By the time you’ve finished reading this sentence, nearly 700 passwords have been stolen from social media accounts across the world.
Social media security breaches have the potential to cause up to $6 trillion in cybercrime damages by 2021, up from $3 billion in costs in 2015. These findings are according to a report from Thycotic and Cybersecurity Ventures evaluating the current and future state of password security. The report found that more than “3 billion user credentials and passwords” were stolen in 2016. When distilled down, that’s 8.2 million stolen and hacked passwords per day and approximately 95 passwords stolen every second.
Social media is often considered by the general public as a personal communication tool rather than a tool for business. As such, people are less likely to take important safeguards to keep their data and information safe from potential hackers. When businesses don’t take these issues seriously enough, they expose themselves to a wide variety of threats and put their secure files and important data at risk.
Aside from stolen passwords, there are other social media risks businesses should be wary of. On occasion, there have been incidents where employees have used personal social media accounts to disseminate work-related information or used work-provided laptops for non-work use, leaving them potentially vulnerable. Companies need to ensure they have social media policies and limits, which could help avoid a potentially damaging situation to the brand and organization, as well as provide a structured response protocol in case of a mistake.
Social Media Security Issues
Hacking is arguably the most well-known type of security issue due to its constant coverage in the news. It is a broad term that covers all attempts to intentionally access information or harm a system without authorization. While there are many tactics for hacking, breaking into social media accounts is typically done in one of two methods. The first method involves sending malware to a computer and waiting for user error. In 2017, the streaming service Vevo disclosed a massive data breach of sensitive internal data after one of its employees fell victim to a LinkedIn phishing campaign. Hackers figured out how to undermine LinkedIn’s network by posing as authentic profiles looking to connect with other professionals. Once a connection was accepted, the hackers were able to take over the victim’s account.
The second method is psychological hacking, in which a person unknowingly hands over crucial information to someone pretending to be someone else. This deception doesn’t have to take place online, either. When Sony was famously hacked in 2011, hackers were able to walk into Sony’s headquarters posing as personnel. After the criminals stole the computer password of a system administrator, they planted malware across Sony’s network. The malware discovered and collected passwords to numerous important files, which caused an estimated $171 million in losses.
There are many issues to consider when discussing social platform security. These include:
- Stolen Passwords
All it takes is one website to be hacked via a stolen password for hackers to gain access to an account. Recently, Reddit announced that a hacker broke into some of its systems and stole user data, including email addresses and a 2007 database of usernames and passwords Reddit recommended users who may still be using passwords similar to the ones they had in 2007 to change them.
- Connected Apps
Convenience on social platforms has created a security problem for consumers. When logging into a third-party app (i.e., Angry Birds), they’re given the chance to create a new username and password or sign in through an existing account on another platform, such as Facebook or Google. If one account is hacked, they fall like dominoes. In 2017, McDonald’s official Twitter account was compromised, and someone posted incendiary remarks about the U.S. president on the company’s page. After an investigation, officials believed the hackers gained access through a third-party app.
- Phishing or Impersonating Brands
Spear phishing e-mails are designed to appear as though they have come from a trusted source to trick targets into opening them. An increase in diligence and employee training has reduced the open rates for these emails to only 30 percent of the time. Unfortunately, spear phishing attacks through social media are opened at a much higher rate, around 66 percent of the time.
- Giving Access to Shared User Data
One of the biggest security vulnerabilities can happen within the office. Companies may use a shared virtual private network (VPN) to allow remote employees to access documents as easily as if they were on-site, and network drives provide extra external storage to keep employee’s hard drives running at high speeds. These same integrated networks that provide ease of use for employees create a superhighway for hackers. A compromised account logged into the shared network gives hackers the same access to a company’s internal information as it would to an employee.
Social Media Security Best Practices
A big deterrence to social media breaches is educating employees about the dangers of phishing attacks and weak passwords, as well as their responsibility to protect shared user data. An effective policy should include social media best practices, safety and security protocols, and training procedures. A thorough policy protects both employees and the company through outlined expectations and actionable steps when confronted with security risks. Policies are especially important when organizations have social media accounts operated by more than one employee.
A well-rounded social media security plan includes a multi-step authorization for accounts. Multi-step authorization means multiple security questions must be answered correctly in addition to supplying a password to gain access to the account. Even still, it’s recommended that companies perform an audit of their social media security at least once a quarter to ensure up-to-date security practices and identify potential security gaps.
The final, but perhaps most critical, aspect of social media security is to hire IT security specialists. These IT professionals are computer support and security administrators who assist with solving networking problems and managing hardware and software. They install security software, monitor for breaches, and eliminate viruses and other threats. Companies can maintain a staff in-house or hire consultants as needed.
Secure Your Future with King University
If you want to become a valuable asset to a company’s social media security plan, you’ll need training in cybersecurity. You can get this training from King University with their online BS in Information Technology. In our program, you’ll create a portfolio to share with future employers and gain experience in project management, policy consultation, IT plan development, and technology research methods. With King University’s fully online format, you can pursue your education while you balance your busy life, and you can complete your degree in as little as 16 months.
This article was originally published on online.king.edu