With social media and online platforms driving sales, client engagement and marketing in many businesses, it is small wonder that cybercriminals are increasingly targeting social media and other accounts of businesses. In this article we look at some of the risks businesses may face and basic steps a business can take to make their social media accounts safer.
Social media accounts by their very nature are exposed online. This provides visibility and marketing benefits but also increases the possibility of abuse. With the media often sensationalising attacks on larger corporates, it can be easy to assume that smaller businesses are not typical targets for cybercriminals or hackers. A dangerous assumption to make, as individuals and businesses of all sizes are increasingly falling victim to attack and compromise. South Africa is also gaining renown as an international hotspot for cybercrime.
What should be remembered is that although your business may not be the main target of cybercrime, a business account may form part of a larger scheme through which cybercriminals seek to impersonate an account owner with the intent to facilitate some form of fraud or to uncover confidential data of your business for further crime activities. Where a cybercriminal has gained access to a user’s device such device can be manipulated to launch cyberattacks against the business, its stakeholders, or its customers or partners. This not only leaves your business vulnerable but also threatens the trust of stakeholders, customers or partners of the business.
When one considers that many businesses process personal information or have access to communities of users through which insight into their information, conduct, patterns etc. can be gleaned, it becomes understandable that cybercriminals would wish to gain access to such information for manipulation and abuse. Often sensitive financial information such as credit card or banking information is also shared via such accounts as a business legitimately engages with its customers.
Should unauthorised access to such accounts therefore be obtained by third parties, it could pose significant risks for a business, should they not have taken adequate safeguards to prevent such unauthorised access.
To reduce the risk surface for businesses, the following general steps can be taken. Although this will not negate risk, it will limit the innate vulnerability to attacks that a business may have.
Access control to accounts of the businessLimiting the number of users that have access to a business’s social media and other key accounts, as well as enforcing the strictest password credential options and ensuring that users treat passwords confidentially, will go a long way in helping secure your accounts. Often too many users have access, or password selection is too obvious or simplistic, encouraging easy account hacking or uncontrolled account access.
Social media practices Linking closely with access control is robust social media practices within a business, which can be evidenced by a social media policy. Such a policy can regulate acceptable use by employees operating on social media accounts of the business. Such a policy could address aspects like:
- Password control and requirements.
- Multi-factor authentication prerequisites for logging into social media accounts (where available).
- Software or application update requirements.
- Allowability of linking or integration with third-party software or applications that could compromise or pose risk to your business accounts.
- Authorised devices through which business accounts may be managed.
- Processes for dealing with potential attacks, hacks or breaches.
- Guidelines of acceptable use of business accounts i.e. what data may be shared via business accounts, what type of transactions are allowed/not allowed, what type of communication is allowed etc.
- Training
Social media monitoringBusinesses would be well advised to keep a watchful eye on the type of information and engagement taking place on their business accounts. This may assist in identifying risks or breaches of a business’s policies or procedures.
Up-to-date security environmentRegular review and updating of the business’s security environment to ensure that devices are secure and software up to date. As obvious as this sounds, many businesses fail to do this increasing their vulnerability to attack.
The above are a few basic but, nevertheless, important steps you as a business owner can take to ensure control of your social media accounts and limit the opportunity for a cybercriminal to gain access and use your accounts for illicit purposes.
For guidance on how to establish a controlled policy environment for your social media accounts and use, feel free to contact our Compliance Team for assistance.
Visit our Compliance Team page.
Disclaimer: This article is the personal opinion/view of the author(s) and is not necessarily that of the firm. The content is provided for information only and should not be seen as an exact or complete exposition of the law. Accordingly, no reliance should be placed on the content for any reason whatsoever and no action should be taken on the basis thereof unless its application and accuracy have been confirmed by a legal advisor. The firm and author(s) cannot be held liable for any prejudice or damage resulting from action taken on the basis of this content without further written confirmation by the author(s).