How to Manage Social Media Security Risks at Your Business
By Pekin Insurance · Oct 29, 2019 ·4 min read
Modern cyber criminals have no uniform. They often work together and with a government backing them. It might sound like an alarming situation, but you have the power to fight social media security risks at your business.
We’ll help you gain some ground as we show you examples of scams carried out through Facebook, LinkedIn, and Twitter.
What Hackers Are Looking For and How It Could Cost You
Here’s what hackers want:
- Login credentials
- Financial information like bank account numbers and credit card numbers
- Confidential customer and employee information
- Social Security numbers, phone numbers, and more
Your business’s reputation could take a big hit when cyber criminals steal this information. You’d have to worry about your budget, too, according to the Accenture 2019 Cost of Cybercrime Study.
The number of security breaches per company has gone up 67% over the last five years. In 2018, cybercrime cost companies an average of $13 million.
Here’s the simplest way to put it: more cybercrime is happening, and it’s costing businesses more money.
Where Hackers Start Their Social Media Search
Do you post employees’ contact information on LinkedIn, Facebook, or Twitter?
Hackers could send messages to employees or your official social media accounts for their schemes.
What will they ask for, though? Hackers request confidential information or ask an employee to click a link. That link could contain nasty malware designed to corrupt your systems.
New Employees, Interns, and Your Social Media Policy
New employees and interns are a wealth of information for hackers.
Stephanie “Snow” Carruthers knows all about this. She’s a “white hat” hacker who works for IBM’s X-Force Red. Stephanie and her team are paid to exploit companies’ cyber security vulnerabilities and report the findings.
Stephanie wrote an article titled, “I’m a hacker and here’s how your social media posts help me break into your company.” She discusses employees who take selfies, upload walkthroughs of businesses, and post pics of their badges on social media.
Seems harmless, right? Wrong!
This information helps hackers develop profiles of their targets.
An office selfie could reveal:
- Whiteboards with sensitive information
- Sticky notes with login credentials
- Posted office activities (like the dodgeball league) that make cyber attacks easier
What’s the harm in posting a new badge pic, though?
- A hacker can recreate the badge easily and put their own face on it. They could start in the digital world but show up in person at your business. You really don’t want them to get in.
But why shouldn’t an employee post videos from different areas in the company?
- Pretty much the same reasons why they should be very careful when posting office selfies.
There’s nothing wrong with celebrating company culture through social media. Your employees need to be very careful about what they post, though.
Use this guide to set up your business social media policy if you don’t have one.
Here are the three big points your social media policy should cover:
- Clearly state what employees can and can’t post on social media
- Say why access to the business social media accounts is given to the people who need it
- Show employees how to recognize a potential cyber scam and how to report it
What in the World Is a Whaling Attack?
Hackers go after everyone from entry level employees to executives.
If whaling attacks succeed, hackers have a skeleton key to open digital doors that should stay shut.
Whaling attacks target the:
- Chief executive officer (CEO)
- Chief operating officer (COO)
Social Media Schemes You Need to Know
Recognizing cybercrime is half the battle. You and your employees can stop it before it starts.
Everyone at your business should follow this advice from the Facebook Help Center:
“If an email or Facebook message looks strange, don’t open it or any attachments.”
Take a closer look at these examples to help your business avoid social media security risks.
Common Facebook Scams
Impersonating a Business Partner
A hacker steals images from a business partner’s Facebook page. They use those images to create a fake account.
The hacker sends a message with a request to your business Facebook account. They ask for confidential information or for an employee to follow a link.
Sending Fake News
Your Facebook account receives a message about a catastrophic event like a natural disaster or plane crash. The sender asks you to follow a link to a news site or a GoFundMe page to support victims and their families.
Posing as Facebook
This probably won’t surprise you, but cyber criminals pose as Facebook. They send emails saying your Facebook account will be canceled if you don’t send them your username and password.
Common LinkedIn Scams
View a Google Doc
In one common scam, hackers hijack real accounts and use them to send messages to LinkedIn connections. The message asks you to click a link to view a shared document in Google Docs.
The hacker swipes your Google credentials if you click the link.
That’s a huge deal because your Google credentials could give cyber criminals access to:
- Email accounts
- Sensitive documents
- YouTube channels
- And much more
Someone at your business receives a LinkedIn message from “tech support.” “Tech support” claims your account has been compromised. The instructions in the message ask you to click a link to keep your LinkedIn privileges.
Double-check the sender’s credentials. You can also reach out directly to LinkedIn on Twitter through @LinkedInHelp.
Common Twitter Scams
Watch Out for Bots
Bots are automated accounts programmed to tweet, send messages, and follow other accounts.
Not all bots are bad. Some of them work in essential notification systems.
Some bots are bad, though. Hackers use them in attempts to steal money and login credentials from your business.
Symantec offers solid guidelines for spotting bots:
- They haven’t been on Twitter long
- Their Twitter handles contain numbers
- They mostly retweet
- They tweet more often than a person should be able to tweet
- Their accounts lack a photo or biography
Pay for Followers
There’s nothing wrong with wanting to expand your Twitter presence. But there’s a “get followers quick” scheme you should avoid like the plague.
A bot account will send you a message about providing thousands of Twitter followers for a low cost. Even if you wind up with these followers, you could be banned from Twitter for distributing spam.
Don’t ever force anyone to follow you. It's a bad look!
Direct Message (DM) Disasters
Just like with Facebook and LinkedIn, an unguarded Twitter inbox could open the floodgates to disaster. Hackers use DMs and bogus links to put businesses on the hook.
Don’t take the bait! When a cyber criminal hijacks any social media account, they send out spam messages and harass your customers.
What to Do Next
You know how to spot social media scams, so pass this knowledge on to your employees.
Some hackers are really persuasive, though. What happens when someone at your business follows one of those bad links we’ve discussed?
You could always have a plan for financial and reputational damage caused by data breaches. Our data compromise coverage goes to work when you need it the most.
Talk to your local, licensed Pekin Insurance agent about adding data compromise coverage to your business insurance plan.