Hold that Post! Is Your Company Safe from Social Media Hackers?September 22, 2015
| Suzanne Hausknecht
Social media presence is imperative for any business. Company or property pages on Facebook, Twitter, Google+, and the like are typically free and relatively easy to manage. But what happens when these sites open you and your business up to risk?
You may recall last year when a US Airways employee, responding to a customer via Twitter, inadvertently included an incredibly inappropriate picture. The post was deleted an hour later, but the damage was done. While an embarrassing post is one thing, perils can go beyond awkward into the realm of financially costly or even personally dangerous.
Consider these often overlooked risks before hitting that “post” button.
- Cross-site scripting (XSS). Most often seen on Facebook, this scam refers to links or buttons taking you to an external webpage that prompts you to enter personal information or runs a background script on your machine. This malware can access cookies and other sensitive information and even rewrite the content of the HTML page. Scammers often take advantage of current trends and holidays to get your attention (think: “Create Your Presidential Name!”).
- Clickjacking. Twitter, of course, is not immune. Hackers will take advantage of current events, say, the current refugee crisis, to tweet requests for money under false Red Cross and other charity accounts. Scammers will also post malware under links disguised as news videos or shortened URLs, given Twitter’s character limit.
- Data-Mining. This is most common on professional sites such as LinkedIn. Scammers take advantage of company data such as employee names and history to launch phishing scams. Cybercriminals masquerade as trustworthy sources in attempt to acquire additional sensitive information such as usernames, passwords, and credit card details.
So how can you protect yourself and your company?
- Use common sense. Bottom line, if you are unsure of the source of a link, or the topic or context seems strange, don’t click it. If a link ever brings you to a page in which you are asked for your password, abort immediately! And, never provide sensitive information via email or websites. Train your staff accordingly.
- Review social media site privacy policies and settings. As a start, disable automatic social media sharing settings, then go back and select only those that work for your business. Most social networks also offer the ability to block certain followers or advertisers. Lastly, explore the site’s Security or Help Center for useful information. For example, your business can follow @safety on Twitter for the latest news.
- Implement a company social media policy. Don’t ban social media entirely—employees who want access will get it, making your network more vulnerable. Instead, have a policy in place outlining expectations of staff including what can and cannot be posted on personal pages, and how to set up privacy options. Some companies even go so far as to request that employees do not link the business to their personal pages in any way. Any policies should be continuously updated, monitored, and enforced.
- Ensure IT staff is well-trained. One of the best lines of defense is your company’s technical staff. Ensure that they are in-the-know on the latest social media scams and how to avert them. Keep operating systems and antivirus software up-to-date. Hold knowledge share sessions between IT and other company staff to share the latest information.
About the Author
Suzanne Hausknecht is a Senior Curriculum Developer at IREM Headquarters in Chicago. She works with IREM members to develop classroom and online courses.