Social media is great for watching highlights from last night’s TV show everyone is raving about and sharing pictures of your family from the weekend party.
But, can it really be a threat to your business?
In fact, 84% of small- to medium-sized businesses (SMBs) are concerned about social media usage as a cybersecurity risk, according to AppRiver.
That’s because we use social media at work.
The Pew Research Center found that employees use social media in the workplace for a variety of reasons, such as:
- Taking a mental break from their job
- Connecting with friends and family
- Solving work problems and making professional connections
Since employees are likely on social media at your workplace—on your devices and networks—what types of threats are out there?
And what can you do to keep your guard up?
Types Of Cyberthreats on Social Media
Three main types of threats exist on social media.
First, let’s talk about Facebook.
It’s overwhelmingly the top platform most concerning to SMBs, with 77% of respondents worried about it.
Facebook has made headlines since the 2016 election for its alleged role in election interference.
That’s why social platforms have taken extra steps since then to combat such meddling. For instance, Facebook set up a “war room” at its headquarters for both the 2018 midterms in the U.S., as well as the 2019 European Parliamentary elections.
Facebook isn’t the only platform taking steps to prevent interference. Twitter purged more than 10,000 accounts from its platform that discouraged U.S. voting in 2018.
These are the types of messages and accounts employees could encounter while taking that mental work break and browsing their social channels.
Outside the political realm, social media cyberthreats include two variations of the popular phishing strategy.
Instead of email, phishers target your social media account to steal data, such as login credentials and credit card information.
Phishing through social media occurs when a seemingly trusted person posts something in their news feed or sends you a direct message and asks you to click the link. When you do, you’re asked to enter your information.
You’ve been phished if you do.
Spear-phishing attacks are a subset of phishing attacks that are more personalized for the recipient. Usually, these messages are sent from a bot impersonating a friend or family member.
Employees must be trained in the difficult task of recognizing this threat.
How To Protect Yourself And Your Business On Social Media
Sometimes, these threats can be challenging to understand and detect.
However, we have some tips to help.
- Security awareness training is critical. Help employees understand the difference between a legitimate link and one that aims to steal their info.
- Restrict access. Only allow certain employees access to your Facebook Page, Facebook Business Manager, and other social media accounts.
- Create policies for social media usage at work. BYOD is a common trend, so include it in your policy, as well. Consider blocking social media platforms on work devices.
- Request employees to not tag their employer. Also, avoid disclosing locations next time you’re on a work trip.
- Help employees understand privacy. Nothing posted to a social media platform is private, and friends or family members may leak information inadvertently.
- Change your passwords regularly.
- Use multifactor authentication whenever possible.
Addressing these points should be a good starting point for strengthening your business against cyberthreats from social media.
If you’d like help in creating a comprehensive social media policy for your organization, please contact Integrity today.