Since 2010, campaigns propagating the importance of cyber security and awareness have been rolled out by various governmental and non-governmental organisations. Today, information security is a key aspect in virtually every government and corporation, with mandatory cyber security awareness training for employees in many firms.
While this has been adequately managed in institutions, cyber awareness and security on social media platforms remains weak. Even if organisations regulate social media use in the workplace, it has been found that 77% of the employees use social media while on the job, regardless of whether a social media policy has been put in place. With social media reaching a 31% global penetration in 2016, social media is set to be increasingly relevant in the coming years.
As more potential clients get on the social media realm, it becomes increasingly crucial for organisations to protect their social media identity from cyber intrusions. A brand can make or break a business. Safeguarding your organisation's brand image on social media helps build business reputation and customer trust. Just imagine the reputational (and monetary) losses that your company can suffer if the company's Facebook page gets hacked and defaced!
Hence, we need to know how to mitigate risks on social media. Here are some steps you can take to prevent cyber crime in social media.
According to experts, many cyber security attacks can be safely avoided with sufficient awareness of social media security through media campaigns. Proper cyber security precaution can prevent approximately 80% of cyber crime according to a senior National Security Agency official (GNC).
Public awareness is a broad concept that consists of (i) imbuing basic security sense for social media users, (ii) adopting pre-emptive measures for users to avoid social engineering, and (iii) setting up stronger security access where possible.
Basic security sense is about educating users on the types of information they should or should not share on social media sites. Users frequently post personal details such as their National Registration Identity Card (NRIC) and home address in online contests on social media sites. This information has consequential impacts because criminals can leverage on users' personal details to carry out social engineering and hacking.
This is one of the most important precautionary measures against social media hacking. The ability to discern the forms of information to share, and the methods and platforms to share them, definitely reduces the likelihood of cyber security attacks through social media.
Strategies to prevent social engineering include actively increasing a user's privacy setting on social media. For instance, you can limit the audience of your Facebook posts and account details to only your friends, instead of letting such information accessible by the public. Increasing privacy settings on social media accounts would help secure users' confidential information such as their passwords, bank information or answers to account recovery questions.
Cyber criminals tend to employ social engineering tactics because it is easier and faster to manipulate the human nature to trust than to devise complex software to steal information. These tactics are made possible because of the lack of awareness over one's own privacy settings on social media accounts. Actively securing your privacy online would give criminals less opportunities to use your public information in social engineering scams.
Security services providers are constantly innovating security processes to ensure that only users have access to their information. Two-factor authentication (2FA) is one highly successful security device that adds a layer of security over login processes and is employed by banks and governments. Certain social media accounts include 2FA but make it optional for users to reduce the additional impediment. The 2FA requires extra information or a physical device to log in, on top of users' passwords. This extra information verifies that it is the legitimate user who is attempting to log in to the account he or she owns.
Most employees use social media in the workplace, regardless of whether the organisation has a social media policy in place. In today's digital era, rather than blocking social media usage, organisations can consider how to effectively ensure that employees are using social media safely.
For a start, executives should gather departments that use social media heavily in their work. These may include Marketing, Customer Services, IT and Human Resources, all of which perform different functions and thus, have differing perspectives on using social media. Executives should centralise decision-making power and develop a cohesive social media strategy that aligns with the corporate interests of the organisation. Instead of imposing one-size-fits-all and restrictive policies, executives can establish dynamic policies that educate and empower employees to navigate the social media realm safely, enabling the organisation to mitigate risks on social media more effectively.
As corporate processes grow increasingly dependent on social media, it calls for a need for IT departments to come up with crisis management strategies specifically for social media and periodically hold informative sessions and drills for employees in all departments. These strategies help to outline the Standard Operating Procedure when something goes awry on social media. Part of this strategy includes appointing IT professionals to update the privacy and security settings of corporate social media accounts regularly.
Firms that are considering social media platforms for their various purposes should clearly delineate the aims and strategy. It is important that departments that use social media extensively should be rigorously trained in using social media, with adequate knowledge of the risks involved.
Separation of accounts is one way organisations can mitigate their susceptibility to social media security breaches. Though it is useful to have a single corporate account on social media for public recognition purposes, using separate accounts for different campaigns and events may be safer instead. This is because sharing of an account with many members within the organisation increases the risk of losing the password to an intruder. This risk is heightened when employees access the account on their personal mobile devices. Separate accounts reduce this risk and make it possible for employees and departments to be directly accountable for their respective social media accounts.
The passwords of these accounts must be adequately strong, consisting of alphabets, numerical and symbols and minimally 6 characters long. In addition, it should be compulsory to have employees update their passwords periodically. One way this can be done is to implement password expiration.
It is without a doubt that social media has enriched our lives and provided a great source of pleasure and entertainment. Most are uninterested in the risks brought about by such a convenient and enjoyable platform. However, to continue to use social media platforms safely, users must assume ownership and responsibility over the safety of their information, instead of taking cyber security for granted.
While social media sites can provide functions for users to increase their privacy and security, users must take initiative to use these functions to prevent unauthorised access and retain data sovereignty. Ultimately, it is important to note that the above existing measures merely help to mitigate security risk in social media. In the virtual environment, cyber security is constantly being threatened by new advancements in cyber warfare. Even though cyber security can only be constantly maximised, it is nevertheless our best line of defence and stability in this highly unpredictable cyber world.