If your company employs social media to engage and build relationships with current and prospective customers, you face a security risk. While social media is a cost-effective and interactive way to promote products and services to a target audience, it is also a fertile ground for hackers, phishers, and other scam artists. Marketers don’t just need to be savvy with their content and metrics; they need to understand the threats they face and be vigilant in preventing attacks on their company’s customers and brand.
AMA Baltimore spoke with Sara Ayoub, Senior Director of Demand Generation at ZeroFOX, a Baltimore-based company specializing in social media security and digital risk monitoring, about the cybersecurity risks to corporate social media accounts and how companies can protect themselves. While companies in any industry are at risk, Ayoub noted that financial services, retail, sports and entertainment organizations are most attractive to hackers.
- Target phishing and malware. Hackers send a company’s employees a malicious link or image through social media sites. Whenever anyone clicks on it, malicious code is launched on their computer to steal data or lock/encrypt files, the latter resulting in a demand for money to unlock the files, known as a ransomware attack. This infographic from ZeroFOX illustrates how hackers can infiltrate enterprise networks.
- Corporate and executive impersonators. This occurs when a fake account in the name of a company leader or member of their board of directors is created with the purpose of spreading malicious information about the company. Ayoub pointed out that even companies without a social media presence are at risk for this type of attack.
- Customer fraud. Hackers send a malicious link via social media designed to look like it came from a company’s account, usually disguised as a discount code. When the customer clicks, they are hit with a virus. The company’s relationship with their customers is significantly compromised as the customers hold the company responsible.
- Planned attacks. These include DOS (denial of service) attacks or cyber defacement, where a company’s networks or website may be shut down (users unable to access) or defaced with political or other activist messages. Hackers can use a company’s own social media accounts to spread malicious content.
- Hashtag hijacking. Someone adopts a hashtag already in use by a company and uses that to spread malicious information or viruses.
Ayoub noted that the repercussions of these attacks depend on how quickly the threat is identified and remediated. Often, organizations turn to ZeroFOX and similar companies to employ monitoring tools that use an AI platform to process and analyze data and then alert and assist the company in remediating suspicious activity on social media.
Best practices that businesses can implement to protect their brand and customer relationships on social media:
- Check if any of your social media sites have been compromised at the following link: haveibeenpwned.com
- Enable multi-factor authentication (i.e. users required to provide 2 pieces of evidence to verify their identity and access) for social media sites.
- Avoid password re-use. Each employee managing social media accounts should have a separate password. Never use the same password for more than one account.
- Update security settings for each site regularly.
- Secure your connections and followers. Social media managers should look through company accounts and remove any follower or connection that looks like a fake account.
- Monitor social media and other digital channels for inappropriate content or signs of hacking.
- Implement processes and policy for social media and educate employees on their responsibilities. “Employees can be your strongest link against cyber threats but can also be your weakest link,” said Ayoub.
By being mindful of the many ways hackers can wreak havoc through social media cyber attacks and staying vigilant to prevent and remediate the effects of those attacks, marketers can protect their organization’s brand and maintain positive relationships with those they serve.
Want to learn more? Check out this white paper from ZeroFOX featuring a detailed analysis of impersonator accounts and brand hijacking.