Here at ZeroFOX, we get asked all the time, “what are your social media security best practices?” We’ve been experts in the space for some time and we’re always happy to spread the good word. Here are our top observations and 7 social media security best practices:
Why Social Media Security Matters:
- Social media is an often overlooked area when it comes to information security. Because social is sometimes treated like a personal communication tool rather than a business platform, risk monitoring & governance, employee security awareness and corporate security policies are rarely in place. But social is undeniably a business system, one that we use daily to communicate with our customers, grow our revenues and engage our employees. In fact, organizations spend on average almost 25% of their entire marketing budget on social.
- Fixing the neglect for social media security is a bit more tricky than simply realizing it exists, because unlike traditional business platforms (think email), the enterprise doesn’t control the data or the access. Organizations need to take a different approach. They need to build employee awareness and social media security best practices around the dangers of targeted attacks and cybercrime on social media. They need to expand their phish testing to social media. They need to implement real-time external risk monitoring capabilities to identify when a targeted attack is happening. Most of all, they need to be able to remediate risk.
- Social media represents the largest modern threat vector: it’s got more connectivity (billions of people), it’s more trusted (everyone is your friend) and it’s less visibility (simply by it’s nature) than any other communication or business platform. Security teams need to join their sales, marketing and customer success groups in the digital era, follow social media security best practices and implement risk monitoring & remediation technology around social media to secure their organization’s future.
Social Media Security Best Practices (for everyone):
- Check if you have been compromised already. Check haveibeenpwned.com which has an easy search function to see if your email address has been leaked from some of the biggest hacks to date. While this site does not cover every leak, it should give you some insight into just how big of a risk cybersecurity is to our ever-connected society. If you do not show up on this site now, be wary that the next breach could have already happened, and you don’t even know about it yet.
- Enable multi-factor authentication. This should be standard security practice for everyone online today. Multi-factor authentication forces anyone logging into an account to supply a code sent to an external device or use other 3rd party software.
- Avoid password reuse at all cost. We know it can be difficult nowadays, when everyone has several dozen logins, to generate and remember unique, robust passwords. We suggest a password manager, which can automatically generate and store passwords, such as the popular Dashlane and LastPass products.
- Update your security settings on all digital and social channel regularly. There are lots of good step-by-step privacy guides online to help get your settings secure.
- Curate your connections. Cleaning out “friends,” followers, connections and more can take some serious time. While having the most connections may have seem like a popularity contest, it is also a huge liability to both your personal and professional life. The more connections you have, the more potential ways for a fraudulent or compromised account to send you a malicious link. Not everyone is as aware as you are, and friends may share things they don’t realize are malicious. Remember that while these networks are social in nature, that does not mean that they are particularly safe.
- Monitor social media and digital channels for business and security risks. Continuously watch for phishing links, fraudulent accounts, scams and more. Invest in a digital risk monitoring solution like ZeroFOX to do this automatically and at scale and help you remediate malicious content.
Most of all, take social media security seriously. Learn to protect yourself and, more importantly, your business. Although the least impactful of social attacks, account takeovers, are often relatively harmless vandalism and trolling, imagine if a cybercriminal blasted your [enter number of followers] followers with a fake coupon (“2016/7 season tickets half-off for the next 30 minutes! #discount #football”) appended with the latest and greatest malware. Imagine the cataclysmic fallout of a cybercrime at the scale and speed of social media.
- Stay vigilant! Humans are simultaneously the weakest security link and the strongest defense. Whenever you’re online, remember that bad things can happen. Everyone should analyze accounts, links and direct messages with a careful, skeptical eye. When in doubt, don’t click.
Social Media Security Best Practices Checklist (for Security Teams):
- Work with marketing to gain access to social accounts
- Continuously monitor corporate social media accounts for cyber threats
- Blacklist/block malicious URLs and IPs found of social media
- Establish workflow for dealing with social media cyber crime targeting the organization
- Takedown malicious posts and profiles
- Test employees on susceptibility to social media cyber attacks
- Train employees on safe usage, best practices, and what to do in the event of an attack
- Work with marketing to keep a close eye on social media initiatives and campaigns
Be sure to follow these social media security best practices, and stay safe out there on social media!