Social media has rapidly become a standard for digital communications and business connectivity, providing organizations with unprecedented ability to build brand, engage customers and expand their reach. Despite recent negative headlines, social networks usage for businesses and their employees alike consistently trends upward. It’s become a staple, if not the very foundation, of a modern go-to-market stack. However, not everyone as jumped on board. In this post, we will discuss the reasons that social media avoidance may not be the best protection and how to protect yourself across the public attack surface.
Why are some businesses wary of social media?
Whether due to privacy concerns, staying off the grid, security ramifications, compliance risk, business requirements or a multitude of other reasons; the impulse to abstain from social media platforms is understandable.
Some businesses and government agencies mandate that their executives and employees, especially those with critical access to systems, do not expose on social media who they work for, details about their role and so on. Or, as in recent news, government entities may ban the use of a social network like TikTok altogether.
Avoiding social media in some capacity or another is more common than you might think. It includes many well-known government officials, athletes, business leaders, and a surprising list of celebrities, such like Jennifer Lawrence, George Clooney, Bradley Cooper, Scarlett Johansson, Brad Pitt, Angelina Jolie, Mila Kunis, Emily Blunt, and Julia Roberts. Even @apple, the official account of the 2nd most valuable company in the world, has never tweeted.
Security issues of avoiding social media
Skeptical people and businesses may believe that abstaining from social media entirely is a no-brainer solution to avoid the security issues associated with the networks. However, avoiding social media, especially for any business or stakeholder with a public presence, actually exposes you to a variety of security issues.
For example, if you are not on social media, it is all the more easy for an impersonator to spoof your business and scam your unsuspecting customers. And because you are not monitoring the social media site for mentions of your brand, scammers can go months or even years before they are caught.
Remember that because of the explosive rise in social media, most users have come to expect that every person or business is accessible on social networks. Just like with @apple, even though they are not active, other users can find and mention them in posts, making it much harder for a fraudulent account to hijack their online presence. Regardless of whether you create an account or not, other users will seek to engage with you, creating a perfect opportunity for an attacker to assume your identity without resistance. If you have not created your own authoritative account, the user will assume the attacker account is legitimate, opening the floodgate for a variety of malicious activity, including phishing, social engineering, malware delivery, fraud & scams, account hijacking and further pivoting to other users or into corporate networks.
Attackers also recognize that the less amount of time whoever they are spoofing spends online, the less likely their fake account will be found out. If I am online, engaging with users and actively creating content, I am far more likely to identify or quickly be alerted to an impersonation or other malicious activity exploiting my business. The mechanisms for reporting a fake to the person or business being victimized are much more difficult if you aren’t present on the platform on which you are being impersonated.
How to protect your business and executives on social media
ZeroFox strongly recommends that, at very least, you ought to create a placeholder account across the various social networks for your business and major stakeholders. Although this does not require active participation on the platforms, building placeholder accounts provides a point of authority for other social network users and dissuades spoofing. Without creating this account, any cybercriminal or scammer can hijack your identity with ease. In fact, attackers often look for people or businesses without a social media presence to ensure that their fake account appears all the more legitimate. They also realize that users who so not spend any time on social media are much less likely to stumble across or otherwise identify accounts spoofing their identity.
Ultimately, participation on social media is a personal choice. However, by having a secure claim of your identity on these networks, you can limit the effectiveness and longevity of fraudulent and spoofed accounts.
To learn more about how to protect your brand online, download our 5 Step Guide to Brand Protection.