It’s long been known that social networks are viewed by cybercriminals as rich hunting grounds. Using social engineering techniques, they can obtain information through posts and images from social media profiles to launch targeted phishing attacks. Counterfeiters are also using increasingly sophisticated methods to dupe consumers into purchasing fake goods through social media. Panda Security recently warned of a new online scam propagating through Instagram’s advertising platform, where discounts of up to 70% on leading clothing brands are targeted at users who through their profile are most likely to ‘bite the hook’.
However, the risks lurking behind social media platforms are not restricted just to the individuals that use them in their personal lives. If those individuals are in active employment, it’s highly likely that they will access their own personal accounts during working hours, either for personal purposes when on a coffee break or lunch, or for professional work related to activities such as networking. A 2016 survey conducted by US software company Sprout Social revealed that 7 out of 10 employees use social media at work, yet less than half of those surveyed said the companies they worked for gave guidance on the use of social media.
It is imperative that companies have in place a clear social media security strategy, yet studies by the Pew Research Center in the US found that just over 50% of businesses don’t. Social media sites don’t present completely new cyber threats but they do greatly increase the risk of falling victim to existing ones. By not taking the issue seriously enough they are risking exposure to a variety of potential threats, ranging from negative comments about the company by their own employees to possible involuntary breaches of confidentiality regarding the publication of corporate information.
Such a strategy should clearly define to employees what they can and cannot do on social media during working hours, starting with the obvious but often overlooked rule of not clicking on dubious or unknown links, such as those so commonly found nowadays on Facebook and Instagram.
A coherent strategy based on a full assessment of the social media risks, both by the company’s IT and Marketing divisions, and backed up from input from legal, compliance and operations, will help protect against some of the dangers lurking in the depths of social networks.