Successful companies use their social media presence as part of a multi-channel approach to advertising, marketing, and branding. While it’s a basic part of doing business in the internet era, it can also be dangerous. Here’s how to protect yourself from cyberattacks on your business social media profiles.
Why is social media security important?
If hackers access your social media profile, they could access extensive information about your customers and business, which poses risks to you, including:
- Threat to your business bank account information: Recent trends show an increasing amount of bank accounts being compromised using hacked social media data.
- Data breaches of customer information: Your social media credentials could unlock a database of personal information like names, addresses, phone numbers, and credit card numbers which hackers can sell or exploit.
- Hit to your business reputation and trust: Getting breached by a hacker will damage your company’s security reputation, no matter how well you respond to it.
- Compliance fines based on consumer protection regulations: Any breach compromising your client data could result in heavy fines from regulatory agencies. It’s your responsibility to make sure customer data is protected.
What are the most common types of social media security threats?
Phishing and smishing attacks
A phishing scam is a type of fraud involving emails, phone calls, or texts (also known as smishing) that ask you to click a fraudulent link. This scam is designed to trick you into sharing your sign-in credentials or other personal information, or downloading malware.
Spoofing sites
A spoofing site is a website that mimics another. This can be done by buying a URL with minor differences from the original, such as an ‘l’ in place of a ‘1.’ Once the spoof site is built, the scammer can phish users by creating email addresses with the fake domain name or invite customers to sign in to the spoof site.
Malware
Malware is malicious code that’s installed on your device without your knowledge. It can run in the background, stealing passwords or money. Some types can also spread to other devices on your network.
Hacking/session hijacking
A ‘session’ refers to when you (the user) interact with a computer system, whether that’s a website, browsing cloud files, or using a program or app. A hacker can intercept this communication between you and the system to either gain control of a session you’re currently in or start a new session later under your identity.
For example, if a hacker gained access to your website code, they could add malicious code which recorded all your customers’ sign in credentials, or they could add extra items to your customers’ carts.
SIM card swapping
A SIM card swap occurs when a hacker fools your phone carrier into switching your cell service to a different SIM card under their control. This means the hacker will receive all your texts and calls and also have access to all your phone data. This is a particularly useful method for skirting two-factor authentication.
How to protect your business social media accounts
1. Use secure passwords
Use different secure passwords for each of your social media accounts, made up of random combinations of letters, numbers, and symbols. Change them regularly and keep track of them with a reputable password manager.
2. Consider multi-factor authentication (MFA)
Every major social media platform offers multi-factor authentication, via facial recognition, biometrics, text authorization, or authenticator apps on your phone.
3. Manage team access carefully
Cyberattacks can come through users with permissions that weren’t vetted properly or through former employees that were never removed from your system. Use a platform that makes it easy for you to manage employee permissions and quickly remove former employees after they leave.
4. Set up a VPN
When you connect to a social media website or app, your computer connects to that company’s server. A virtual private network (VPN) is an extra link between you and that server that encrypts your data, meaning only you and the site you’re visiting can see your information. An attacker trying to hijack your session will only see the encrypted connection between the VPN and the server.
You | → Your information | Server |
vs.
You | → Your information | VPN Encrypts your information | → Your encrypted information | Server |
5. Research third-party tools
Third-party tools can make your company’s operations more efficient, but you’ll have less control over their security. Research the security protocols of any third-party tools you may wish to use. For example, plug-ins that automatically post to your social media accounts.
6. Encrypt media files
When you encrypt a file, your computer will scramble that media file so that only you can read it. Anyone else will see a jumbled version of its information unless they have a decryption key—a guide for their computer to unscramble your file. For keeping your files private, encrypt your files using your computer’s built-in options. For sharing files securely, use a trustworthy end-to-end encryption provider like Signal, WhatsApp, or ProtonMail.
7. Avoid unknown links and scams
Always double-check the URL of a link sent to you in a social media message or comment. If it’s unfamiliar, don’t open it. According to the Federal Trade Commission (FTC), people have lost $2.7 billion in social media scams since 2021. This involves clicking links and making purchases that seem legitimate but falling victim to schemes.
8. Don’t interact with suspicious accounts
If something seems off about an account, don’t interact with them. For example, if you get a friend request from someone you’re already friends with, check with your friend first.
9. Keep employee devices updated
An old device can be vulnerable, but so can old code in a new device. Software developers are always working to find security flaws and bugs, so keep your software up to date to protect your employees.
10. Provide cybersecurity training
Inform your employees how to protect themselves from cyberattacks. Share this list and provide regular training to keep everyone up to date.
Business checking that lets you bank with confidence.