by Simon Yeoman
Social media for business. Crucial asset or Trojan Horse for cybersecurity threats? For a growing business, it’s both. From increasing brand awareness and targeting advertisements to boosting website traffic and conversion, an online presence can reap significant rewards for a brand. However, below the surface, all is not as it seems. Weak passwords, overshared personal details and even simple usernames can expose businesses to data breaches and leaks. And the rise of sophisticated deepfakes further increases this risk, enabling impersonation attacks that can have devastating effects.
This means hackers can create convincing accounts that mimic executives, employees or even the brand itself to trick users into sharing sensitive information or clicking malicious links. In addition, by using generative AI, attackers can easily generate written content that looks like it was posted by these individuals or businesses. This content can then be used to spread misinformation at pace. Considering these risks, it’s no surprise that 64% of businesses have experienced a social media related attack such as hacking or fraud1. Now, for the remaining 36%, the question is no longer ‘if’ an attack will happen but ‘when’.
Springing a link
Data has a hefty bounty on its head. And unfortunately, this means businesses’ social media profiles have a bullseye on their back. Attackers know very well that corporate social media accounts are a gateway to a goldmine of sensitive data, which is filled to the brim with customer information and internal records. Attackers can exploit this information to secure financial gain through identity theft, fraud or ransomware demands. In fact, cybercrime of this nature is highly lucrative, accounting for $3.25 billion in annual global revenue2.
But attackers don’t just stop at theft. They recognise that social accounts are a formative piece of the brand image puzzle. By finding a small mistake in an online profile such as a weak password or outdated privacy settings, they can use this weakness as a narrow passage to squeeze through and gain unauthorised access to an account. Once they breach an account, the damage can be extensive. They might send direct messages with malicious links, which trigger ransomware downloads once clicked. Or they could post defamatory content straight onto the account’s central feed. Either way, once inside an account, attackers can wreak havoc. Consequently, customer trust and loyalty can quickly vanish.
Last but far from least, these attacks can create drastic compliance and legal challenges for businesses. That may result in financial losses, operational downtime or even permanent business closure. These challenges include privacy regulations and data breach notification laws3, which require businesses to notify authorities and impacted parties following a breach.
Plugging the pipeline: five steps to manage social media risk
To safeguard its data, reputation and customers, a business must lockdown its digital presence. But where to start? For those looking to batten down the security hatches, there are five key steps to consider. Unwittingly, employees can pose a major threat to the wider business through the poor passwords and usernames they set, along with incorrect handling of devices and processes. As a result, the first step is to put limits in place to manage access to social accounts.
As the saying goes, too many cooks spoil the broth. And the same can be said for security. Allowing only a select few individuals access to the controls significantly reduces the likelihood of outside tampering. Social media, acting as a trap door into an organisation, also require the rolling out proactive measures throughout the entire business. Therefore, the next step is to implement strong password policies and mandate multi-factor authentication for business logins. This means making it compulsory for all employees to create strong complex passwords that they frequently change. Employees also need to set up at least two forms of verification for their personal online accounts, especially if these accounts are used to manage business profiles. This often involves receiving a code via text or email which must be entered on the login page to confirm identity.
Once these policies are in place, businesses must provide training to educate employees at every corner of the organisation to make sure they understand how to operate safely online. This could include regularly inviting cybersecurity experts to discuss best practices for using personal devices for work, specifically how to protect corporate data4.
Finally, businesses need to develop a data breach strategy. This includes using encryption to prevent unauthorised access, implementing anti-malware and antivirus tools and carrying out regular backups to act as a safety net in case of a breach. These steps create a strong defence against data breaches.
Leaving the Trojan Horse at the gate
In the digital age, social media for businesses is a double-edged sword. Yet businesses can take steps to counteract this and return the balance in favour of the benefits. This can be supported by managing social media account access, implementing strong password policies and multifactor authentication, training employees and creating a data breach strategy.
The author, Simon Yeoman, is a CEO at Fasthosts.
(*4) NCSC: https://www.ncsc.gov.uk/collection/device-security-guidance/bring-your-own-device