This will not only protect your from security threats, but bad PR or legal trouble as well. For more details, check out our step-by-step guide to creating a social media policy , including loads of examples from different industries. While your policy should be easy to understand, training will give employees the chance to engage, ask questions, and get a sense of how important it is to follow. These training sessions are also an opportunity to review the latest threats on social, and talk about whether there are any sections of the policy that need updating.
Social media training also equips your team to use the tools effectively.
8 Social Media Security Tips to Mitigate Risks
While you may be focused on threats coming from outside your organization, PriceWaterhouseCoopers found employees are more likely to cause cyber security incidents than are hackers. Limiting access to your social accounts is the best way to keep them secure. You may have whole teams of people working on social media messaging, post creation, or customer service. The first line of defense is to limit the number of people who can post on your accounts.
Seven Deadliest Unified Communications Attacks: Books
Think carefully about who needs posting ability and why. This way, they never need to know the individual login information for any social network account. If the person leaves your company, you can disable their account without having to change all the social networks passwords. Z-Burger recently faced a major crisis after a marketing contractor used a photo of a slain journalist in an extremely inappropriate Twitter post. No one at Z-Burger saw the tweet before it was posted, since they had given the contractor the ability to publish directly to their account.
The owner of Z-Burger was horrified when he saw the tweet and took action to delete the offensive post right away. But if he had set up an approval system, he or his staff would have reviewed the tweet before it was published. And the crisis would have been averted. But leave that last button press to a trusted person on your team. Designating a key person as the eyes and ears of your social presence can go a long way towards mitigating risks. This person should also be a key player in the development of your social media marketing strategy.
This person will likely be a senior person on your marketing team. This person is also who team members should turn to if they ever make a mistake on social that might expose the company to risk of any kind—from security to a damaged reputation. This way the company can initiate the appropriate response. As mentioned at the start, unattended social accounts are ripe for hacking.
Assign someone to check that all of the posts on your accounts are legitimate. Cross-referencing your posts against your content calendar is a great place to start. Follow up on anything unexpected. It may be simple human error.
Or, it may be a sign that someone has gained access to your accounts and is testing the water before posting something more malicious. You also need to watch for imposter accounts, inappropriate mentions of your brand by employees or anyone else associated with the company , and negative conversations about your brand.
8 social media security tips and best practices
You can learn how to monitor all the conversations and accounts relevant to your brand in our complete guide to social media listening. Solutions like ZeroFOX will automatically alert you of security risks. When you integrate ZeroFOX with your Hootsuite dashboard, it will alert you to dangerous, threatening, or offensive content targeting your brand; malicious links posted on your social accounts; scams targeting your business and customers; and fraudulent accounts impersonating your brand.
It also helps protect against hacking and phishing attacks. Social media security threats are constantly changing. Hackers are always coming up with new strategies, and new scams and viruses can emerge at any time. Scheduling regular audits of your social media security measures will help keep you ahead of the bad actors. Use Hootsuite to manage all your social media accounts safely and securely in one place. Mitigate risks and stay compliant with our best-in-class security features, apps, and integrations. Get Started.
Deadly suicide attack targets Kabul police station
Christina Newberry is an award-winning writer and editor whose greatest passions include food, travel, urban gardening, and the Oxford comma—not necessarily in that order. Cybercrooks are apparently now even using phishing to try to trick folks into giving up two-factor authentication codes designed to protect accounts from unauthorized access. Turning to hardware-based authentication — either via dedicated physical security keys like Google's Titan or Yubico's YubiKeys or via Google's on-device security key option for Android phones — is widely regarded as the most effective way to increase security and decrease the odds of a phishing-based takeover.
A mobile device is only as secure as the network through which it transmits data. In an era where we're all constantly connecting to public Wi-Fi networks, that means our info often isn't as secure as we might assume. Just how significant of a concern is this? According to research by Wandera, corporate mobile devices use Wi-Fi almost three times as much as they use cellular data. McAfee, meanwhile, says network spoofing has increased "dramatically" as of late, and yet less than half of people bother to secure their connection while traveling and relying on public networks.
Selecting the right enterprise-class VPN, however, isn't so easy. As with most security-related considerations, a tradeoff is almost always required. An effective VPN should know to activate only when absolutely necessary, he says, and not when a user is accessing something like a news site or working within an app that's known to be secure. Smartphones, tablets and smaller connected devices — commonly known as the Internet of Things IoT — pose a new risk to enterprise security in that unlike traditional work devices, they generally don't come with guarantees of timely and ongoing software updates.
This is true particularly on the Android front, where the vast majority of manufacturers are embarrassingly ineffective at keeping their products up to date — both with operating system OS updates and with the smaller monthly security patches between them — as well as with IoT devices, many of which aren't even designed to get updates in the first place.
Increased likelihood of attack aside, an extensive use of mobile platforms elevates the overall cost of a data breach, according to Ponemon, and an abundance of work-connected IoT products only causes that figure to climb further. Again, a strong policy goes a long way. There are Android devices that do receive timely and reliable ongoing updates. Until the IoT landscape becomes less of a wild west , it falls upon a company to create its own security net around them. A relatively new addition to the list of relevant mobile threats, cryptojacking is a type of attack where someone uses a device to mine for cryptocurrency without the owner's knowledge.
If all that sounds like a lot of technical mumbo-jumbo, just know this: The cryptomining process uses your company's devices for someone else's gain. It leans heavily on your technology to do it — which means affected phones will probably experience poor battery life and could even suffer from damage due to overheating components. While cryptojacking originated on the desktop, it saw a surge on mobile from late through the early part of Since then, things have cooled off somewhat, especially in the mobile domain — a move aided largely by the banning of cryptocurrency mining apps from both Apple's iOS App Store and the Android-associated Google Play Store in June and July, respectively.
Still, security firms note that attacks continue to see some level of success via mobile websites or even just rogue ads on mobile websites and through apps downloaded from unofficial third-party markets. Analysts have also noted the possibility of cryptojacking via internet-connected set-top boxes, which some businesses may use for streaming and video casting.
According to security firm Rapid7, hackers have found a way to take advantage of an apparent loophole that makes the Android Debug Bridge — a command-line tool intended only for developer use — accessible and ripe for abuse on such products. Here are the latest Insider stories. More Insider Sign Out. Sign In Register.
Sign Out Sign In Register. Latest Insider. Check out the latest Insider stories here. More from the IDG Network. The more realistic mobile security hazards lie in some easily overlooked areas, all of which are only expected to become more pressing as we make our way through 1.