[BreachExchange] 7 Social Media Security Best Practices to Keep Your Business, Data & Reputation Safe

[Audrey McNeil]

http://www.business2community.com/cybersecurity/7-social-
media-security-best-practices-keep-business-data-reputation-safe-01886643

Corporate social media concerns have progressed past the question of ROI as
a marketing discipline and have landed squarely in the Risk Officers lap as
a security concern. In fact, social media security is a serious risk for
every corporation. Since 2011, cyber criminals have found a home on social
media where they perpetuate fraud. During the past six months, CIO Insight
states that cyber criminals have increased 70% (and it does not appear to
be slowing down). CIO Insights also states that worldwide security breach
costs will grow from $3 Billion in 2015 to $6 Trillion in 2021. That’s a
lot of crime, and a lot of damage to your company!

To protect brands and reputation, companies must now ensure that their
social media accounts are notgateways that expose them to costly threats.
this means that you need to keep vigilant watch for cyber risks, including:

Ransomware attacks (such as the recent Wanna Cry)
Hijacking or hacking accounts
Phishing or impersonating brands to gain an audience
Stealing passwords to gain access to an account associate with a brand or a
person
Giving access to shared user data through social platforms

With all these threats lurking, it can be difficult to manage and monitor
risks and protect your company (and even your customers) from potential
damage. Instead of waiting for an alarm bell to sound, businesses should be
proactive and implement a social media governance plan that keeps their
business, data and reputation safe. Here are seven social media security
best practices to make the security section of your governance plan the
best it can be:

Social Media Security Best Practice #1: Discover All Points of Presence
(POPs)

The first step in keeping your corporate social media governed is to
determine which accounts, pages, channels, boards, etc. appear to be
associated with your business. Because counterfeit accounts can pop up at
any time, you have to be aware of where your business is being represented
on social media in order to assess whether a brand account is valid. Once
you discover all of the POPs for your business, you will have a bird’s eye
view of the accounts and areas that you must actively keep secure. After
this first audit, be sure to have an ongoing audit program in place to find
newly created rogue or fraudulent accounts.

Social Media Security Best Practice #2: Assess all POPs

It can often come as a surprise to a company when they figure out just how
many places their brand is represented on the internet. Once you’ve
determined where all of your business’ POPs are located, it is time to
decide which ones should be managed and which ones should be shut down.
When assessing POPs be sure to look for:

Accounts that your company does not have access to (due to lost credentials)
Accounts that are using your brand in an inflammatory way
Duplicate accounts for locations or sub-brands
Fraudulent accounts
Accounts that mislead a consumer to believe that is is representing your
brand

Social Media Security Best Practice #3: Create Inventory System for POPs

Creating an inventory system for all of your POPs gives your company a
consistent and reliable way to keep track of each one. It also gives you an
opportunity to group POPs together by social media channel, location,
sub-brand, etc. so that they are easier to sort and assign to a manager
(discussed below). An inventory method also ensures that when you check up
on your company’s POPs after this initial assessment, you can identify new
accounts and track any changes that differ from your existing inventory.

Social Media Security Best Practice #4: Assign Responsibility for POPs to
Team Members

Now that all your POPs are in one place, it comes time to divide
responsibility for them among your team members. Depending on the number of
POPs you have, it may be overwhelming for one person to monitor everything.
Therefore, dividing the responsibility makes sure that each one is getting
the right amount of attention to ensure top security. The team members
should be trained on governance and risk protocols and be responsible for
elevating any risk occurrences per protocol.

Social Media Security Best Practice #5: Think About Access and Control of
POPs

One thing that is often overlooked is the access and control of POPs. Once
the responsibility is divided up, don’t assume that the manager is the only
one that needs control. In a best case scenario, if the current manager
leaves the company, you should be sure that someone else has the
credentials and the training to run the account smoothly. In a worst case
scenario, if the current manager leaves the company with a trail of
destruction, you should be sure that they can be removed swiftly from any
POP and account posting can take place as usual.

Access also becomes a major factor when a new POP needs to be created.
Think about who will have access, what their access levels will be and who
will be responsible for management. Then, decide what the password system
and security protocol for accounts will be (such as forbidding social login
to new accounts). Thinking about these components beforehand and creating a
risk mitigation plan before you need one will ensure there are no lapses in
security.

Social Media Security Best Practice #6: Evaluate the Compliance of POPs

Another important part to social media security is checking the compliance
of all POPs to see if they are up to brand, corporate, and regulatory
standards. If they do not meet this criteria, you should either fix the
account so that it is compliant or shutdown the account as a whole. If you
do not have social media compliance guide to check your POPs against,
create a guide sheet that lists the requirements (legal, corporate and
brand) for each approved social platform.

Social Media Security Best Practice #7: Secure the Tool Chain for each POP

The last best practice is getting the right tools in place for POP
management and monitoring and make sure you list the access of each tool
per POP on your Inventory list. Connected tools are certainly an avenue
that weakens the security of each account. By knowing your tool chain, and
limiting access to your business needs, you will have less concern about
cyber threats entering via an attached tool. Whether you need to manage
content or compliance, or analyze data and sentiment, think about your
required business tools that attach to your POPs and ensure they are secure.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170731/51a0f90d/attachment.html>