Cyber security issues have been a hot topic for years and cyber attack is nothing new, but what’s surprising is that social media can be a notorious accomplice.
Traditionally, a cyber attack happened when you, for example, opened an email containing malware. This intoxicating virus automatically triggered and penetrated your computer against your will.
People have been relentlessly fighting against these attacks. Sophisticated anti-phishing software has been developed to track down and filter out malicious emails to protect your data, servers, and computer systems.
But what seems to still be of low priority for IT departments is social media. How do potential risks appear on social media?
1. Danger is delivered via messages
You cannot actually trust with 100% accuracy that private messages coming in via social media platforms are all legitimate. By embedding some lines of code, hackers can break your social media account's password protection and intrude into your messenger. Via your account, they can send a phishing link that disguises in the form of an ordinary social post to your friends. The link leads to malware (containing either spyware, ransomware, or adware). When clicking on it, the malware is automatically downloaded and your computer is compromised. As simple as that.
This type of incident can happen to any company, and its consequence is severe. It happens, for example, when an employee connects to their own social media accounts using their company's computer. Or a digital marketing manager, who is in charge of managing your company's social media accounts, accidentally clicks on a phishing link while interacting with customers online.
Once successfully penetrated into your IT system, the hacker can steal your confidential information and attempt to extort an enormous amount of money from you. The hacker can also sell the information to a third party, jeopardizing your reputation and market share.
As a business, great customer service is the key to a successful business. In addition to replying to emails and direct phone calls, active engagement with customers on social media contributes to building a solid reputation. If someone tags you in a comment or post on social media, don't click on any link you are unsure about. The link must be from a reliable source or entail understandable texts that briefly describe the content. Or else, careless clicking will lead to a malware download, resulting in devastating damage to your computer system.
2. The risk lies behind a random image or video
Phishing emails and links have been around for a long time. But in 2016, a new "Locky" ransomware got attention. A suspicious code was embedded into images and uploaded to different social media platforms. By clicking the intoxicating image/video, the ransomware got downloaded to victims’ computer, locking their existing database, except for a text file that demanded 5 Bitcoins (about $365) in exchange for a key.
"Locky" represents one of the 2 most common missions of ransomware. Besides locking, a ransomware can damage the database of a computer or a system, which seriously hinders the operation of a company and causes financial loss. To raise awareness of the cyber attack calamity, Kaspersky Lab conducted a research that concluded that a company will need more than $713,000 on average to cover for damages due to cyber attacks. This budget will keep climbing as hackers become more skillful and mischievous.
In order to prevent any illegal penetration, you need to proactively build a strong shield to protect your computer system, starting with the human factor. Help your employees be aware of the danger when connected to their private accounts, especially when clicking on images and videos. The most extreme measure I have seen is where a company prohibits employees to connect to their own private social networks using company computers. It might sound extreme, but this might be the only way to avoid unnecessary risks.
3. Unclear internal policy related to your social accounts
Typically in bigger companies, you have multiple people sharing the responsibility to update or manage your social media accounts. This of course means that there are multiple credentials that have access to your accounts. This creates a problem in itself unless you have strict internal policy.
If someone in your team accidentally clicks on an intoxicating link or downloads suspicious application from social platforms, the malicious software will intrude into and destroy your company's computer system. If employees are sharing a credential, then you won’t even know who exactly is the weak link.
To avoid these situations, you should have a strict internal policy related to your social media accounts and allow only a few members to update and manage your company’s accounts. These dedicated social media managers should be trained extensively on these security issues and must take every precaution to prevent hackers from taking advantage of loose settings and embed malware from weak spots.
4. Hackers can hijack your account
Your confidential data and IT systems are not the only targets of cyber attacks. By using a normal username to stalk your social activities, hackers can block you from logging into your own accounts.
Take a look at #HBOhacked. The hashtag was created and widely spread by “OurMine”, a group of hackers that had compromised HBO's and its most famous show Game of Thrones' (GOT) Twitter accounts in August 2017. The group blackmailed HBO and threatened to leak the script of the upcoming last episode of GOT season 7. The group demanded about 12- 15 millions of dollars from HBO to return the accounts.
OurMine contacted HBO via Twitter post. The post was deleted after HBO regained control of their account, but the screenshots taken by other users spread on social media.
While there were HBO supporters who were against the illegal release of GOT's seventh episode...
Some of the others expressed their excitement about the leak.
Although there were counter-actions from HBO, they still had to spend enormous amount of resources to gain back the control of their accounts from the hackers. They also needed to prepare for the risk of losing profit when the episode was officially broadcasted.
Any high-profile brand on social media must always be alert, prepare a communication plan to minimize the damage to their brand, and put aside an emergency budget to cover possible financial loss.
5. Ordinary social media users can vigorously attack your brand
Another type of cyber attack can appear in the form of your brand being confronted by a tsunami of heavy harangues and criticisms from ordinary users. These people form groups or get represented by credible publishers to amplify their voice and make you hear their opinions.
Some of these groups embrace a specific belief that motivates the members to protest against your business. For instance, L'Oreal's cosmetic products are the primary targets of anti-animal testing activists and animal lovers. These groups, such as PETA or All Animals Rights, actively post images and videos to prove the brutality of animal testing method to catch the public’s attention, urging people to stay away from L'Oreal products.
L'oreal is a horrible company that funds animal testing, and tortures hundreds of thousands of innocent animals. Shame on them! #govegan #StopAnimalTests #StopAnimalCruelty . This company must be stopped! #lorealiscruel— Ariana Soroudi (@ariangel456) January 19, 2018
By listening to the trends related to your brand on social media, you can identify the negative topics in the mass conversations and evaluate its credibility in a timely fashion. If the public accusations reflect real problems that your business needs to solve, you should quickly take proper actions. In this L'Oreal case, they have introduced alternative testing methods as their immediate response to the protesters.
There will always be “haters” of your brand, whatever you do. Put those aside and instead focus on nurturing your target audience base and measure the change in their sentiment towards you brand on a regular basis.
In a nutshell
Social media platforms definitely contribute to increasing your brand awareness, traffic to your website, and ultimately sales revenue. But your social media team must be aware of various threats that exist, instead of relying only on company's IT security team.
- Raise awareness within your employees and social media marketing team about the potential risks from messages, images, and videos
- Limit access to social accounts
- Be prepared for a sudden attack
- Listen and track related social conversations