Once trusted applications are more and more becoming the fodder for social hacks & identity theft. With the internet of things (IoT) taking off, so are the opportunistic careers of hackers – preying on social, mobile, and digital platform profiles – such as Slack, LinkedIn, Facebook, mobile app stores, Pastebin, Instagram, Twitter, and even unattended blog feeds fall prey to these cyber criminals.
Loosely password protected accounts, compromised infrastructures, and profiles that have been forgotten then become the launch pad for all kinds of cyber abuse & crimes.
SMB & enterprise organizational security then becomes an even bigger prey for these cyber criminals. Modern organizations & IT department perimeters can struggle with the scale, profile protection and allowances, and lack of visibility of these platforms, and thus are vulnerable against attack (from targeted phishing & spoofed accounts to executive threats and data loss).
Is Social Media Security Important?
Because social media has become a huge part of a businesses online footprint, from SEO to administrator profiles, so too has the need for SM security increased.
What Is Social Media Security?
Social media security is the process of analyzing dynamic social media data in order to protect against security and business threats.
Hey, disasters happen. Luckily for you, IT happens too. pic.twitter.com/LATL1vsIzz
— Technology Solutions (@TechnologyTulsa) September 20, 2018
Where IT Consulting Firms Fit In
What we find is that no two industries are alike concerning the SM threats they face. The last thing a business wants is negative press about how they put their client information at risk. SMBs & enterprises increasingly neglect these security deficiencies because they can’t make sense of the true cost to protect this part of their organization. What decision makers see is the hard cost to protect against something they have never previously experienced.
Even before an attack occurs, just acknowledging how social media now controls so much of the flora and fauna of our NAP, marketing efforts, and SEO is enough to understand security as a service is a REAL need.
I won’t mention the human talent, if they leave, how quickly can you strip their access, remove their admin rights & editor permissions, and fully understand their control of your SMBs footprint. Ker pow, an outsourced IT service & software rental program begins to make more sense. Usually, these people don’t turn around and attack the business, it’s the logins, accounts, and permissions that eventually become vulnerable.
Security Service Most Common Actions
Our time is most often spent allowing our firewalls, limited login software, password protection habits, & up-to-date infrastructure do its job. But when that isn’t enough it’s spent blocking targeted phishing attacks, protecting corporate accounts from compromise, fighting fraud or defending against scams and impersonated accounts. Social media security is critical for modern business success.
Social Media Security Definitions:
INTELLECTUAL PROPERTY -Copyrighted content repurposed for malicious activity
BRAND IMPERSONATION – Brand name used to dupe legitimate customers
MALICIOUS LINKS -Domain squatting URL & shortened links lead to phishing pages
HASHTAG HIJACKING – Marketing hashtag hijacked to target genuine followers
FAKE PROMOTIONS – Malicious ads drive to phishing pages, counterfeit goods or malware
PHISHING – The fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.
Purchasing Social Media Friends/Followers/Influence
The New York Times covered the emergence of this as a service that one could just purchase friends, followers, or influence. Pay more and get more type of service. What isn’t being discussed is how these services are creating vulnerabilities leading to an increase in “social engineering attacks” perpetuated by “bots.” Look at the difference between followers and following between the two Twitter accounts above.
Social engineering attacks prey on the human tendency of trust. Creating fake trust exercises like reciting information that is common knowledge, but considered account specific. These Social Engineering Attackers aim to gather information to commit fraud and access closed systems.
More than a million Twitter followers have disappeared from the accounts of dozens of prominent Twitter users in recent days https://t.co/JdZGvuvvxc
— The New York Times (@nytimes) January 31, 2018
Bots are software applications that run automated tasks over the Internet. These applications are built to perform repetitive tasks at scale in a fraction of the time it would take a human counterpart.
A third party account friends your account with their bot accounts. These are accounts that look, and seem just like normal accounts, but are really accounts that are controlled by software that like, share, and disseminate your posts into additional channels. All of this leads to an increase in liked posts, shared content, increased page views, and followers.
What’s even more deceptive about these bot accounts is they have realistic names, say things that real people say, post during peak times, and can have conversations.
How Do These Hacker Improvements Affect Cyber Security?
The implications of this trend are huge for cyber security and SMB social media accounts. If the use of bot accounts was strictly to grow a person’s social media, we wouldn’t be having this conversation. Malicious actors purchase these bots and use them to launch attacks on SMBs.
These bots then post malware and phishing attempts nested in hyperlinks. If these hyperlinks were obvious like they were in the 90’s it wouldn’t be as hard to identify clear attacks, unfortunately, they are usually condensed and difficult to read or identify.
The worst part about these links is they are sent nested in text designed to persuade your followers/clients to click the link.
It takes one click. One person. Instantly the infection is underway and the network compromised. These bots don’t necessarily need a mastermind running them either as they can be purchased and set up in minutes, and then disappear immediately after the attack is successful.
What’s worse is there is little if any footprint, so how does an organization secure its network and team from future attacks? The short is it is very difficult.
IT professionals are no strangers to blacklisting IP’s and regions, but even this prevention is rendered useless at times, because the list isn’t updated fast enough and this form of security isn’t really built for SM security threats.
We See These Bot Accounts Everywhere
Bots are a problem because of how fast they create (creating thousands of impersonator profiles) profiles of celebrities, business leaders, or politicians – exploiting that person’s notoriety. People attract to these accounts more frequently and thus are then connected to a bot account. If you look at your friend lists on your profiles, you’ll find, some of your friends are probably bot accounts.
