[BreachExchange] How To Protect Your Business From Social Media Security Threats

Thu Feb 25 20:35:47 EST 2016

http://www.forbes.com/sites/coxbusiness/2016/02/25/how-to-protect-your-business-from-social-media-security-threats/#6fbeeaa4e885

Social media networks play such a big part in our daily lives, not to
mention our marketing efforts, that they are easy to take for granted. We
see the positives of social media and downplay or ignore its negatives.
It’s all fun and games until your profile gets hacked, or you click an
unsafe link and unknowingly install malware.

Here are some dangers of social media for your business and how you can
prevent them.

Hacked Accounts

When hackers access your social media accounts, they may try to impersonate
your staff or slander your business. They may post inappropriate content or
harmful links. Any of these scenarios alienate the customers following you
and hurt your reputation. Protect your accounts by creating strong
passwords, setting up two-factor authentication where possible, and using a
unique password for each account. Change passwords regularly, and don’t
write down or email passwords.

Phishing

If a social media site itself is hacked, the hackers may attempt to steal
your password or other sensitive information by requiring you to login in a
(fake) pop-up window or fill out a form. Alternatively, they may send
emails or notifications purporting to be from the social media site. If
something looks fishy, it probably is—don’t click on any links or fill out
any forms, and contact the site directly to report it. Keep up-to-date on
news of phishing on sites you use.

Scams

Scammers may target your business directly via social media, in hopes of
wheedling money or information out of you by impersonating a service or
vendor. Again, when in doubt, do not offer any information and contact the
company directly.

Scammers may also go after your customers on your social media feeds
instead, impersonating customer service or distributing fake coupons. Stay
on top of these types of scams by moderating comments where you can and
setting up notifications for messages and comments. That way you can delete
any malicious comments and report and block the user immediately.

Employee Usage

Just as you might unwittingly click on a malicious link or get your
password phished while marketing your business via your social media
accounts, employees may do so from their own accounts…from your network.

It’s important to have a strong social media policy in place to prevent
this from happening. Consider setting your security software to restrict
access to social sites from your network. For those employees whose
responsibilities include promoting your company through social media, have
clear guidelines around posting, password creation, and recognizing
suspicious online activity. Make sure that all employees know not to post
compromising information to your social media accounts or their own,
whether on the clock or at home.

Hashtag Hijackers

The good news: your hashtag is trending. The bad news? That huge increase
in visibility and follower engagement will bring bad guys out of the
woodwork.

While social media threats can do businesses damage on a much larger scale
than individuals, many of the dangers are similar. And happily, that means
that many of the remedies are similar as well. Keeping yourself and your
employees informed about threats, putting security precautions in place to
protect your system from malware and viruses, and regularly updating that
security software will go a long way in protecting your system.

For more extensive, customized protection for your business, develop a
cybersecurity plan that includes social media policies with the help of
your IT department or consultant. Consider obtaining cybersecurity
insurance. Make securing your social media accounts a priority in your
security plan, and protect your online presence as you would any other
digital asset.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160225/82321d24/attachment-0001.html>