Social media offers a wide range of fantastic benefits to businesses. For example, using Facebook to raise awareness of products and services, obtaining leads from LinkedIn plus providing real-time customer services via Twitter. You can achieve these benefits on a small marketing budget too but there are also risks such as being hacked.
In the wrong hands, access to your social media accounts or use of information obtained from posts can cause a lot of damage to your reputation. Your business could even be put on hold. Worse still, a hack could force you to cease trading altogether.
On top of these problems, your customers will not be pleased if their personal information is stolen and leaked. Following a hack and once business has resumed, you could then be at risk of fines from data protection authorities such as the Information Commissioner’s Office (ICO).
Hacking is a big problem
In July this year, Garmin’s website fitness apps were taken offline for nearly 2 weeks following a ransomware attack. All customer service channels including call centres were put out of action too. Hackers totally crippled the company until a ransom was allegedly paid.
Even social media companies themselves are not immune from getting hacked. In the summer, Twitter was hacked when a number of employees were targeted in a phishing attack. This is the practice of sending messages or calling people where the hacker purports to be from a reputable company. Victims are then encouraged to reveal personal or security information, such as dates of birth or passwords.
Whilst it’s not possible to eliminate such risks, the following will reduce the risk of your social networks being hacked.
Social Media Policy
You should have a documented social media policy stating the benefits of social networks. The document should also clearly spell out what employees can and can’t post on their own social media and what’s expected of them. It should be specific, with examples of bad practice. For example, employees should never post photos of their ID cards as the information obtained can be used to create an assumed identity. This can then be used to create fake social media accounts or access existing ones. An ID card can even also be forged from such photos.
Pictures and videos from within the office environment should be prohibited or employees made aware that they should check photos and videos for confidential and security information. For example, post-it notes containing user names and passwords or other confidential information such as client details.
Employees’ personal social networks
It’s important to establish how your employee social networks relate to your business. If, for example, your employees regularly share your business posts, this will help raise awareness of what your business has to offer. Are you going to encourage your employees to use LinkedIn to promote and grow your business? This question needs some thought with the answer being documented in The Social Media Policy and/or in employment contracts so everyone is clear on social network ownership and use.
Guidance should be taken from an employment lawyer and social media expert (you know who to call) and the policy should be reviewed by an HR specialist.
Information Security Policy
The Information Security Policy should be updated to include reference to social networks. Just like other online services, advice on user names and passwords should be clearly documented. For example, a strong unique password of at least 8 characters with at least one number and special character should be used for each social network. Two-factor authentication (2FA) should also be set up. 2FA provides an extra layer of security and reduces the risk of hacking. It’s a system whereby a text message with a code is sent to the user’s mobile phone when a login is made from an unusual location. Alternatively, an authenticator app such as Google Authenticator can be used. All the main social networks and other services like Zoom support 2FA.
I’d strongly recommend that all company and employee social media accounts use 2FA. The Information Security Policy should be created by an IT Security Specialist and reviewed by a Human Resources specialist.
Educate yourself and employees
Ensure that you and your employees understand both the benefits and risks of social media. Bespoke social media training for you and your team and/or a documented social media strategy are recommended. These will show you how you can use social networks to achieve your business objectives. They should also cover security risks and their mitigation.
Examples of messages from hackers to look out for
For example, employees should be very careful of videos received via Facebook Messenger. In the last week alone I’ve had videos sent from 6 or 7 Facebook friends with the title “Hello. When was this video? 🤐” This is designed to stimulate your curiosity so that you watch the video. But DO NOT watch the video if you get a similar message. If you do you’ll be hacked and all your Facebook friends will also be messaged which at the very least is embarrassing. Variations of this scam video include, “Is this you”? and “Are you in this video?” So please ensure that you and your employees do not open unexpected messages with unusual titles or messages without context.
If this does happen to you, to recover your Facebook you should go to facebook.com/hacked and follow the instructions.
Setup Social Network Admins correctly
Make sure that you correctly set up Admins for your Facebook Page and LinkedIn Page. These should be managed with regular Facebook and LinkedIn profiles. You should always have at least 2 Admins to cover for holidays, sickness and emergencies. You also don’t want your sole Admin to leave for another job leaving you unable to manage your accounts. DO NOT create ‘fake profiles’ to manage your business pages as this increases the risk of being hacked. There is no need to circulate user names and passwords along with the associated security risks as you’re creating more work for yourself.
If you use a tool like Buffer this can also help you and your team manage your social networks more effectively and securely. Buffer also allows posts and tweets to be scheduled throughout each day which gives you a regular presence on your social networks and helps increases awareness.
The social web can be a dangerous place. By taking the appropriate steps above you’ll reduce risks and be better prepared if and when something goes wrong.
For more help with avoiding being hacked on social media, please get in touch.