What can they gain by doing this? These bot accounts send you malware or phishing links. It’s much easier to click a link from a celebrity, they should be above board, right? So, unknowingly, you click and infect your machine and if you’re at work, your employers’ entire network. They then gain access to the information stores on your computers, networks, and in your accounts.
The Importance of Social Media Security
First world problems. There is no way back to a time without social media accounts that function to promote your company, and people. Each year, aps & medias are created to fix another pain point for users. Each year, we update additional information about our clients, organization, and selves in order to reap the benefits of these resources.
This plethora of information, stored and shared online, must be actively be guarded with a social media security strategy.
This gained connectedness comes with a tradeoff, yes we are more connected to clients and potential clients, but we are more connected to those hoping to leach our information for their personal gain & malicious activity. Hackers and scammers are not going away, so we must do what is necessary to safeguard our organizational assets.
Our company gave up all social media and we haven’t been hacked yet! This is not a solution.
The loss of connectivity, marketing coverage, branding, and footprint is too great a tradeoff. Consider those aiming to erode your market share.
Neither is it reasonable to carry on as if social networks are safe and secure. You need to take steps to protect your company against some of the most common social media security threats. Here’s where to start. Create a social media policy!
Things to consider when creating a social media policy
- Consider reserving your brand’s handle on all social media channels, even if you don’t plan to use them. This allows for brand consistency.
- Don’t ignore the accounts you aren’t using or have stopped using – Idle social accounts can be the target of hackers – Knowing the account is unmonitored, once they gain control, they could send anything from false information that’s damaging to your business to virus-infected links that cause serious problems for followers. And you won’t even notice until your customers start coming to you for help. It is all too easy for an employee to accidentally expose the company to threats online.
Document and know which third-party apps that are integrated with the big social networks that you are utilizing.
Hackers accessed Forbes and Amnesty International’s information using a flaw in the Twitter Counter app.
- Train employees how to spot phishing attacks and scams which are aimed at tricking people into handing over personal information i.e. banking details, passwords, or business information.
- Train employees to recognize imposter accounts – the number of fraudulent social support accounts increases each year. Via these imposter accounts, hackers target vulnerable customers, tricking them into handing over confidential information. In some cases, it’s hard to explain to the client that it wasn’t your businesses account, which leads to a loss of trust from the client. The worst is when a hacked or fake profile is connected to an employee, which then requests remote access to the victims’ work computers.
- Each organization must have a baseline of privacy settings set on their work computers and networks. There are obvious threats that can be easily avoided with this simple step.
- Put a policy in place about lost mobile phones – These phones allow for access to social networks with just one tap. Employees must know the additional risk that an organization is placed in when a device is misplaced or stolen. It should be obvious enough, but every device must be password protected.
- Create brand guidelines that explain how to talk about your company on social.
- Rules related to confidentiality and personal social media use.
- Define which departments or team members responsible for each social media account.
- Create guidelines related to copyright and confidentiality.
- Create guidelines on how to create an effective password and how often to change passwords.
- Create expectations for keeping software and devices updated.
- Outline who to notify and how to respond if a social media security concern arises.
Policies don’t keep every invader out, but they go a long way in helping catch problems quickly, and eliminate much of the low hanging fruit for hackers. Looking for social media training sessions?
Using Hootsuite To Help Control Social Media Account Access
The first line of defense is to limit the number of people who can post on your accounts. Once you’ve decided who can post, use software like Hootsuite to give the right people the right account access. This way, they never need to know the individual login information for any social network account. If the person leaves your company, you can disable their account without having to change all the social networks passwords.
Hootsuite gives employees or contractors the ability to draft messages, preparing them so they’re all set to post at the press of a button. But leave that last button press to a trusted person on your team. Keep your posts in line with your image and goals.
Designate A Social Media Manager
Designating an informed employee to be the eyes and ears of your social presence can go a long way toward mitigating risks. This person should take your social media policy to heart, monitor your brand’s social presence, and audit your medias to determine who has publishing access. Most often this is a trusted member of the marketing team. If there is an IT team, this person should have contact with the IT team in order to limit the response time to threats.
Because unattended social accounts are ripe for hacking, the social media manager must have an eye on all channels – even those unused.
This person must, must, must follow up on anything unexpected. Obvious things to watch for are imposter accounts, inappropriate mentions of your brand by employees or vendors, and negative conversations about your brand. Nielsen found that 83 percent of people trust online recommendations from friends and family, making recommendations from people we know and trust the most credible form of advertising in their study.
Even With A Social Media Manager You Will Need To Invest In Security Technology
No matter how close an eye you keep on your social channels, you can’t monitor them 24 hours a days – but software can – which can alert you of security risks in real time. Learn how to set up social listening for your business. Connecting Hootsuite to a ZeroFOX account can be a major advantage for anyone hoping to monitor a company social footprint in real time.
Social Engineering Recommendations
Remember a social engineering attack is going to target your tendencies and curiosity. Ever seen a Facebook friend-request with a super good looking person, you are certain you DO NOT know? This is a prime example, of an attack on human psychology. These hackers hope to gain your interest or trust in order to compromise your information. It really is up to the employees and social media manager to help create training and a culture of understanding in order to keep the organization free from these types of attacks.
Tips on how to avoid social engineering schemes:
- Do not open any emails from untrusted sources.
- Do not give offers from strangers the benefit of the doubt.
- Lock your laptop
- Use software.