22nd April 2019
Social media has become an increasing cybersecurity risk for businesses, especially if an organisation’s accounts are not correctly secured or staff usage policies not enforced.
Social media channels are a common way for cybercriminals to gather information on a business and its employees, projects and systems as well as deliver viruses or malware.
If you rely on social media, data and computer systems for your business, it’s critical to be aware of potential security risks.
Here are the top social cyber security risks your business may face in 2019.
Humans are the Biggest Cyber Security Risk
Strong network security is a must-have, but technology alone cannot protect against social cyber security risks.
Human error and a casual approach to employee use of social networks at work are liabilities.
Cyber criminals are adept at manipulating employees on social media to gain an organisation’s confidential information. Such cyber-attacks are common with simple mistakes placing business information at risk.
Leaked passwords, brand impersonation and other phishing scams (tricking employees into divulging sensitive information via web links) are responsible for almost 95% of all social cyber risk incidents.
Strategies such as educating staff, providing cybersecurity training and implementing data and Bring Your Own Device policies can help address the human risk factor.
Malware Attacks and Hacks
Social media cyber-attacks are predicted to be a major threat for businesses in 2019.
Cybercriminals are focusing their resources on data-rich environments, such as Facebook and Instagram, to gain access to personal information. Hackers use malware attacks to steal user data.
But it’s not just personal social media profiles at risk.
Social malware and data hacks can also target your business computer systems, usually in the form of malicious emails.
To avoid infection, social media, firewall and email settings should be strengthened. Businesses are advised to invest in secure technology, applications and platforms. Adding a cyber-insurance policy can also help cover potential financial losses from a cyber-attack.
Number of Botnet Social Media Accounts Increases
The use of automated bots on social networks is increasing.
Socialbots are an automated software that controls social network interactions by convincing other users they’re a real person. They are used in an attempt to affect the perception of brands, public figures and social-political debates. From a marketing perspective, they can also mean skewed tracking data such as fake ad impressions.
However, fake accounts and account takeover aren’t the only social botnet issues. They can also contribute to the spreading of fake news and inflame online debates, hijack hashtags and trends to manipulate public opinion and make it difficult to create and convert content.
In 2019, the number of botnet social accounts are predicted to increase making it difficult to know who to trust, especially if you use influencer marketing.
Learn how to spot a socialbot and get rid of fake ‘influencers’.
Cyber security risks can be better managed through up-to-date software.
To eliminate software update supply chain attacks, larger businesses should undergo software testing first. Alternatively, monitor all activities after an update to help block suspicious activity before damage is done.
Hacked accounts are compromised by stolen passwords or password attacks, social engineering, shared user data and brand impersonations.
Reduce password attacks and social media risks by:
- Paying attention to passwords: Long chains of special characters, mix of numbers and upper/lower case letters and two-factor+ authentication will create stronger passwords
- Never using one password for multiple accounts: Create completely different passwords for all platforms. Use tools like LastPass to help manage password security
- Monitoring social channels for risks: Accounts can be monitored on an ongoing basis for phishing links, fraudulent accounts and scams through tools like ZeroFox
- Creating policies and audits for password and account protection: Educate staff on stolen account passwords, encourage password changes at regular intervals, implement social media best practices and conduct regular audits of admin privileges
- Securing mobile phones: Don’t leave mobile devices unlocked
- Updating privacy settings: Check this regularly to prevent potential privacy risks
As more than half of all data breaches alone are due to phishing, be cautious about providing any sensitive information online.
Phishing emails have become more sophisticated, so red flags should be raised for any password or personal information requests. If you’re unsure, always verify the request over the phone or in person before pursuing.
Cyber Becomes Part of Risk, Not IT
Cybersecurity is no longer just an IT issue, it’s also a business risk in need of management
While risk management and data protection is critical for everyone, businesses in industries such as medical, legal and financial services require higher levels of protection.
To minimise the risks cyber protection strategies should be integrated into all parts of your business – from the IT department to employee training and security policies.