AdobeStock_313058993.jpeg

SOCIAL MEDIA

Social media has become a huge part of everyday life. As social media use becomes ever more prevalent for organisations seeking to engage with new and existing customers and for individuals as a private form of entertainment, the risk of revealing confidential or potentially harmful information increases.

 

SOCIAL MEDIA THREATS:

The more information available online, about an individual, the easier it is to use social engineering techniques to circumvent cyber defenses. Criminals will research their target, Social Media platforms are a goldmine of information for cybercriminals.

 

One FTSE 1000 Chief Executive posted about his charity endurance event and criminals used this to socially engineer the redirection of $18 million dollars, whilst he was uncontactable.

Families returning home from a holiday discover they have been burgled and then suffer the double blow of a reduced or rejected insurance claim, as insurers accuse them of negligence by advertising their absence.

This article will look at privacy, top tips to protect yourself, your organisation and what you post. For example, restricting who can see your posts and your friends list will minimise the potential risks.

 

PRIVACY SETTINGS :

Each social media platform has different levels of privacy and different methods to implement them. Below are links to the most popular platforms and privacy settings.

For organisations, posts that are inappropriate can cause embarrassment and, at worst, cause serious reputational damage.

  • Misinterpreted posts can result in spreading of misinformation or fake news.

  • Staff members that have grudges can leave damaging comments.

  • Posting incomplete or rushed messages.

  • A compromised account can be used for malicious purposes.

 

These risks all have key underlying principles.

  • Only allowing authorised staff to publish content.

  • Ensure all content is accurate and up-to-date.

  • Ensure a quality assurance policy for each post.

Even if these principles are followed, social media remains a highly charged, fast moving medium, so there will always be the risk of an authorised member of staff publishing their personal views or reactions. It is important to have an emergency recovery plan in place and ensure that staff, managing social media, are aware of it.​

SOCIAL MEDIA FOR BUSINESS:

When deciding which social media platforms, you would like to use for your organisation always keep cyber security in mind. Things to check for when considering each platform:

  • Does the platform support 2FA for content and account management?

  • Does the platform have account recovery?

  • Does the platform have an incident response mechanism for notification?

  • How does the platform cover legal and regulatory issues (e.g. GDPR)?

  • Do the providers of the platform describe how they protect data?

​​

SOCIAL MEDIA MANAGEMENT TOOLS:

The criteria above should apply to social media management tools. These tools allow for a simplified method of performing tasks such as: scheduling, posting responding, approval and analytics. It is therefore important that these tools have a high level of security as these can link to multiple social media platforms.

REVIEW CONTENT BEFORE POSTING: 

As posts can be published at any time by any authorised member of staff, it is important to ensure checks and processes are put in place to reduce the impact of any potential issue that could arise. Below are a few key things to implement where possible:

  • Formalise the publishing workflow, so the required checks are made.

  • Regular Quality Assurance checks.

  • The ability to remove posts or have a pre-approval phase.

  • Delay the post from being published to allow time for alterations.

In addition ensure that publishing staff are all well trained on media impact and be mindful of personal circumstances that might put additional stress on staff.

MANAGING LEAVERS AND MOVERS:

Fully document who has access to social media accounts so that it is quick and easy to revoke access. This can be done by either changing the password to the account (if the account uses a shared password), removing a user access or restricting abilities within the platforms.

TOP TIPS:

  • Protect your accounts by using a strong and separate password

  • Enable privacy settings within Social Media

  • Install the latest software and app updates

  • Turn on two-factor authentication

  • Never share your authentication codes with anyone

See something not quite right? Email: EMSOUCyberProtect@leicestershire.pnn.police.uk