Social media is a culmination of tons of information being converged in one location, which makes it a vulnerable target. As Andre Bagrin, CEO of My Digital Shield points out, when phone calls, video conference information, pictures, chat logs, etc. are all stored in a central location via social media, a potential hacker has access to just about everything, quickly and easily.
“Because social media has become so central, someone really does have the ability to essentially highjack someone’s life,” Bagrin adds. “You can become a victim through your social accounts and not even know right away. Potential job opportunities can be cut short among many other unfortunate repercussions.”
Social media can become a security nightmare in a couple of ways, says Rob Sadowski of RSA, the Security Division of EMC. First, social media can be used to distribute malicious content (malware, malicious links), and the likelihood of users engaging with that content is much greater because it comes from friends or known contacts they trust. Second, personal details shared on social media can be very useful for hackers looking to compromise users’ identities or find high-value targets for attacks, fraud, or cybercrime.
Improve your social media security posture by considering the following tips on social media best practices for business.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom’s Guide. You can reach Sue via Twitter: @sueporemba
Social Media Best Practices
Click through for social media best practices you can use to improve your social media security posture.
Social Media Pitfalls: Think Before You Share
Never post your personal information in social media, according to Nathan Wenzler, principal security architect at AsTech Consulting. “Even if you trust your friends list, they could have others who access their accounts and can see your information. With it, they could easily commit identity theft and use that info to compromise any of your accounts.”
Never post indirect personal information, Wenzler adds, especially the kind of information you might use for your security questions when you forget your password on a site. Information like where you were born, pet names, family names, etc. could be used by a hacker to try to falsely “recover” your password and log in to your accounts as if they are you.
Be Mindful of Your Surroundings
Pay attention to your online posture. As Trevor Hawthorn, CTO, Wombat Security, explains, it pays off to be mindful of your social surroundings and ask yourself questions like: Is my Bluetooth constantly on? Does my Wi-Fi have a secure password? Is it time for me to change my password? “Additionally, don’t forget to continue learning on your own about emerging attacks to protect your personal and professional identity as well as your organization’s confidential information,” he says.
Social Media Policy: Train and You’ll Gain
As technology evolves, hackers will develop new tricks and attacks will be more difficult to identify. “My advice to employers is to invest in employee cybersecurity training, which will help minimize the chances of confidential information being stolen or lost,” says Hawthorn. “Be patient. It will take time for your employees to learn, but eventually it’ll become as normal for them to identify another phishing attack on social as crossing a busy street at a traffic light.”
Social Media Risks: Protect Accounts Beyond the Site’s Options
Ronald Nutter, author of “The Hackers Are Coming… How to Safe Surf The Internet,” advises users to protect accounts in ways most folks might not think about. Some sites, for example, don’t offer advanced security options, such as two-factor authentication. “Instagram is one of these sites,” says Nutter. “They used to offer additional levels of protection but have withdrawn that option with no explanation. What I do in that case is use a very long computer-generated password as one step to make it harder. I also look at options such as limiting third-party app access to an account. If an app starts doings something it shouldn’t, you may not know about it until it is too late.”
Use a Password Manager
Having a password memorized isn’t good because it makes it easy to type in without thinking much. That’s an easy way to fall for a phishing scheme. Nick Leffler, owner, Your Brand by Nick Leffler, says having a password manager requires some thought and tasks to retrieve a password, making it more difficult to just give a password away to anybody.
Always Treat Security with the Highest Priority
When setting up any social media account, review the security and privacy settings and enable them to the highest level possible. Do not put any data or information that is not necessary – only the essential information should be entered. Make sure to enable multi-factor authentication and opt for using an authenticator app over SMS option, which is less secure, according to Joseph Carson, director at Thycotic.
Update Privacy Settings
Vasyl Diakonov, CTO at KeepSolid, recommends revising your privacy settings on social networks. “Clear the applications you don’t use,” he says. “Even when we delete apps from our smartphones, we rarely go to Facebook, Google+, LinkedIn or Twitter to unlink our accounts, so some of them still have access to your data.” Most social media sites have steps to upgrade your privacy.
Create a Clear Social Media Policy
The social media policy should clearly outline what employees can and cannot communicate online. This should be in line with the company’s culture, and should be developed with multiple departments, says Joanna Belbey, social media and compliance specialist at Actiance. She also suggests that companies make social media policy collaborative between departments. “Often,” she says, “businesses make the mistake of creating social media policies without discussing with other departments or team members. Thus, they roll out plans without any meaningful discussion. It’s important to include key stakeholders in the development of social media policy, including legal departments, marketing, and other teams.”
Social Media Mistakes: Limit Social Media Time
“The biggest risk to enterprises is when users are spending time on social media sites with computers connected to the internal network, that also have Internet access,” says Stephen Gates, chief research intelligence analyst from NSFOCUS. “If a user clicks on a link or opens a file they obtained from a social media outlet, the risk of breach goes up tenfold. It’s not necessarily that social media usage is bad; it’s just being used by hackers to get people to click and carry out their attack for them.”