Procedures for Social Media Threat

How to gainsay the top 5 enterprise social media risks in business

Acquire how social networking sites compound the insider threat risk, and explore how to mitigate the threat with policy, preparation and applied science.

Security professionals have experienced a sharp uptick in the complication and quantity of challenges in the modern threat mural. From IoT to BYOD, there are numerous technologies and threats today that did non exist prior to the early on 2000s.

Social media is 1 area where security teams accept faced a steep learning bend. Across beingness used by employees connected to corporate networks, platforms such as LinkedIn, Facebook and Twitter have been harnessed by enterprises every bit toolkits to deport brand awareness, customer service, advertising and recruitment processes. Nevertheless, each user on every platform presents a social media take a chance for security pros to fence with -- and the risks are plenty.

From social engineering and malicious applications to noncompliance and fraud, organizations must understand the scope and consequences social media.

Here are the top 5 risks enterprises may contend with. Learn most the tactics used by bad actors online and how policy and applied science tin can mitigate risk.

ane. Social engineering

Social engineering attacks often involve a phishing scam on an individual or target audience. While employees may be vigilant well-nigh such attacks via spoofed emails, social media is rife with unsuspecting phishing victims.

In some cases, bad actors ship straight messages on a social networking site with malicious links, images or other attachments. One time recipients click on the spam file, malicious code is delivered to their device. Chosen steganography, these attacks may be orchestrated with malicious intent or may originate from compromised social media accounts whose owners may be unaware of the distributed malware attempts.

Steganography is a common attack vector on popular social networking platforms with messaging functions, including Facebook and WhatsApp. Jeff Bezos, billionaire and founder of Amazon, became a high-profile victim of a social media phishing assail when he received a video message from Saudi Arabia's crown prince, Mohammed bin Salman, in 2018. The video hid lawmaking that implanted malware onto Bezos' iPhone Ten, enabling admission to his entire device, including messages and photos.

2. Third-party applications

Quizzes, games and third-party widgets or applications often include remote lawmaking. This presents a significant social media chance because it is challenging to predict what will load. Near social networking sites filter out scripts and browser exploits posted inside user content. However, these filters have been proven to be imperfect. Sometimes, a unique encoding scheme or obscure scripting fob makes it through, resulting in worms or other attacks.

Additionally, some nonmalicious applications may create opportunities for malicious programs. For example, a user who plays a word game on Facebook may search online for crook codes to improve game scores or avoid paying money for in-app purchases. These cheat codes are often Trojans that requite a bad actor backdoor access to the device, install ransomware, activate the camera or microphone, or record keystrokes to steal passwords, browser history and more than. For something as seemingly inane every bit a social media game or quiz app, the potential consequences are significant.

3. Fraud

Bad actors can effectively infiltrate corporate or employee social media accounts to glean sensitive information on the visitor and its customers and users. Employees may unknowingly have friend or connection requests from bad actors disguised as peers. This is an intelligence-gathering tactic.

In 2012, a group of cybercriminals posing as Facebook security authorities contacted various Facebook users, challenge their accounts were compromised and offer a link to verify their identity. Users who clicked the link were directed to a malicious site that collected their login data. Armed with a legitimate user's credentials, attackers can easily pose as peers and co-workers and intercept data well-nigh their organization's customers or policies. A seemingly innocuous message from a co-worker on social media may not seem suspicious, just this type of fraud is potentially damaging if the victim is connected to an enterprise network or has access to its accounts and fiscal documents.

4. Noncompliance

Communication applications and channels enable employees within a company to commutation information that may exist field of study to -- and in violation of -- privacy regulations. Noncompliance is often acquired past sharing or leaking customer, client, contractor or company data. For example, nether HIPAA, employees working at healthcare facilities cannot post photos or videos to social media that could identify patients. Consequences of privacy regulation noncompliance tin can result in disciplinary action, termination, criminal charges or fines on the employee and their employer.

Compromised data is not the only way an organization could discover itself in regulatory noncompliance. Financial disclosure regulations must as well be considered when posting on social media. In 2018, the U.S. Securities and Exchange Commission charged two celebrities -- professional boxer Floyd Mayweather and entertainer DJ Khaled -- for violating federal securities laws after each party promoted investing in initial coin offerings on Twitter and Instagram.

5. Copyright violation

Infringing on copyright or trademarked material is another example of a social media risk in the enterprise. In the event of an infringement by an employee via social media, the employer may be subject to substantial damages. To avert copyright violations, employees must be trained to vet content before posting online. They must be given information on how to place whether a social media mail service contains someone else'south original work and whether distributing the content is legal under the police. One option to mitigate copyright infringement is to designate an in-house or available legal counsel with whom employees tin consult about copyright questions.

How to mitigate social media risks

Organizations should institute a social media policy that sets online behavioral guidelines for employees, so as not to betrayal the company to potential compliance, reputation or fiscal amercement. Behavioral guidelines enable organizations to standardize how employees present themselves online. For example, companies may dictate how employees identify themselves if connected to the company while on social media platforms, such every bit LinkedIn or Facebook.

Social media training is also important. Be upfront with employees about corporate social media measures, and be certain to give them a risk to voice questions nigh social media policy, security and best practices.

Some security leaders disable scripts in browsers when users admission social networking sites on network-connected devices. This can exist washed past adding social sites to a different security zone in your browser -- for example, restricted sites -- where browser scripts can be disallowed.

While limiting access to platforms can mitigate social media risks, it may non be possible at every workplace. Many employees use social media platforms at piece of work to connect and network with peers and access new information or industry trends. It may be unreasonable or impossible to prohibit social media tools in sure workplaces. But, by equipping users with training and sensation, they can be empowered to practise security and discretion in their piece of work and everyday online lives.

Incorporating secure technology controls is another constructive mode to mitigate social media risks. Organizations tin can defend their assets by running up-to-date browsers and antispam and antimalware products that discover suspicious advice and defend against malicious attachments in social media interactions. Many enterprise security programs also include VPNs, single sign-on and countersign managers.

Next Steps

ITOps security requires attending to training

Data breach risk factors, response model, reporting and more

Combat the human being aspect of take chances with insider threat direction

This was last published in February 2020

Dig Deeper on Application and platform security

• 

  spear phishing

  

  Past: Mary Shacklett

• 

  How to handle social applied science penetration testing results

  

  By: Kyle Johnson

• 

  whaling attack (whaling phishing)

  

  By: Ben Lutkevich

• Parler collapse opens door to phishing attacks

  

  Past: Alex Scroxton

Related Q&A from Katie Donegan

Manage unsuccessful login attempts with account lockout policy

Learn how to create account lockout policies that detail how many unsuccessful login attempts are allowed before a password lockout in order to ...  Continue Reading

How to use a public key and private fundamental in digital signatures

Ensuring authenticity of online communications is disquisitional to conduct business organization. Larn how to utilize a public key and private cardinal in digital signatures ...  Continue Reading

Comparing policies, standards, procedures and technical controls

Infosec pros may accept -- incorrectly -- heard the terms standard and policy used interchangeably. Examine the differences amongst a policy, standard, ...  Continue Reading

Share this post