Social Media Security – Increasing risks and how to tackle them
Table of Contents
Social networking has become an important and growing part of life allowing to meet the needs and interests of a vast majority of people.
But social media security is not an important part of people’s practices.
Media accounts face many potential attacks including threats of criminal activity, such as stalking, bullying, identity theft, and hacking. According to the EY Global Information Security Survey, 59% of organizations had a “material or significant incident” in the past 12 months. Kaspersky Lab stated that 310,000 new malicious files are created every day, compared to 200,000 in 2010.
Prominent threats from cyber hacking communities have threatened everyone. Hacker groups have compromised the social media accounts of tech giants, national athletic leagues, and streaming platforms.
Even though 66% of the global population are active social media users, the problem isn’t rooted in system flaws. People overlook social media security risks and fall prey to impersonators who can cause damage to their reputation.
With the increased use of social media, security is more important than ever. In order to avoid risks, users will need to follow a set of basic social media security practices to develop a security-first approach.
Social Media Security Risks
Human error is often the cause of severe social media security risks such as phishing attacks, scams, and other cyber dangers. Just clicking on a false link or downloading a false file could accidentally expose the profiles to threats.
According to the EY Global Information Security Survey, 20% of cyber-attacks are due to ‘Human Error’. Online challenges or quizzes can provide scammers with information commonly used to hack passwords.
Interacting with fake accounts can also threaten the reputation of people. Accidentally clicking on phishing links or unknowingly filling out spam forms can release confidential and personal information on public forums.
Unattended Social Media Accounts
Unattended social media accounts can have serious consequences. Hackers can easily target profiles and can cause fraudulent under their names. Followers can become the target of a malicious attack, like virus-infected links that cause serious issues.
Spam messages from the accounts can make followers quickly lose trust and confidence, especially in dealings.
Brand/Business handles and other profiles should be reserved on all social media channels. It allows profiles to maintain a consistent presence across networks, making it easy for people to find them. It is extremely important not to ignore the accounts which are not in use or are not used often.
Hacks and malware attacks are the biggest social media security threats. They are the reason for cyber-security attacks. Spyware is a software that collects personal information and distributes it without the individual’s consent.
A malware known as ‘Adware’ tracks personal and sensitive information in the same way. All malicious apps steal personal data like passwords and information without users knowing it.
Social Media users should be fully sure before they click or share information. Hackers have also found means to insert malicious code into advertisements and create rogue third-party applications, which trick users and allows hackers to gather their personal information easily.
Malicious advertising (or malvertising) promotes malicious apps. They look like valid security apps but can steal private data from all the social media accounts.
Attacks can be concentrated and targeted. ‘Cyber gangs’ go after individual organizations on a social platform with advanced malware campaigns.
Sharing sensitive information
People have the option of sharing personal details with friends and followers. When operating a social networking media/website, people should be careful about the facts that can disclose sensitive information. One should never reveal their birth date, place, home address, and phone number for personal security.
This could put them at serious risk for identity theft and fraud.
Thus, it is extremely important that an individual never reveal their credit card numbers, banking information, passwords, or social security number on any networking site.
Distribution of such information will lead people to fall victim to crimes ranging from stalking to identity theft. The more information is shared, the more hackers will know.
Online thieves can manage to get a hold of the financial info and other information that is needed to forge an identity.
Unsecured Mobile Phones
Using social network apps on mobile devices makes it easy to access social media accounts with just one tap. But these devices if lost or stolen, one-tap access makes it manageable for hackers to access social accounts. This could lead to phishing or malware attacks on the connections that are over the social media accounts of the individual.
Experienced hackers can also access devices that are secured devices with a password or fingerprint lock. Displacing or losing mobile phones can result in a serious data breach. Especially, if the device leads log into an account to security vulnerabilities that may link to third-party social media applications.
Social Media Security Tips
Revise your privacy settings
All social networking sites have previously set or default privacy settings. These settings are not sufficient enough and necessary changes should be made. Updating privacy settings by changing them allows the account holders to block visitors from viewing their private information.
Users should make sure that they understand the privacy settings on their business accounts. This includes:
- Location permissions
- Image permissions
- Bluetooth settings
Surety should be made that if the permission choices are right for the user.
