As part of Solutions Review’s Premium Content Series—a collection of contributed columns written by industry experts in maturing software categories— Stephen Shoaff of 443ID looks at why hackers and experts view social media accounts as prime targets for security risks and how to protect them.
Social media profiles present prime targets for hackers to access sensitive information useful to break through security measures. In the past twelve months, 59 percent of organizations had a “material or significant incident” regarding their social media security. Social media platforms are ripe with personal information. If a hacker’s goal is to socially engineer their way into a company, these accounts offer a treasure trove of information such as location history, facial recognition imagery, private messages and personal photos. Information that is useful to phish, defeat Knowledge Based Authentication or even bypass some Behavioral Analytics tests by knowing the time of day and location of a target account is usually active.
When an account is hacked, organizations can face threats of data mining, phishing attempts, malware sharing and botnet attacks, among others. These threats can result in a loss of intellectual property and sensitive data, a loss of reputation, a data breach or data leak, and compliance violations. Unsecured accounts leave businesses open to social engineering attacks and likely worse attacks around the brand and reputation. Businesses and their marketing teams have already spent countless hours ensuring their social media accounts represent the brand’s voice. So it’s only fitting that you, in turn, spend time to make certain that the brand voice isn’t hijacked by someone for their own personal gain. You can take the following precautions to best protect your corporate social media accounts.
3 Ways to Protect Your Social Media Accounts
Basic Security Measures
First and foremost, basic security measures need to be in place for social accounts. Measures like multi-factor authentication (MFA) can take an account from basic security to better security. MFA is a simple security measure that requires users to provide two or more authentication factors to access an account. Even if your account falls into the hands of a hacker, MFA adds an extra layer of security to combat more sophisticated cyberattacks.
Most cybersecurity professionals will recommend against using an email or phone number-based MFA because of its ease in hackability. Instead, utilize authenticators like Google Authenticator, Microsoft Authenticator or Bitwarden for a more secure MFA factor. If you must use email or SMS-based MFA, be sure to regularly check that these have not recently been compromised. Properly done MFA likely would have mitigated many of the attacks over the last decade on social platforms. Many prominent figures have fallen victim to poorly secured social media accounts. Even Elon Musk is susceptible to cyberattacks and phishing schemes. A hacker took control of over 100 prominent Twitter accounts, ranging from Apple to Kim Kardashian, to swindle their followers out of more than $100,000 worth of bitcoin.
Follow Platform Security Measures
Another simple step to protect your account is to stay up to date on each social platform’s specific security measures. By following suggested security measures and regularly updating security settings, you can stay in control of and properly manage your organization’s accounts. It’s also important to train every employee on the latest security updates and how to monitor for suspicious activity.
Regular audits of these security practices will help your company stay ahead of any pitfalls. Social media companies update their privacy settings frequently, so being aware of any changes can help better safeguard your accounts.
Set Up Monitoring Tools
Monitor your social media accounts to be notified when poor brand mentions or sentiments are detected. Some great social monitoring tools can be found online for free or via subscription. To better manage your accounts’ permissions, use a platform like Hootsuite. A social media management platform allows employees to access and post to accounts without needing to know the login information. This better protects your accounts against unauthorized access.
There are many other tools your company can implement to monitor posts before distribution and check for any bots interacting with your accounts. Utilizing these tools is key to safeguarding your accounts and protecting them from any preventable threats.
While there’s no one-size-fits-all approach to properly securing your organization’s social media accounts, the three protections above are a good place to start. For businesses looking to go the extra mile to protect their accounts, it can be beneficial to work with a company that specializes in cybersecurity. Detecting and preventing unauthorized access to any account is important and advanced systems to do this are becoming available even to organizations without a professional CISO or security team. Open Source Intelligence (OSINT)– publicly available data for intelligence purposes (like content posted to social networks)– can be used to test authentication or registration for social platforms. This data can be used not only to quantify the risk of a login attempt but also to provide a degree of confidence the user logging in is legitimate, not a hacker. Cybersecurity companies can assist businesses in developing a comprehensive approach to best utilize OSINT alongside other security infrastructure to help protect your brand’s sensitive information, employees and reputation.
- Three Ways to Secure Your Corporate Social Media Accounts - September 23, 2022