Some workers want to use Facebook, Twitter and Snapchat all of the time. But what should an employer do? Urban Schrott of Eset Ireland has some advice.
What is the impact of social media and the way it is used by businesses across the world?
Social media use has skyrocketed for businesses all over the world, with many companies using it as a way of strengthening their brands and reaching out to new and existing customers.
It’s clear that social media is likely to continue its popularity with businesses, although, in an age where information security has never been such a pressing issue, there are still questions that need to be addressed.
Is social media really a threat to security?
The threat posed to security by social media is nothing new. A report released by Cisco in 2013 claimed that mass audience sites, which include social media, pose a significant threat to information security.
One obvious threat is the potential for blurring the line separating personal information and company data, particularly when a user is using a social media account for both personal and work purposes.
This risk may be underestimated by workers, many of whom may believe their social media accounts are not carrying anything of interest for cyber-criminals, but they can still be used as a portal into a company’s wider network.
So is social media a weak spot?
Potentially. The use of phishing to compromise email accounts has been well documented, but they can take on a new dimension when combined with social media.
For example, if cyber-criminals can compromise a LinkedIn account, they can potentially fool others on the network into thinking they are genuinely one of their co-workers, opening up the possibility of handing over sensitive information.
But if they don’t get that far, there’s nothing to worry about?
Not exactly. Social media output is a key component of a brand’s overall image. If a cyber-criminal manages to compromise one of these channels, it could prove damaging.
For instance, in 2013, a hacker was able to gain access to the Twitter account of Burger King and then use it to display the McDonald’s logo, along with explicit obscenities. Similarly, it’s not exactly reassuring when someone like Mark Zuckerberg has his social networks compromised.
What can be done to make things better?
Setting up a rigid policy to protect company accounts is always a good a start.
A code of conduct for employees, as part of a wider cybersecurity programme, can include the implementation of strong passwords, with weak logins such as 123456 still all too common.
Other potential points include monitoring engagement with brand mentions, offering guidance on how to spot malicious software, implementing two-factor authentication and ensuring that only brand-approved content is shared.
Implementing a policy is particularly important for businesses operating more than one social media account, although it is equally important not to discourage employee participation, as this will hinder the benefits these platforms bring.
Is it the employer’s responsibility to safeguard social media security?
Employers should always try to educate their workforce on the potential dangers of social media as best they can, but employees themselves need to remain vigilant.
For example, it’s important to be cautious of links embedded in email messages, even if they appear to be from a social network provider. Always ensure links come from trusted sources. If in doubt, connect to the site’s URL directly by typing it into your browser.
Always keep track of what devices have access to your accounts, and utilise any available service that will notify you when a new login occurs.
Furthermore, workers shouldn’t risk leaving themselves vulnerable by posting potentially sensitive information on social media.
By Urban Schrott
Urban Schrott is an IT security and cybercrime analyst at ESET Ireland. For companies wary of social media in the workplace, ESET recommends its Cybersecurity Awareness Training.
A version of this article originally appeared on the ESET blog.