Social Media control awareness
Recently I investigated incidents related to social media hacking and loss of money that revealed vulnerabilities requiring risk and control awareness as business users. In the instant case, funds were placed in a designated bank account to pay for advertisements based on the hits. Hackers breached data and passwords and diverted the funds for another ad for some fancy products. The lesson learned is that some simple steps can mitigate the severe risks of social media.
The benefits of social media are widely known. As social media users continue to grow and more brands use the channel as part of their marketing mix, so do social media risks. Some startling statistics are that over half of the total population (7.8 billion) are active social media users, and on average, users spend 144 minutes daily. 90% of people buy from brands they follow on social media. “Social media is not only more cost-effective than advertising, but it also offers great opportunities for innovative engagement with your customers.” – Richard Branson
Social media brings inherent trust issues that can present security challenges for businesses. Companies might unwittingly share sensitive information and risk hacking or fake executive accounts, identity theft, and payments to external parties without validation.
In identity theft, scammers use information and photos to create fake social media profiles to scam money or tarnish reputation. Social phishing uses social media platforms to steal personal data or gain control. It is intended to trick users into clicking deceptive links. Malware is a file or code, typically delivered over a network, infects, explores, steals, or conducts virtually any behavior an attacker wants. Data exploitation is where some social media platforms could hint at passwords. Be cautious of taking a quiz that asks personal questions.
As a mitigation measure, businesses should consider these, among other specific solutions, if already devised to safeguard assets;
Developing a robust social media strategy is the first step. It includes communicating social media compliance directives to employees; identifying, mitigating, and monitoring current and emerging risks; reviewing internal control for data assets, and quickly responding to incidents.
Data breach protection is essential. Turning on two-factor authentication limits the exposure. Even if someone gets the password, the account cannot be accessed without a unique code verification sent by a text, call, or Email. Regularly conduct device audits and remove unrecognized devices from being logged in to the account.
Phishing and malware are the most common cyber fraud on social media platforms. Frequently train employees on best practices for social media use. Exercise caution when clicking on links/attachments and look for spelling errors and illegitimate URLs. Be skeptical of strangers on social media.
Creating an effective password policy sounds simple but is often ignored. Passwords have been called ‘the key to the digital kingdom’ Passwords should have eight or more characters, upper and lower case letters, symbols, and numbers, use made-up phrases, and avoid personal information.
Cyberbullying is abuse over digital platforms by sharing negative, harmful, or false content. To take steps, save the evidence, block the bully, and report to the web administrator and authorities.
Have a crisis response plan and team within the organization involving both IT and business staff. Learn how to reset or recover passwords, suspend accounts, and publicly announce breaches using social media. Fix the responsibility for crisis activities. Know the actions to take when a device is lost, infected, or compromised.
The social web is expansive with a complex landscape of game platforms, videos, blogs, publishing, online communities, conversion apps, and other virtual worlds. One cannot but live with it but with necessary caution.