Social media has rapidly become a standard for digital communications and business connectivity, providing organizations with unprecedented ability to build brand, engage customers and expand their reach. Despite recent negative headlines, social networks usage for businesses and their employees alike consistently trends upward. It’s become a staple, if not the very foundation, of a modern go-to-market stack.
However, not everyone as jumped on board.
Whether due to privacy concerns, staying off the grid, security ramifications, compliance risk, business requirements or a multitude of other reasons; the impulse to abstain from social media platforms is understandable. Some businesses and government agencies mandate that their executives and employees, especially those with critical access to systems, do not expose on social media who they work for, details about their role and so on. For many, this means not having an account at all. Others abstain for more personal persons. Some businesses still block social media at work, though that trend is on the decline.
Avoiding social media in some capacity or another is more common than you might think. It includes many well-known government officials, athletes, business leaders, and a surprising list of celebrities, such like Jennifer Lawrence, George Clooney, Bradley Cooper, Scarlett Johansson, Brad Pitt, Angelina Jolie, Mila Kunis, Emily Blunt, and Julia Roberts. Even @apple, the official account of the 2nd most valuable company in the world, has never tweeted.
Skeptical people and businesses may believe that abstaining from social media entirely is a no-brainer solution to avoid the security issues associated with the networks. However, avoiding social media, especially for any business or stakeholder with a public presence, actually exposes you to a variety of security issues.
ZeroFox strongly recommends that, at very least, you ought to create a placeholder account across the various social networks for your business and major stakeholders. Although this does not require active participation on the platforms, building placeholder accounts provides a point of authority for other social network users and dissuades spoofing. Without creating this account, any cybercriminal or scammer can hijack your identity with ease. In fact, attackers often look for people or businesses without a social media presence to ensure that their fake account appears all the more legitimate. They also realize that users who so not spend any time on social media are much less likely to stumble across or otherwise identify accounts spoofing their identity.
Remember that because of the explosive rise in social media, most users have come to expect that every person or business is accessible on social networks. Just like with @apple, even though they are not active, other users can find and mention them in posts, making it much harder for a fraudulent account to hijack their online presence. Regardless of whether you create an account or not, other users will seek to engage with you, creating a perfect opportunity for an attacker to assume your identity without resistance. If you have not created your own authoritative account, the user will assume the attacker account is legitimate, opening the floodgate for a variety of malicious activity, including phishing, social engineering, malware delivery, fraud & scams, account hijacking and further pivoting to other users or into corporate networks.
Attackers also recognize that the less amount of time whoever they are spoofing spends online, the less likely their fake account will be found out. If I am online, engaging with users and actively creating content, I am far more likely to identify or quickly be alerted to an impersonation or other malicious activity exploiting my business. The mechanisms for reporting a fake to the person or business being victimized are much more difficult if you aren’t present on the platform on which you are being impersonated.
Ultimately, participation on social media is a personal choice. However, by having a secure claim of your identity on these networks, you can limit the effectiveness and longevity of fraudulent and spoofed accounts.