By Jonas Walker, Security Strategist at FortiGuard Labs
Social media provides a world of opportunities for an organization or individual to promote and expand a brand. A powerful form of communication that uses the internet, social media can provide any organization with a strong global presence.
Most organizations believe they must have a social media presence because these platforms and apps have billions of users and an audience that could have millions of potential prospects, customers, partners, employees, and advocates.
Social media platforms enable an organization’s representatives and its followers to have interactions that involve sharing information, exchanging feedback, and creating content.
Balancing “Social” and Security
Social media can increase brand awareness and engagement with the public. It allows for a generally less-expensive form of advertising in a non-traditional way. There are many types of social media, from blogs to photo-sharing sites to instant messaging or video-sharing portals and more.
As with almost every form of new technology, social media comes with some challenges too. One drawback for those using social media is that it can put users at risk, because it can open pathways that are insecure or tunnel beneath traditional cybersecurity.
This blog explains how a lack of social media security can harm individuals and organizations. At the end is a list of seven social media security best practices that everyone should follow to protect themselves and others.
How does social media affect security?
There are five social media-related cyber threats to be aware of and to protect against. They include the following:
1) Social engineering
Social engineering refers to a wide range of attacks that leverage human interaction and emotions to manipulate a target. Such an attack attempts to fool victims into giving away sensitive information or compromise corporate security.
A social engineering attack typically involves multiple steps. The attacker will research the potential victim, gathering information about them, and then use this newly acquired data to bypass security protocols. Then the attacker works on gaining the target’s trust before finally manipulating them into divulging sensitive information or violating security policies.
Obviously, social media provides a social engineer with an avenue to naturally engage with the potential victim or organization to push them for information that can then be used to help launch an attack.
2) Phishing
In a phishing attack, usually via an email or an online message, the cybercriminal baits the potential victim(s) by trying to entice them into clicking on a malicious link or open a malicious attachment. If the attacker uses social media to establish a rapport or relationship with their target, it will be easier to build the trust necessary to get them to click on malicious links or enter sensitive private information into an online form.
Cyber criminals also apply pressure on their potential victim(s) by creating a sense of urgency or appealing to their curiosity. “Act now before it’s too late…” is the epitome of the kind of encouragement an attacker uses on their target with the goal of getting them to either click on a malicious link or provide private information via a form.
3) Malware
The malicious links promoted in social media lead to malware. Malware is the portmanteau of malicious software. There are many different types of malwares, such as viruses, trojans, spyware, and ransomware. Cyber criminals use malware to access devices and networks to steal data and take control of systems, create botnets, cryptojack, or damage systems.
4) Brand impersonation
Another risk created by social media is when an individual or group tries to impersonate a well-respected company or brand to trick victims (employees or individuals) into providing confidential and valuable information that can be used by social engineers to hack systems and networks. In addition to harming the victims who fall for such impersonation tactics, brand impersonation can also damage the reputation of the organization being impersonated.
5) Catfishing
When a person takes information and images from another to create a fake identity and then uses this false identity to victimize an individual on a social media platform, this is called catfishing. The catfisher usually uses a fake identity to trick targeted individuals into associating with them or doing business online. The goal is to steal from a victim or humiliate them, or often both.
Social Media Security Best Practices
1) Enable MFA
Multi-factor authentication is a security measure that protects individuals and organizations by requiring users to provide two or more authentication factors to access an application, account, or virtual private network (VPN). This adds extra layers of security to combat more sophisticated cyberattacks even after credentials or identities have been stolen, exposed, or sold by third parties.
2) Do not re-use passwords
Use a different password for every account. This prevents other accounts from being easily accessed if one account is hacked. Use a password management tool to keep track of various passwords. Make sure passwords are not easy to guess.
3) Regularly update security settings across platforms
Stay on top of social media platform security options to ensure they are always current and set at the most stringent level.
4) Narrow down connections to reduce unknown threats
Be discriminating about the types of individuals and entities that you are connecting with on social medium platforms. Carefully review every connection, and don’t affiliate with those that appear disingenuous or suspicious.
5) Monitor social media for security risks
Stay aware of the threat news on specific social media platforms and respond accordingly. If you learn of vulnerabilities or hacking incidents, attend to your accounts and address issues that could lead to breaches or hacks.
6) Learn what a phishing attack looks like
Be diligent and educate yourself on the latest types of phishing attacks going around. Always be sceptical when someone reaches out to you uninvited via a social media platform or email.
7) Look out for spoofs of your account
Keep an eye out for brand impersonation attempts. Report violations to the social media platform administrators immediately and inform your followers as well.
Learn about how Fortinet’s Training Advancement Agenda (TAA) and NSE Training Institute programs, including the Certification Program, Security Academy Program and Veterans Program, are helping to solve the cyber skills gap and prepare the cybersecurity workforce of tomorrow.