Imagine this common scenario, an employee named John posts some politically charged content on his Twitter account and attracts the attention of many people who disagree. Among those who disagree is a group of hackers, so they decide to dox him. John, trying to maintain a persona online, decides to taunt his opposition. John’s work details get leaked and suddenly your company is being tied to his behavior. The hackers John unknowingly upset are actually more sophisticated and decide to craft some ransomware to attack your organization. The hackers also decide to do some intensive research on Linkedin, even to the point of making fake accounts to get closer to your organization.
Now they’ve begun tracking John, your company social accounts, executive team accounts, and those of John’s peers. After a few weeks they’ve gathered enough data to talk like someone in your organization and send out a few phishing emails. John opens up the email at work and unknowingly installs malware on your system. John is sent a tweet with your company’s handle included. The tweet is just a smiley face emoji from the hackers. Suddenly all your files are encrypted and your company’s computers display a ransom note demanding payment in twenty-four hours or else all of your company’s files get deleted.
Above we see an example of how an employee’s actions on social media can put your company at risk. Not just the employee but there was enough published on social media to where hackers could analyze how best to socially engineer your staff into installing their malware on company systems. This is just one of many risks associated with using social media. However, just because there are social media threats doesn’t mean you need to absolutely abstain from it.
Social Media Threats
John’s recklessness above demonstrated one type of threat from negligent insiders in your organization. However there are many more that can arise when using social media for your business.
Every post, tweet, snap, and gram all leaves clues about who you are and how your organization operates. All a clever hacker has to do is data mine your social media accounts to gain insights about your company. For every major social media platform there are third party applications that give any user the ability to draw insights from any account. Additionally with websites like Linkedin, the addition of any Linkedin user gives you access to their email account when you download your data as a csv. Such data bits do leave your organization exposed to continuous analysis until a cyber criminal finds the exact insider knowledge they need.
- Malicious Files and Links
People have a lot of trust in social media and almost anything uploaded on them or posted. Most websites now allow url shortened links which often mask where the user will be taken. These links have the capability of taking a user to fake websites or even trigger an automated download. As far as malicious files, there was a ransomware case last year nicknamed “ImageGate” which spread ransomware with an image uploaded on social media. The sites that were targeted were Facebook and Linkedin. Locky, the ransomware, spread through these sites for sometime before the major platforms were able to patch their networks.
- Social Media Phishing
One of the more recent popular trends in the business world has been brand impersonation. Business in the past have dealt with this in fake emails being sent out or fake products. However, this time is different, as accounts are faking being the company’s customer service division. This provides the illusion of comfort to unsuspecting customers who may then give up their personal details and credentials. Even your employees may be susceptible to this.
Hackers with political or socially motivated ends are often called hacktivists. The example at the beginning of this article was an example of hacktivists exacting revenge on someone they disagreed with on social media, and the company got caught in the crosshairs. These hacktivists often act with the intent of sabotage or exposure. The Panama Papers leak was an act of hacktivism as well as the infamous NSA leak. The trend is not slowing down and is expected to increase over the next few years. Malicious hackers with financial motivations are one threat, but hacktivism poses a whole other set of challenges. Online brands must be careful to avoid political landmines or else they can fall victim to very targeted attacks
Your Surprise Social Media Cyber Security Ally: Marketing
At the intersection of cyber security and social media is your marketing department who are the gatekeepers to your brand integrity. Marketing has the ability to identify fake social media accounts and warn current customers about them. Marketing is able to ensure messaging doesn’t incite conflicts or leave behind compromising information. It’s an ideal arrangement to ensure your security team and marketing team are in sync with one another.
Cyber threats keep growing and social media is not any safer than other websites online. It’s important to be vigilant with security on your social media accounts. This will help ensure your company is not compromised in any way. People and organizations rely on social media to acquire information now, so abstinence is not the answer if you want to be successful with marketing.