Protect Your Business From These Social Media Threats
Social media can make a business. There’s no shortage of success stories from companies, big and small who’ve used the reach of Facebook, Twitter, Instagram and others to build or boost their business. For small businesses, particularly, social media can be a great leveller, giving innovative products and clever marketing much greater exposure than anything the firms behind them could otherwise afford.
But these sites can also break a business – and probably even faster than they can build it. A survey by consultants PwC has found 87% of CEOs worry that social media could harm stakeholders’ trust in their industry. Often when it comes to social media the first lesson is that you’re your own worst enemy. Say the wrong thing, and it can be around the world in minutes.
The threat is not just to reputations, however. Social media also opens up businesses to a range of data and cyber security risks, too. If businesses want to enjoy the benefits of social media without risking becoming the target scammers or being unfriended by their customers, these need to be managed.
So here are our top five social media risks that could spell #disaster for your business.
1. Fake news, real malware: going viral
Social media didn’t invent malware, but it has introduced new ways to spread it. Previous reports have claimed that as many as one in five links posted in Facebook users’ news feeds lead to viruses.
That might overstate the problem, but the issue is certainly genuine: Not everything on social media is viral in a good way. Facebook content itself may be safe from viruses, but the media giant doesn’t vouch for the links others post to external sites. It’s worth being cautious about outrageous sounding news stories or videos, but malware developers and spammers will use anything current, popular or trending to get users to click, whether that’s fake news, or popular TV shows.
In some ways, the risk from social media is little different from that posed by links sent to company email accounts, but, a few things mark it out.
- First, and crucially, users’ mind sets tend to be different when it comes to using social media. Scepticism of links sent by strangers to an employee’s email can vanish when it comes to posts on their social media page.
- Second, the shortened URL web addresses commonly used on social media, particularly on Twitter with its tight character limit, can be used to disguise dangerous sites.
- Finally, businesses with their own social media pages risk disseminating harmful links posted to their page by others, in a way that doesn’t apply to emails.
Protecting yourself against such risks requires a mix of technological solutions, providing real time protection against harmful links and files users may try to download, and policies to prevent them clicking in the first place. Businesses will also need to consider what controls they put on what and who can post to their own social media pages, to avoid becoming a host for malicious content put on there by others.
2. Private messages and public shame
There’s potential for malware to spread through private messages on social media in much the same way as it can through public postings. A typical example involves, again, persuading users to click on a link or attachment sent to them, which infects their computer with a worm (thus spreading to others) or other malware.
The key difference is that private messaging provides a more targeted attack. In some cases messages may be sent indiscriminately, but others can come from trusted sources: A social media contact whose computer has been infected with a worm, or an account that’s been hacked or spoofed. Some malware developers specifically target social media accounts to enable them to hijack them.
With the link or file coming from a familiar face, the chance that staff will click on it is considerably higher, even among those better educated about cyber security risks. The risks are also heightened by the fact that much social media messaging is undertaken on mobile devices, which can have less sophisticated protection. Consequently, effective and up to date real-time scanning of web-based activity, covering both phones and computers, is essential.
3. Flirting and phishing
More targeted still than private messaging malware are phishing attempts, where users are tricked into revealing sensitive data or information such as passwords or account details. Attackers may also use such deceptions for fake president scams, and we’ve looked at both before.
Social media provides not just a medium for spreading these scams, but also valuable ammunition in the attacker’s arsenal. Scouring the information people offer up on social media is perhaps now the main way attackers identify the interests, associates and habits of their targets. They can establish who best to target, how to attract them and who to impersonate to get what they want, whether that’s someone they already know or a potential romantic interest. Catfishing using fake social media accounts to attract potential victims is a good example.
These scams can be undertaken through social media or attackers can just use the contacts or information established on social media sites for more traditional email-based, web or offline fraud. The best way to prevent and guard against it remains the same: To keep a tight rein on privacy controls and to encourage key workers, particularly, to be careful about what details they put into the public domain.
4. Too good to be true: avoiding spam
Everyone knows there’s no such thing as a free lunch. The number who will believe that there is such as thing as a free Range Rover, however, is surprisingly high.
Fake giveaways, in which users are lured with the promise of free goods, are used by scammers for a variety of purposes. In some cases, it might be to spread viruses; in others (as in many of the car “giveaways”) it will simply be to collect social media exposure for pages that can then be sold. Some, though, will ask not just for an endorsement or to share the post, but for an email address.
Giveaways are not the only way users can be targeted, either; social media quizzes or the terms of use for apps can also play fast and loose with your data. In any case, if users do give out their email address for whatever reason, they shouldn’t be surprised if the only free gift they may get is an inbox full of spam. It’s rarely a good idea to make email addresses available more widely than needed if you want to avoid becoming a target for cyber attacks.
Again, sensible policies on social media use should help address much of the risk; in short, work email addresses should be kept for work. Nevertheless, some spam is unavoidable for most people, and if it is having a damaging impact on productivity, server-based spam filters or more sophisticated email productivity software may also be worth considering.
5. Keeping up with the Kardashians
Money can’t buy you love, but it can buy plenty of likes at affordable prices. Users can buy thousands of followers on Instagram or friends or likes on Facebook and other sites for the price of a few cups of coffee.
There are three principal dangers for businesses from this. The first is the risk of reputational harm if you or your business employs this practice themselves; it’s not hard for the tech savvy to uncover and can be embarrassing. The second is for businesses to be swayed by the fakers, whether that’s being pushed into trying to compete with the inflated social media presence of a rival, or paying through the nose for endorsements from social media “influencers” using such methods to artificially boost their perceived profile.
Finally, fake social media accounts often use these methods to lend their accounts credibility – increasing the chances others will trust and interact with them, opening you up to the malware or phishing scams touched on above.
Again, many of the same precautions above will help, but so, too, will just ensuring that you’re clear about who you are interacting with. When it comes to social media, as in life, it pays to know who your real friends are.