Despite what you read on the Internet, social media doesn’t pose a massive risk to the security of your business. The most common reason there are problems is because of social media mismanagement. Use this article as a starting point for your business’s social media policy, and make a point of staying up to date on the most recent social media threats.
Security Risks For Businesses That Use Social Media
Your aim is to protect your business’s security while allowing your staff and your social media viewers to engage as freely as possible. Your aim is to protect yourself in the least restrictive manner possible.
#1 Human Error by Staff Members
Allowing your staff to contribute to your social media pages is a good way of artificially making your social media profiles appear more active and dynamic than they are, but staff may make innocent mistakes when posting. They may allow company secrets to slip, such as release dates, and they may allow security information to slip, such as stating when something will be delivered to the company office.
#2 Security Flaws Within the Social Media Platforms
There isn’t much you can do about these besides stay up to date with current news developments and change your password frequently, but such flaws occur from time to time. For example, the Heartbleed bug existed between 2012 and 2014, and that affected the security of Facebook, Instagram, Pinterest, Tumblr, Flickr and YouTube.
#3 Malicious Apps
The threat may come from the software you use to access your social media accounts. The tool you just downloaded may seem pretty safe, but it may be funneling information or access to the developers of the tool. Even software that seems trustworthy may have backdoors that hackers may exploit, especially if it is not updated often.
#4 Social Media Scams and Phishing Attempts
Platforms such as Facebook, Pinterest and LinkedIn are full of scam and phishing attempts. Google+ and Twitter are significantly safer, but you still need to understand the threat. Fooling your staff into doing something as innocent as clicking is sometimes all the scammers need.
#5 Social Media Scams That Target Your Customers
These are especially dangerous for businesses. Scammers post things on your social media profiles that appear to come from your staff when in fact, they are scammers trying to pass themselves off as your staff to gain your viewers’ trust. You need to identify and block such scammers as quickly as possible. You may also hear this referred to as “Brand Hijacking.”
#6 Social Media Trolls
The way you deal with them may cause security risks. Ignoring them, deleting their posts and blocking them is the only safe method. Paying companies to stop trolls is like paying firefighters to stop burning down your house. “Troll blockers” do not exist and are part of a scam. Using safe space websites/services will damage your ability to gauge your audience’s reaction to your posts. Also, there is a good case being made for not blocking trolls because it may make them more dedicated to the cause.
11 Social Media Security Tips
Threats and associated advice will always be ever-changing, so create a policies and threats page on your intranet website that only your staff may see, and allow them to post them on threat advisories on it along with their name to show they came up with it.
#1 Know what you are signing up for and go over every setting
Go through every option and every setting and adjust as needed to protect your security and privacy. Literally, sit at your computer clicking links/buttons until you have explored and understand every setting.
#2 Lower the amount of information you post
Everything you enter into your social media profile should be safe for the public to know. If in doubt, ask yourself, would you enter this information on a leaflet that you post through people’s doors?
#3 Have a company policy about posting your location
Have a “safe list” that lists the places your staff is allowed to post as their location. Having staff post their location may be a security risk if your staff is too honest. Have a safe list with places such as your office, warehouse, and trade conventions.
#4 Change your password every week
Numerous staff members will have access to your passwords, and changing the password on a weekly basis will help to lower staff abuse of your social media accounts, especially by people that no longer work for you.
#5 Do not take blackmail seriously
Supposed hackers will threaten you via social media to blackmail you into secretly paying them. There are numerous scams, from claiming they have control of your systems, to threatening negative feedbacks on your social media profiles. Do not engage with them – simply ignore them. Do not even reply because it is imperative that they think you have not received the message, even if it is posted on your public wall, just delete it and block the user.
#6 Keep your security software and operating systems up to date
Social media may be used as a backdoor into your systems, yet many threats may be extinguished by keeping your security software, your operating systems, your browsers, your networks and servers up to date.
#7 Teach your staff about email threats
Your staff will receive emails with subjects that claim the company social media accounts have been locked or hacked. Teach your staff to ignore such emails, and tell them to navigate to your social media account independently (via Google and not via the email) to see if there is any truth to the email.
#8 Run a malware check on your social media profiles
Many paid virus/malware checkers will allow you to run a social media scan. Just be sure the virus/malware checker you are using is a named brand and a genuine version. If your checker cannot identify malicious software or links, then air on the side of caution and remove suspicious items/links yourself.
#9 Set rules and policies governing your staff’s personal social media use
Many larger companies have gone to the trouble of writing policies into their employment contracts revolving around social media. Staff may be fired if they post negative things about their company or staff, and if the employee posts private information that may cause a risk to the company or its staff. You may even consider a no-employment disclosure that means staff members have to leave their employment status blank on their personal social media profiles.
#10 Create social media enforcers
You have security guards that enforce physical security rules, you have network enforcers that manage the security of your servers and network–so why not have social media enforcers that check for inappropriate and/or incorrect social media activity.
#11 Have your tech department stay up to date with the CVE
If you take your security seriously, then have your tech department stay up to date with the most recent entries to the CVE (Common Vulnerabilities and Exposures) list. It will help maintain your information processing security and your social media security.
Wrapping it Up
Allow your staff to contribute to your social media profiles, and allow them to contribute to your social media policies, especially with regards to threat identification. Overreacting about a social media threat is not the way to go, especially if it involves spending money to try to fix the problem. Remember that you are only as exposed as you allow yourself to be. When posting things on social media, especially business information, ask yourself if you would put the same information on a leaflet that you post to a potential customer. If you wouldn’t post the information to a stranger, then do not post it on your social media profile.