople use the platform every day to find new business, track down information about people they're going to meet, and look for new job roles. Salespeople quite frequently receive incoming messages asking them to a click a link, and links can be malicious. Furthermore, those using LinkedIn tend to go to the site via a laptop during working hours, so cybercriminals know they're more likely to reach the corporate network because laptops often offer the quickest route to the company server.

4. Lack of Awareness 
Social media use has become a part of our everyday lives, both personally and professionally. However, there are some simple steps that businesses should take to ensure everything stays safe on company social accounts:

  • Employees should be trained on corporate social media policies and be given a "best use" guide, demonstrating what they can and can't do on corporate social media accounts.
  • Information about cyberattacks via social platforms should be circulated so employees know what to look out for and how to prevent a potential attack from happening.
  • Having simple practices in place, such as internal reviewing of content, means no tweet goes live without multiple approvals, reducing mistakes that have huge reputational impacts.
  • Limited access to the social corporate accounts should be in place. Not all employees should be given the passwords for the accounts; instead, the individuals that require access, or have been granted access, should have the login details sent to them privately and confidentially.
  • Passwords should be changed regularly and most definitely changed when an employee who had access leaves the organization.

Social media is a great marketing tool for businesses. However, if companies continue to ignore — or misunderstand — the threat that it poses, it will become the go-to platform for cybercriminals looking to steal sensitive information or cause huge reputational damage when silly mistakes are missed.

Related Content:

 

 

Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry's most knowledgeable IT security experts. Check out the Interop agenda here.

Guy Bunker is an internationally renowned IT expert with over 20 years' experience in information security and IT management. He currently holds the position of CTO at data security company Clearswift, and was previously the Global Security Architect for HP. Prior to that, he ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
niajax
50%
50%
niajax,
User Rank: Apprentice
4/23/2019 | 1:24:19 AM
Good to the know valuable tipls
Hi Guy,

There is a great relationship between Business & Social Media as most people believe Social Media really helps to a Business on social platforms.

But sometimes some mistake really hearts to a Business. A Business can heart by a small social media mistake. So these shared points are good to be aware of social media mistakes.
97% of Americans Can't Ace a Basic Security Test
Steve Zurier, Contributing Writer,  5/20/2019
How Security Vendors Can Address the Cybersecurity Talent Shortage
Rob Rashotte, VP of Global Training and Technical Field Enablement at Fortinet,  5/24/2019
TeamViewer Admits Breach from 2016
Dark Reading Staff 5/20/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-7068
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
CVE-2019-7069
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution .
CVE-2019-7070
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
CVE-2019-7071
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
CVE-2019-7072
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .