There is a popular saying which goes, “If the product is free, then you are the product”. The origin of this dates back to the 90s, but there is some hard truth in it. This is directly applicable to the relationship between social media and its users—you!
We all know the power of social media today – One wrong statement, and it’s out there forever! Likewise, one right post, at the right time with the right people, and voila! You are now famous!
Be it a business or an individual, social media can change lives in minutes. It’s almost funny how much power it holds.
Businesses are constantly leveraging this characteristic. If your business has a social media presence, whether they are just accounts where you post regularly or run advertisements, then you are using this as a powerful marketing tool—as you should. For the users, they are the ones using the free applications for a good laugh but they are also the ones businesses are so ardently trying to reach out to for marketing purposes.
However, there are downsides to this. The user here can also be the target audience to some bad actors trying to cause trouble. And as for businesses, your employees and your social media accounts, which you seek to leverage, are the ones that can be the portal into your security. Let’s understand the range of possibilities, and how, from now on, we can all be collectively vigilant—be it as a user or a business.
Social media security – the various traps
As you linger on multiple sites, Facebook, Twitter, LinkedIn, Instagram, and the list goes on… you are constantly engaging with the content out there—a like, share, comment. When you aren’t, you are sending people that funny cat video or receiving messages—sometimes from friends and sometimes from absolute strangers. But, hey, it is just social media, right? They aren’t really next to you. They can’t see any other version of you apart from the one you choose to show on social media. They aren’t knocking on your door to deliver a message. Neither is anyone holding an accept or reject placard in front of your house. It’s all virtual and, most importantly, safe.
If you believe that, then please stop using your Facebook account right now until you finish reading this blog.
If you’re wondering, so, what’s the harm? Then get a cup of coffee and take a seat. Let’s talk about social media and cybersecurity.
Below is a list of scenarios that you, as a user, could experience.
The friendly LinkedIn requests
Whether you work in an organization, or you run a business of your own, you will have a LinkedIn profile. It’s almost a necessity considering the opportunities for jobs and networking. Since it is meant to be a professional space, you might not think twice before accepting a request or even opening a message.
But, LinkedIn is so closely related to a business and how everything from your designation to the name of your company is all up to date—the stakes are higher.
Consider your employee Harry. He is a sales representative at your organization. He is buzzing with requests and messages—he is a busy guy. One fine day, he receives a request with a message from someone called Malfoy.
Malfoy says, “Hey, it would be great if we could stay connected. I have been following your company for quite some time and would love to connect and talk to you about it. My company, www.danger(totallynot).com is looking for your service.”
Harry being the diligent salesman he is, accepts it and is excited to take this further. He clicks on the link. The link redirects him to a page and then back to the home page. During this, a version of the malware, Zeus has now secretly been downloaded. This virus steals information such as passwords. Think about the banking information they could get a hold of?
Think about all the applications that you use for your business that exist in your system?
According to a Cisco Security study, 1 in 4 LinkedIn invitations was spam. So the next time you open an invite, take a look at their profile to see if it looks suspicious before you click on that link.
Or if someone is interested in your service? Ask them to send in their contact information and call them.
That harmless survey
Your marketing manager, Lily, just went to a conference. She represented the company and did everything right. She uploads a picture on her LinkedIn about the event. She tweets the same as well.
Now, a hacker with an intention is always smart. Let’s bring back our hacker, Malfoy. He has a plan and was waiting for the right opportunity.
He looks at her LinkedIn and figures out her email ID. This isn’t so hard. He just had to figure out whether it was a first name or last name @ company’s name.com. He now launches a phishing email. He sends an email from an ID that is similar to the event name, so close that Lily does not realize it. The email asks her to fill a google doc (which it isn’t). She clicks on it and logs in using her google credentials, not realizing she is typing out her password for a hacker.
The hacker now gets hold of her data, and then the rest is history.
Phishing emails are the biggest cause of insider threats, and this must be taken seriously by businesses.
Social media is undoubtedly meant for people to share thoughts and connect. Yet, there is a line to be drawn on how much information you are willing to share.
If your security question is, “what is the name of your dog”, then you cannot fill your Instagram with pictures of your dog. No one’s asking you not to, but maybe not select it as your security question then?
Often we don’t realize the information we give out.
Checking in on Facebook to that musical event sounds great. But, are those in your network only people you trust? Are you sure you haven’t added someone you barely know?
Chances are, you have. Now, if this person has ill intentions—you just gave them your current location.
The one who does not know other words
We all have multiple applications open at the same time. Juggling between Salesforce and LinkedIn on the laptop. Switching between Instagram and Facebook on your phone. Daily, we interact with applications innumerable, so it is hard to keep track of all of the passwords.
So, unless you have superhuman memory your passwords are either the same or the same words with different numbers attached to them.
If Hermoine’s Facebook account gets hacked, and her password is the same across all her applications? The hacker can track down all the necessary details and even hack her bank as well as business applications.
The stakes are so high. This is precisely why the importance of two-factor authentication cannot be stressed enough. With 2fa, the hacker cannot get into your accounts even if they have your password because the second layer of security can save you.
If you cannot manage passwords or your business requires too many applications, then get a password manager wherein you can select unique complex passwords for all your applications.
How can you secure your business from social media loopholes?
- Social media policy: Organizations have policies for everything yet for today’s time, a social media policy is of prime importance. A simple NDA is not enough. There must be guidelines on how your employees deal with your company’s name on social media.
- Single sign-on: Single sign-on ensures your employees just have to login once to all their applications. This means they don’t have to remember multiple passwords. This increases security as well as productivity.
- Multiple people for social media accounts: If your organizational social media accounts are being handled by one person then, rethink. Most social media profiles, like LinkedIn and Facebook, are linked to the admin’s personal account. When their account is breached, this gives a hacker ample opportunity to ruin your business account. Thus, if multiple people are defined as admins and one of their accounts is hacked, the others could do some damage control!
- Disgruntled employee access: As a general rule, you must always know who has access to what in your organization. Once they leave, their accesses must also be suspended immediately. If a disgruntled employee holds access to your social media accounts even after they leave, they could take the liberty to make posts that you definitely wouldn’t want them to make. Learn more about it here: access provisioning.
The world of social media is vast. Understanding the tools you use is key to staying in control. Keep yourself updated with what’s happening with the platforms you use and not just with the world outside.
Stay social media secure and use it the right way.