Social media is undoubtedly part of every business now, and many are turning to LinkedIn, Instagram, TikTok, Twitter and Facebook to grow their brand presence and customer base, especially smaller businesses who are looking for quick growth. However, it’s important to not overlook the cybersecurity risks that come from oversharing or accidental sharing online.
For example, enthusiastic new starters can share an image on their first day, eager to get stuck in and promote their new position, but this could feature some confidential information for hackers to jump on. And it’s not just the new starters, senior staff are also vulnerable to exposing information or sharing damaging links.
The risks to using social media at work
Phishing attacks, links to spoofed websites, leaked data and compromised passwords are all potential issues associated with social media use.
Unmonitored or naive sharing online can be hacker heaven. For example, social posts can give scammers unique details to make phishing emails more believable. Once information is shared publicly on social media, vulnerability has opened up. Posts can provide clues to user credentials or location information. This can be even more damaging if an employee uses the same password across personal and corporate accounts, turning one success hack into multiple.
In addition to risks of oversharing online, there’s also risks of over-consumption. For example, clicking on suspicious links can bring ransomware into the corporate network, which can cause reputational and financial damage.
Tips for small businesses
To prevent potential attacks from social media use, businesses should have strong social media guidelines for staff and share this as part of their onboarding process, while regularly referring to this in cybersecurity training sessions. The risks of sharing data while emphasising the safety of both employees and the business should be clearly highlighted.
When setting up corporate social media accounts, businesses should ensure they are verified on all platforms, if possible, as this will reduce the risk of spoofed accounts. In the set up, they should ensure multi-factor authentication is turned on and passwords are as strong and secure as possible, with manual sign-in set as default. This will reduce the risk of hackers being able to sign into accounts unnoticed by staff.
Lastly, it’s highly important that corporate accounts are monitored, with a process to revoke access, recover hijacked accounts and block any malicious URLs.
Guidelines for staff
Employees can be a workplace’s biggest risk, with 47 per cent of Australian respondents reporting security naive employees as a concern in Mimecast’s State of Email Security Report, so it’s crucial to have strong guidelines in place for staff to follow. This is particularly important for social media as the line is blurred between personal and professional use.
Guidelines should be clear, concise and easy to digest for all employees. This should include:
- Clear ruling around what can and cannot be shared on both corporate and professional accounts.
- Examples of general scams and suspicious links for employees to be cautious of, as well as a list of trusted apps.
- Background into why it’s important to be cautious, once something is in public it can be hard to remove.
- A contact list/clear process for staff to report any security concerns.
- Tips on less obvious risks, including sharing images with confidential information in the background or location information, and filling out forms/quizzes online providing hackers with golden information.
All policies should be supported by consistent training to strengthen the messages and ensure they are routinely practiced. Social media use is increasing, and so are the risks.
Clear guidelines and effective training will help ensure businesses are limiting their risk to cyberattacks, while enjoying the benefits social media can bring to a business.