With springtime comes warmer weather, sunnier days, and—somewhat inexplicably—the urge to purge. And while many will budget extra time to clear out closets or downsize their collection of coffee table books, spring is also a great time for organizations and businesses to examine or re-evaluate the security posture of their social media presence and related activities. After all, hope may spring eternal, but bad actors continue to target organizations and users of social media platforms year-round.
For example, a phishing scam recently swept through social media, targeting users’ login credentials by notifying them that they were spotted on a so-called “Nasty List” and imploring them to log in through a spoofed login page to learn more. Once compromised, the victims’ followers were then targeted to promote the scam further and aide in its proliferation.
As attacks like these become more frequent and more pernicious, it’s vital for organizations to take the time to review their social media and digital risk processes and better understand their respective threats. This will better prepare organizations to secure their business, customers, employees, and brand against data breaches and information leakage.
With that in mind, let’s explore three ways organizations can “clean up” their social media presence to secure data and ensure protection this spring season.
Tip 1: Protect company owned data
Organizations need to evaluate the risks associated with their data. This begins with understanding which data and accounts an organization owns. Keeping an inventory of social media accounts, domains, e-commerce sites, and any other digital channels owned by or affiliated with your organization will provide valuable insight. During the inventory process, you should also review the privacy settings of your accounts to ensure that data are well protected.
A few questions to consider include: What are we sharing? Who can see our posts? What about our locations, contact information, or other private details?
Good password hygiene is another essential aspect of protecting data. This includes choosing strong passwords and never reusing a password. Knowing that people do not often heed this advice, attackers will often attempt to use compromised credentials elsewhere, potentially compounding the risk and damage of their attacks. If account passwords must be shared for any reason, consider adopting a password manager with collaboration features rather than sharing spreadsheets or text files with sensitive information.
This spring, evaluate your password hygiene, policies, and educational materials to make sure that the passwords are difficult to obtain, impossible to reuse, and well-chosen.
Additionally, companies must monitor for early warning signs of risky account behavior. After hacking an account, bad actors and cybercriminals will often immediately change display names, profile pictures, biographies, and other details. Because of this, organizations should review their own accounts as well as their followers, addressing any unexpected changes and perhaps purging any suspicious followers.
Being able to recognize the signs associated with account hacking attempts will help security teams take immediate action if an owned account is hijacked.
Tip 2: Protect employees and their personal networks
Savvy employees can be an organization’s best brand ambassadors, particularly on social media, and numerous software tools make it easy for employees to share or repost the latest company news with their personal networks.
To ensure employees’ data are safe, consider empowering your staff to protect themselves by providing access to training and education resources. Investing in tools that make it simple for employees to confidently and securely share company news will aide in this endeavor as well.
As part of your spring-cleaning process, review policies and update any that may be outdated. Develop training programs for employees that not only offer guidance on corporate social media policies but promote social media security best practices as well. Key topics to consider may include:
- What kind of information can—or should never—be shared digitally
- Policy details for engaging with customers
- Policy details related to internal channels and collaboration tools, e.g., Slack.
Although many companies have invested in training employees to understand better the security risks associated with traditional applications like email, in today’s digital age, it is wise—if not imperative—to do the same for social and digital channels as well.
Tip 3: Protect customer data too
Keeping accounts secure and well-configured not only protects your organization’s brand against impersonators, offensive content, cybercriminals, and spam but also protects your social media followers and customers too.
In that vein, organizations should strive for complete transparency with their use of customer data and vigilantly protect and monitor for misuse or breach. Investing in tools or processes that proactively identify and quickly remediate targeted attacks or scams can help to alleviate the pressure and address such requirements. Equip support teams and personnel with capabilities to identify and remove customer scams, malicious links, and account impersonations or takeovers to protect everyone and avoid costly disruptions or reputation damage.
Now is the perfect time for organizations to spruce up their social-media security program and best-practices. From digital marketing strategies to security protocols, identifying and minimizing digital risk wherever possible can be crucial to the health of your business this—and every—season.