Don’t leave work history
On some social networking sites, such as LinkedIn, people are able to post resumes. The data and information connected to an individual’s work history can reveal too much about them. This allows criminals such as hacker’s easy access to personal information which may help them to hack into one’s account.
The information that is found on resumes can also be used in identity theft. Revealing seemingly uncritical technical information to the public may result in the attacker using this information to identify the security software of the user.
Users should always verify their connections that are on Social Media. Especially, business accounts that are on social platforms. If there is uncertainty about the authenticity of an account that claims then it is important to check the individual’s account for verification.
These accounts may be set up in efforts to misrepresent themselves as another person, in order to make false statements. This results in the creation of problems that are either of a legal or personal nature.
Some accounts are created with the intent of committing fraud by sending malicious links. There are reasons why it is so important to get verified on social networks. Transparency report notes of LinkedIn took action on 21.6 million fake accounts in just six months.
The majority of those accounts were blocked automatically at registration and the rest were taken down.
More than 67,000 fake accounts were reported by members. Facebook estimates that about 5% of monthly active user accounts are fake.
Impostor accounts can target customers or potential recruits. Reputation also suffers if the connections are conned into handing over confidential information. Imposter accounts may also try to trick employees into handing the login credentials for corporate systems.
They target brands that are hoping to work with influencers for valuable marketing strategies. In this scam, an individual imitating a social media personality with a high following reaches out and demands free products or services.
Limit Social Media Access
Access to social media accounts should only be given to limited employees. Those employees who are fully trained in the social policy, procedures, and technologies and are capable of protecting the account.
Access should only be given to some extent for publishing/promoting on all or specific accounts. Assign team leaders, and approve communications before they are public. A track should be always kept of who has access to what.
There should be guidelines that outline how employees should use social media responsibly. This will help in protecting social media security. Social media policy should include:
- Brand guidelines that explain how to talk about the company on social media platforms.
- Rules related to confidentiality and sensitive information used on social media.
- Social media activities to avoid challenges or quizzes that ask for personal information.
- Setting up a team or a member for specific departments that are responsible for each social media account.
- Guidelines that are related to copyright and privacy.
- Keeping the software up to date.
- Identification of false accounts to avoid scams, attacks, and other security threats.
- Notifying and responding if a social media security concern arises.
Regular checks on social media security
Social media security threats are often changing. Regular checking of social media security measures will allow passing new strategies, scams, and viruses that can emerge at any time.
Social networks might update their privacy settings that will give users detailed control over how their data is used. Moreover, an update should be made on who has access to social platforms.
A business account should maintain a connection with the Information Technology team to be notified about recent social media security risks.
Social media policy should evolve over time. As new network gains popularity thus practices change and new threats emerge.
Securing account with a strong password is necessary to prevent malicious attacks. The creation of a strong password will prevent hackers from attaining access to one’s account.
It is important to choose an uncommon password that consists of no less than eight characters. The password should consist both, the letters and numbers.
Tips for a strong password to tighten your social media security:
Length over complexity
Complex passwords involving various numbers and characters can actually be ineffective. The complexity makes employees of the business profiles resort to writing them down. Thus it renders the password pointless.
Longer phrases including random words are more secure. They are harder to crack and easier for employees to retain.
Different passwords across Accounts
Usage of the same password for more than one social media account should be avoided. As, if one password is compromised for some reason, all the accounts will become vulnerable to hackers. Passwords should always be significantly different.
Do not change passwords frequently
FTC Chief Technologist and Computer Science Professor Lorrie Cranor reports that frequently changing passwords results in less security. It is due to the predictability of the changes in passwords.
Regardless, this doesn’t suggest that social media passwords should not be changed. A strong password can serve perfectly well for 6 months of a year.
Usage of multi-factor authentication for social media logins are the most secure ways to handle business accounts. It works by adding an additional layer of security on a password.
Users will be required to present another form of identification in addition to the password. Within social media security, this frequently involves entering a code that is texted to the registered phone number.
Social networking platform gives users a way to safeguard themselves from harassment or unwanted contact. One should familiarize themselves when joining a social network, with how to block other members. A blocked individual will no longer have the ability to interact with the person who has done the blocking (unless they make a false account).
Social networks and their dangers are - Privacy, Bullying, and Data trafficking: spreading personal information.
Top Dangerous Social Media Apps are - Snapchat, Ask.fm, Whisper, Kik Messenger, Tinder, and Instagram.