Compromised social media accounts are more dangerous than most people think. It is not only that brand reputation that might take a hit but you could end up exposing credit card information as well as sensitive business details. Moreover, hackers can use compromised social media accounts to launch other cybersecurity attacks such as ransomware and phishing attacks.
Despite this, very few businesses turn on two factor authentication. According to a study conducted by Twitter, only 2.3% of accounts have turned on two factor authentication. Heather Paunet, Senior Vice President of Untangle highlighted the methods hackers use when he said, “Hackers use many different ways to get access to your social media accounts such as unattended accounts, third-party apps, fake coupons, and suspicious URLs concealed by using a shortener.” His advice, “You should never leave out social media from network security discussion.”
In this article, you will learn about steps you can take to create a security social media policy for your business.
7 Steps To Create a Secure Social Media Policy For Your Business
Here is a step-by-step process you can follow to create a secure social media policy for your business.
1. Increase Awareness About Threat Actors
Hackers launch social engineering attacks to trick people into sharing their sensitive personal, financial and business details with them. They might even launch a DDoS attack on your network so it is better to have DDoS protection. The first step you should take is to educate your employees about those threat actors and how they operate. What methods do they use to target victims? Once your employees are aware, they are not only less likely to fall victim to those social media scams but can also report any suspicious activity as soon as they notice it.
Cybercriminals might set up fake pages and social profiles as well as send messages to employees which might look genuine but actually, they have malicious intent behind it. The more aware your employees are, the easier it will be for them to detect these types of attacks. Organizing employee training to increase awareness is not enough especially if you don’t test their knowledge with mock attacks.
2. Create a Cohesive Social Media Universe
Once you have laid a solid foundation, now it is time to get a better idea about how large your social media universe and footprint actually is. There are three layers to social media footprint.
- Executive Pages
This usually encompasses Facebook, Twitter and Linkedin accounts. Your goal is to identify who your most vulnerable social media users are. Yes, executives and critical supply chain vendors are the prime target but everyone knows that. It is your employees that can serve as a soft target for hackers on social media.
3. Practice Good Cyber Hygiene
With most employees having multiple accounts on social media, they tend to use the same password on all the social channels. This makes it easy for hackers to get access to one account and hack into all other accounts. That is why it is highly recommended that you use unique and strong passwords for all your social media accounts.
What employees don’t realize is that their personal social media accounts can serve as a backdoor channel to target corporate social media accounts. Since some employees have privileged access to corporate accounts, hackers can compromise those users accounts and wreak havoc on your corporate account. Experts advise businesses to add an extra security question or use two factor authentication for added security.
4. Designate Owners To Each Social Media Account
With so many social media accounts to manage, you can easily lose sight. To keep things organized, you must assign an owner to every social media account. Identify who is responsible for managing that account. This will help you identify the key person in case of an incident and you can also hold them accountable.
People responsible for managing corporate social media accounts should also look at the content they are posting and where they are posting it. This can save you from compliance scruiting and impact on your valuation especially if you are a publicly traded company. By publishing content about your company performance, you are inviting attention from regulators who might question you about the authenticity of the information.
5. Reduce Your Social Media Attack Surface
The larger your social media universe and the larger your social media footprint actually is, the wider your attack surface. Your goal is to minimize the attack surface as much as possible. Make sure you monitor all your social media accounts across different social channels. Security teams must decide the process of how user login and access the accounts. You also need to consider which social media management tool you use to manage all your accounts.
6. Know About Employee Preferences
Employees hate being told how to use social media. If you enforce restrictions, they will try to find a way to bypass the restrictions. As a business, you don’t want that as it can put you at a higher cybersecurity risk. Not only that, it makes it easier for hackers to target such users. It is important to respect the needs of the users and their privacy when creating and enforcing a social media policy otherwise, you might encounter this problem from time to time.
7. Prepare Yourself To Deal With Expanding Social Media Landscape
The number of social media platforms are growing with each passing day and so do your employees’ social media accounts. This makes the job of security teams even more difficult. Sadly, this situation is not going to change anytime soon so you need to adapt and prepare yourself to handle this challenge. Whenever an employee creates a new account on any new social platform, make sure you apply security policies to that account. If you don’t do that, these new accounts can serve as an opportunity for hackers to gain access to your corporate networks. Security and compliance teams must run continuous audits on all channels that the company has presence on.
How do you create a social media policy for your business? Share it with us in the comments section below.