Instagram, Facebook, Twitter, Snapchat – any business worth its salt utilises a smart, well-executed social media strategy to raise its profile and draw in new customers.
But few are aware of the vulnerability of these platforms to hackers. Like wild gazelles grazing on the African plains, we trustingly provide oodles of information to these organisations, oblivious to the hackers waiting in the bushes, ready to pounce.
The Cambridge Analytica scandal illustrated just how vulnerable social media accounts are to exploitation. The fact that 87 million Facebook profiles were scrapped and had their data harvested and perhaps used to influence the Trump presidential election, and maybe even the Brexit vote, shocked the world. It also provided a short, sharp slap in the face of individuals and businesses; let’s face it, we have blithely given away our data for almost a decade. How could it not be subject to exploitation, given the nature of humans to feed on the weakness of others for their own gains?
“Power tends to corrupt,” said Lord Acton, the 19th-century British historian. “Absolute power corrupts absolutely.”
Social media accounts – a hacker’s paradise?
“If its not on social media, it didn’t happen”. This glib saying illustrates how integrated sharing, tweeting and posting has become in our daily life. And make no mistake – social media has allowed businesses to connect with customers in ways undreamed of even a few years ago.
However, social media platforms have major vulnerabilities which can easily be targeted by hackers. In fact, social media has been identified as the number one channel of perceived cyber-security compliance risk. The biggest risk is posed not through the organisation’s use of social media, but its employees.
Facebook – accounts on Facebook are normally targeted through phishing (sending an email or message, purporting to be from a trustworthy entity in order to obtain passwords, bank account information etc). In 2017, 10,000 US government employees were targeted with phishing emails sent by Russian operative. The emails contained a link laced with malware, which enabled the attacker to take over and control the victim’s device.
Twitter – In June 2016, a major hack saw more than 32 million purported Twitter passwords being traded on the dark web. On a lighter note (although perhaps it is not seen that way by the company), a hacker with a sense of humour recently switched Burger King’s icon on Twitter for McDonalds and claimed the former company had been bought out by its bigger rival. However, the social media team quickly got control of the situation and the next day tweeted “Interesting day here at BURGER KING, but we’re back! Welcome to our new followers. Hope you all stick around!” The hack gained Burger King an extra 60,000 followers.
LinkedIn – In 2012, LinkedIn itself was compromised, resulting in the passwords being hacked by Russian cyber-criminals. Critics stated the passwords were vulnerable because the network failed to use ‘salt’ when hashing them, making them easy to unscramble. Salt in cryptography parlance refers to the addition of a unique, random string of characters (known only to the site) to each password before it is hashed. Usually ‘salt’ is placed in front of each password.
How to protect your organisation from social media cyber attacks
When it comes to social media, your organisation’s biggest vulnerability is its employees. All the money spent on tools and countermeasures are wasted if employees are not encouraged to modify their online behaviour.
A culture of online safety needs to be embedded in the company, with all employees being aware of the risks attached to social media and the steps they can take to protect themselves and, consequently, the organisation who they work for.
Creating and implementing a clear, concise social media policy can help protect your organisation from attacks stemming from social media. Your policy should include guidelines on:
- creating a secure password
- effectively monitoring and engaging with followers of your brand
- avoiding spam, phishing attacks, and human error
- avoiding malware and related malicious software (spyware, ransomware, etc.)
- processes and procedures in the event of malware attacks
- engagement on social media following a corporate crisis
- sharing content
It is too easy for organisations to become complacent about the risk social media poses to their cyber-security. As hackers become more sophisticated, they tend to be one-step ahead of social media organisations when it comes to targeting weaknesses in infrastructures. By creating a culture of cyber security awareness, you will be protecting not only your company, but the people who work in it.
Remember, it is not a case of ‘when’ not ‘if’ the next major cyber security breach occurs. Make sure you and your brand can ride out the storm by investing the necessary time and resources into robust security measures.
Lineal is a global leader in providing cyber security advice and support. To find out more about our other services, please call us on +44 (0)20 7940 4799 or email firstname.lastname@example.org.
Do you have any comments to make on this article? Please feel free to add them in the comments section below.