Global social media advertising spend is increasing by 13.9% year on year, and is expected to reach $124 billion by 2022. And this is just use of social media by sales and marketing. Operational collaboration, talent recruitment, customer service, and other processes all take place over platforms like Facebook, Instagram and Twitter. These cloud channels are now business imperative. As a result, a strong social media security stance is imperative.
Social media security can involve subtle and fine-grained policies. If teams want to fully leverage cloud channels and implement the most powerful digital transformation strategies, social media cyber security must be part of a broader digital risk protection strategy. But the basics of social media risk mitigation are simpler. At the macro level, there are two key best practices: Securing the known, and protecting against the unknown. Doing both of these things in tandem gives you a comprehensive picture of your entire digital footprint, and reduces your digital risk profile.
1. Securing the Known
Your known social media assets are the accounts you own. The company Facebook page, the company Twitter page, and so on. Social media security starts with properly protecting these.
The biggest digital risk facing these known accounts is the threat of account takeover or hijacking. Take, for example, what happened to more than a dozen NFL teams earlier this year. A hacking group infiltrated the franchises’ Twitter accounts by compromising a popular social management platform, and began tweeting misinformation and changing profile photos. It took some time for the franchises to regain control.
In the worst cases, incidences of account takeover like this can do serious damage to brand reputation. Not only does a company or brand look less than tech-savvy when their account is hijacked; worse, if a hacker were to act in malicious enough ways, a segment of customers (and followers) could be lost forever. Small and medium-sized enterprises need to be especially wary; for them, a good reputation with a small group of dedicated customers is everything.
Securing your known assets also means ensuring compliant conduct from employees. Take the example of an employee at a large national bank, who sent sexually harassing photos to a job applicant via his corporate LinkedIn account. This behavior ended up costing $7 million in a harassment lawsuit. Other insider threats need to be guarded against, and good employees need to be protected from inadvertent errors like accidentally sharing IP or financial information.
Finally, securing your known assets requires that you properly manage access controls for departed employees, and strictly limit overall account access. In 2019, an aide to a British Member of Parliament quit in dramatically disgruntled fashion, by posting disparaging comments about the MP via the MP’s own Twitter account (to which the aide still possessed access).
Takeaway Securing the known means using optimizing detection of unauthorized account changes, monitoring employee communications for noncompliant conduct, and managing access controls.
2. Protect Against the Unknown
Unknown assets are digital accounts over which you have no control, of which you may not even have any knowledge – but which pose a threat. Stage two of social media security involves doing everything you can to protect yourself from these threats. This form of digital risk represents the iceberg beneath the water. It is the unseen majority of digital threats.
Probably the biggest threat here is that of brand impersonation. Bad actors seek to impersonate brands or individuals, usually to phish customers and otherwise harm
reputation. Often this involves social media accounts, as with what happened to Bank of America, in which hackers set up a fake Bank of America customer service Twitter account, ostensibly offering customer support, but instead pointing followers to a phishing site.
Impersonators also pretend to be public-facing executives. Elon Musk, for example, is a favorite of scamming imposters who use fake accounts to impersonate Musk and dupe people into sending them cryptocurrencies. Musk’s experience was one high-profile example of a much bigger digital epidemic. In a recent Transparency Report, Facebook announced that 5% of its active accounts are fake. The SafeGuard platform typically uncovers 20 to 40 fake accounts for every branded account we are protecting.
In another type of impersonation, bad actors set up fraudulent domains to scam innocent customers. A common version of this is fake URL poses as a legitimate company store, selling pirated goods. Often, these sites lurk on the deep web, in corners of the internet obscured to most companies.
Lastly, bad actors may use accounts to do reputational or material harm through how they interact with your known accounts. For example, accounts that leave links to malware, spam, or hate speech as comments on your social media posts. These might not be your fault, but they’re not a good look. Ideally, you want to intercept and prevent these before they become a sort of graffiti on your digital presence.
Similarly, you want to know if any of your followers are less than desirable. All brands and companies want to increase their follower count, but certain types of accounts – imposters, or bots – should be turned away at the door.
Takeaway: Protecting against the unknown means being able to locate and take down impersonators and fraudulent domains, and monitor the acceptability of the posts and follows received by your known accounts.
Securing the known and protecting against the unknown cannot be done without the right technology. You can’t manage what you can’t see. Communications over social media happen at an incredible scale and velocity, with messages and interactions running to this day. Social media cyber security threats can lurk anywhere, across both the surface and the deep web.
Before security teams can think about crafting and implementing policies and procedures to protect their social media accounts, they need the reach. Once companies have a view over their entire social media footprint, then they can start to combat these security threats. This holistic view requires a platform that can search for and gather up every part of a company’s social media footprint for centralized action.
A digital risk protection platform can use AI to detect fraudulent social media accounts, and use monitoring tools to scan the social media space, listening for mentions, comments, and posts that contain specific words and phrases. These tools can learn and understand meaning and context, making them extremely effective in spotting red flags.
And once the detection is complete, effective tools give enterprises the power to take action, whether that’s initiating takedowns or block high-risk followers. Catching impersonators and fraudsters in the act is all well and good. However, to fully execute on social media risk mitigation, security teams need to be able to act on alert with a platform that takes down these accounts.
Protecting your company against social media cyber security threats is a complex job, and comprehensive security requires granular and specialized policies. Set your enterprise up for success and use the right security technology. The SafeGuard Cyber platform allows you to secure the known, and protect against the unknown.
June 2, 2020