7 Social Media Security Best Practices

 
 
Social media is an often overlooked area when it comes to information security. Because social is sometimes treated like a personal communication tool rather than a business platform, risk monitoring & governance, employee security awareness and corporate security policies are rarely in place. But social is undeniably a business system, one that we use daily to communicate with our customers, grow our revenues and engage our employees. In fact, organizations spend on average almost 25% of their entire marketing budget on social.
 
Fixing the neglect for social media security is a bit more tricky than simply realizing it exists, because unlike traditional business platforms (think email), the enterprise doesn’t control the data or the access. Organizations need to take a different approach. They need to build employee awareness and social media security best practices around the dangers of targeted attacks and cybercrime on social media. They need to expand their phish testing to social media. They need to implement real-time external risk monitoring capabilities to identify when a targeted attack is happening. Most of all, they need to be able to remediate risk. 
 
Social media represents the largest modern threat vector: it’s got more connectivity (billions of people), it’s more trusted (everyone is your friend) and it’s less visibility (simply by it’s nature) than any other communication or business platform. Security teams need to join their sales, marketing and customer success groups in the digital era, follow social media security best practices and implement risk monitoring & remediation technology around social media to secure their organization’s future.
Social Media Security Best Practices (for everyone):

Check if you have been compromised already. Check haveibeenpwned.com which has an easy search function to see if your email address has been leaked from some of the biggest hacks to date. While this site does not cover every leak, it should give you some insight into just how big of a risk cybersecurity is to our ever-connected society. If you do not show up on this site now, be wary that the next breach could have already happened, and you don’t even know about it yet. 

Enable multi-factor authentication. This should be standard security practice for everyone online today. Multi-factor authentication forces anyone logging into an account to supply a code sent to an external device or use other 3rd party software. 

Avoid password reuse at all cost. We know it can be difficult nowadays, when everyone has several dozen logins, to generate and remember unique, robust passwords. We suggest a password manager, which can automatically generate and store passwords, such as the popular Dashlane and LastPass products. 

Update your security settings on all digital and social channel regularly. There are lots of good step-by-step privacy guides online to help get your settings secure. 

Curate your connections. Cleaning out “friends,” followers, connections and more can take some serious time. While having the most connections may have seem like a popularity contest, it is also a huge liability to both your personal and professional life. The more connections you have, the more potential ways for a fraudulent or compromised account to send you a malicious link. Not everyone is as aware as you are, and friends may share things they don’t realize are malicious. Remember that while these networks are social in nature, that does not mean that they are particularly safe. 

Monitor social media and digital channels for business and security risks. Continuously watch for phishing links, fraudulent accounts, scams and more. Invest in a digital risk monitoring solution like ZeroFOX to do this automatically and at scale and help you remediate malicious content.

Most of all, take social media security seriously. Learn to protect yourself and, more importantly, your business. Although the least impactful of social attacks, account takeovers, are often relatively harmless vandalism and trolling, imagine if a cybercriminal blasted your [enter number of followers] followers with a fake coupon (“2016/7 season tickets half-off for the next 30 minutes! #discount #football”) appended with the latest and greatest malware. Imagine the cataclysmic fallout of a cybercrime at the scale and speed of social media. 

Stay vigilant! Humans are simultaneously the weakest security link and the strongest defense. Whenever you’re online, remember that bad things can happen. Everyone should analyze accounts, links and direct messages with a careful, skeptical eye. When in doubt, don’t click

Comments

Post a Comment

Popular posts from this blog

تحميل اصدارات برنامج njRAT لاختراق الاجهزة 2017

Image
تحميل   اصدارات برنامج  njRAT  لاختراق الاجهزة  2017 ---------------------------------------------------------------------------------------------- السلام عليكم ورحمة الله تعالى وبركاته تحميل جميع اصدارات برنامج  njRAT  الشهير لاختراق الاجهزة مع تشفيرة متواضعة  لستب njRAT 5 نتيجة فحص تشفيرة الستب http://pscan.xyz/results.php?id=VbGXRoAJjWiEeSHH الان ناتي الى التحميل njRAT_v0.3.5 للتحميل https://up.top4top.net/downloadf-483nr2oz4-rar.html njRAT_v0.4.1 https://up.top4top.net/downloadf-483nhv6j2-rar.html njRAT_v0.5.0 للتحميل https://up.top4top.net/downloadf-483nihol1-rar.html njRAT-v0.6.4 للتحميل https://up.top4top.net/downloadf-483dr2zk1-rar.html njRAT-v0.7d
Read more

Cybersecurity in 2018: Three predictions and one hope

Image
Effective cybersecurity means keeping a close eye on the threats you currently face, and an even closer eye on the threats to come. As you consider your security strategy and investments for the coming year, here are three key trends that will define the threat landscape in 2018, and one hope for a more effective approach to protection.  Risk will continue to shift from infrastructure to the application layer As web apps have evolved from basic information and ecommerce functionality to full-fledged online services, their code and customer data have made them an increasingly appealing target for hackers. Not only are they accessible via the open Internet—they’re also woefully underprotected, with the application layer drawing only 3 percent of the typical security budget at a time when it accounts for 30 percent of successful breaches, according to Verizon. While an incident of the magnitude of the Equifax breach can hardly be said to have a silver lining, at
Read more

Which phishing messages have a near 100% click rate?

Image
Training employees to spot phishing emails, messages and phone calls can’t be done just once or once a year if the organization wants to see click rates decrease. For one thing, employees come and go (and change roles) with regularity. Secondly, threats change over time. Thirdly, knowledge and practices that aren’t regularly reinforced will be lost. And, finally, awareness isn’t the same as knowledge. “Just knowing a threat exists isn’t the same as knowing how to recognize and respond to a threat when it presents itself. In-depth education about phishing prevention is needed to create lasting behavior change,” Wombat Security researchers point out. The statistics included in the company’s latest annual State of the Phish report show the difference made by both the tools used to train end users to recognize and avoid phishing attacks and how often they are used. In the US, most organizations use computer-based online security awareness training and simulated
Read more