The Top 5 Social Media Security Risks You Need to be Aware of
Social media has quickly become one of the best ways to engage your customers. Today, millions of dollars are being spent every year on a marketing method that was non-existent twenty years ago, even fifteen years ago. But social media doesn't exist in a vacuum, and there are hackers and other malicious agents out there who are using social platforms to exploit security loopholes to attack businesses and steal information.
And even when it's not an actual hacker, there are still various ways social media can result in security lapses due to employee activity or the limitations of the network itself.
If you're concerned about security and social media, you may be interested in these five areas that can result in security breaches. Knowing where the damage can come from will make it easier to put policies in place to prevent security issues.
Scams are everywhere - you get them in the mail, through email, and now also on social media sites. It doesn't really matter if you're using Facebook, Twitter, or any other social media site, you'll eventually run into a scammer. Sometimes it's easy to spot a post that links to a scam article, but since social networks have gotten better about removing spam of that nature, such posts are no longer as prevalent.
But of course, as one method gets shut down, scammers come up with a new approach.
Some have resorted to hacking user accounts, then using that account to post scam links - people generally trust posts from their friends, so they're more likely to click that link than one posted by someone they've never heard of.
Another recent scam involves creating new profiles by using information and even photos scraped from a legitimate profile. The scammer then sends out friend requests to people on the real person's friend list before posting scam posts or messaging friends and asking for money or other information.
2. Malicious Apps
Malicious apps, spyware, and viruses have made their way onto social media and into related apps as well. While it's not easy to pass viruses through Facebook or LinkedIn, it's easier for hackers to compromise the apps your employees may have on their smartphones that allow them to post to these sites. This is especially true if employees are using third-part apps like TweetDeck or Hootsuite that let them schedule posts or manage multiple accounts at once.
Your employees are bringing their phones, tablets, and other devices to work every day - if they have a malicious app installed, they're walking it right through your defenses since they have your network password and probably have their device logged in to your wi-fi.
So what can you do about this? You definitely want to have strong antivirus, anti-spyware, and intrusion detection software such as Snort installed on your servers, and you want to make sure you keep such applications constantly updated to ensure you have the latest security settings. Antivirus and anti-spyware programs will help capture and contain anything that tries to damage your system, while intrusion detection programs will notify you if an authorized individual is trying to log in or access information they shouldnt have access to.
3. Social Network Issues
Social networking sites themselves still have a way to go with security. While these sites have certainly improved their security over the years, none of them are perfect or locked down so tight that no one can hack them.
Just as with networks in any industry, there's no such thing as a hacker-proof server, and social media sites come under attack fairly often because of how much personal information can be found within their databanks. Hackers love stealing this personal information, even if they do nothing with it.
But if employees use social network messaging systems to discuss business or share work files, the losses can be severe. Social media is in no way as secure as cloud storage, nor are chats subject to the same type of encryption and other protections found on project management software. Files and chats sent through these sites are much more vulnerable.
4. Untrained Employees
All of the above vulnerabilities aren't as significant an issue if your employees how, and how not, to use social media for business. This is why social media training is so important - your employees need to know about the dangers of using social media for anything confidential. They also need to be trained to be vigilant about clicking on strange links, accepting friend requests from people they don't know, and using apps that are not created and distributed by trusted companies. They also need to know how to use each site's security and privacy features so they can lock down or remove any information they don't want made publicly available.
Training employees in good social media habits not only protects your business, but it also protects their privacy and personal information. By training them in good social media practices, you're protecting both your business and staff.
5. A Lack of Social Media Policies
Training employees leads into the need for strong social media policies. If you don't have any policies regarding how Facebook, Google+, and other sites can be used in the office, you can't effectively train your employees in how to avoid potential security breaches. These policies should cover a number of things: employee use of personal social media at the office, smartphone app use, and use of the company's social media site for publicity and customer engagement.
While training employees on how to use the company's social profiles, it's important that all aspects of social media are discussed, including what is/is not appropriate to post to the company's site how to properly respond to customers. You also need to monitor who's allowed to access the company's social media properties. If you have a marketing department, everything may have to be funneled through them, but if you're a small business, multiple people may have access to the account, and that can cause some security issues.
Make sure your policies include who can use your social media in addition to what can be posted.