7 Keys to Social Media Security
Tue, 06/03/2014 - 12:09pm | by Jeska
Research fromGrant Thornton indicates 61 percent of companies have no social media fraud management plan, and 41 percent of companies have no social media policy at all. Also, 58 percent of companies haven't trained their employees to identify social media fraud. This lack of training is dangerous because most social networks don't assume liability for fake accounts or attacks.
The Pony botnet stole over 2 million Facebook, Google and Yahoo passwords in late 2013 and then used the passwords to send out malicious links to account holders' connections. A company with a social media account hijacked by Pony could suffer irreparable brand damage. Companies that want to develop the best network security solutions need to start taking social media security seriously and they can make progress quickly by following these seven steps.
Conduct a Full Social Media Audit
As with any risk management plan, a social media audit starts by assessing the current state of the company's social media accounts. An audit enables companies to find fraudulent accounts, to audit user access levels, to lock down employee passwords and to manage third-party application permissions. During the audit, companies should make themselves aware of who has access to different accounts. They can then adjust who is managing different accounts and eliminate unnecessary users and extraneous accounts.
Centralize Social Media Management
Social media by nature can be spontaneous, so complete centralization isn't always possible. For example, the CEO may want to make autonomous posts on her Twitter account, and the marketing department has to accept the CEO's Twitter feed may be beyond its control. Even so, most company accounts should be centralized under a social media management system like HootSuite or SocialFlow. These tools allow people to post to multiple company social media accounts from a single dashboard, and HootSuite uses Google Safebrowsing to ensure no posted links are malicious.
Protect Shared Passwords
In most cases, if more than one person is authorized to post on a social media account, then more than one person knows the password for the account. Choose a tool like LastPass, which saves passwords and enters them without making them visible to the user. IT can send passwords to users through LastPass, for example, and the user can save the passwords without having the opportunity to see them.
Know Your Social Media Malware
The Pony botnet is just one example of social media malware. Koobface, another social media worm, installs on a PC when the user downloads a "Flash update" from a malicious video website. For maximum protection, companies should choose a deep discovery tool that can catch malware based on its characteristics even before the antivirus community identifies it.
Set Up Security Protocols
Again, social media management tools provide great security features. For example, HootSuite uses OAuth 2.0, which lets IT grant social media access to an employee via HootSuite without giving out the password to the company's social network accounts. Also, administrators can designate certain accounts as secure, which would mean users couldn't post to them without entering the password or obtaining administrator permission.
Monitor Account Activity
An astonishing 73 percent of companies either don't monitor their social media accounts or don't know whether anyone is monitoring them, which means the accounts can be easily vandalized by outsiders or misused by an internal employee. Companies need tools that can scour the Web both for new account setups and for suspicious activity, like profile changes, on existing accounts. Additionally, companies need to set up a spam filter to weed out spam comments, which often contain malicious links.
Create a Disaster Plan
Even with strong safeguards in place, companies may post an errant message or inadvertently cause a social media branding disaster on occasion. Companies should create disaster plans for these incidents with a focus on timeliness and personalized responses. To ensure the plan works, companies should rehearse it under realistic conditions.
Many internal network security problems can be swept under the rug, but a social media security breach becomes visible to everyone in the world. Since 95 percent of executives expect social media to play a role in future marketing, they need to invest in solutionsthat will keep social network accounts secure.
Social media buttons image by scanrail from iStockPhoto
Social media hackers image by sdominick from iStockPhoto