Cyber Protection: Social Media

By Nia Meadows, Cybersecurity Analyst

Social media is obviously quite popular as it helps people feel more connected plus it’s a great medium for information sharing and presenting new ideas to the world. Social media doesn’t just apply to our personal lives, but organizations as well. Organizations need to stay relevant or recognized and will incorporate social media for communications, promotions, events etc. Organizations need to understand the issues of having social media access within a company. Social media is also a powerful tool that can build or destroy the organization’s reputation. It is fairly easy to fall victim to damaging methods such as these mentioned by Security Week:

  • Fake Offers – which often requires the user to share credentials;
  • Likejacking – whereby fake “Like” buttons install malware to ultimately gain access to the user’s computer;
  • Fake Plug-ins – tricking users to download fake browser extensions, which can pose as legitimate extensions, but in reality steal sensitive information from the infected machine; and
  • Fake Apps – tricking users to install a supplemental application that appears to be integrated for use with a social network, but is used to steal access credentials

To address social media risks, there are a number of steps organizations can take, including:

1. User Awareness Training
It is important to expand or create user security awareness training programs to address different methods of social engineering. Users should be taught to be cautious of social media requests from unknown individuals and provided with safety guidelines on how to use social networks in their work environment. Users should also have access to an individual in the organization that can assist if a user accidently clicked something suspicious. Organizations should conduct training on a regular basis and provide an attendance record or sheet on who attended the training.

2. Create a Social Media Policy
It is imperative for an organization to create a social media policy. Also from Security Week: “A social media policy can be a first line of defense to mitigate risk for both the organization and the employee. While many organizations may already have a confidentiality agreement in place, it might not be enough in the context of social media threats. Adding a few lines in the employee handbook to clarify that the confidentiality agreement covers employee interactions on social media sites and cross-reference to the security awareness training program might suffice. It is preferable, however, to create a separate social media policy that is accessible to employees so they are aware of its existence”.

3. Recognizing Social Media as a Possible Threat
In a risk assessment, it is important to recognize any possible threats and vulnerabilities that are present or can impact an organization. For social media, the topic can be identified as a risk to an organization which can map out potential threats and vulnerabilities such as lack of user awareness and training, limitations for access, etc. Social Media phishing is a very real threat and is often used as a means to gain unauthorized access to an organization’s intellectual capital, finances and HR data. Ensure all employees are aware that they can be a target of such an attack and help them understand how to avoid it.

About Sera-Brynn

Sera-Brynn is a leading cybersecurity audit and advisory firm. The Virginia-based company offers threat management, compliance and risk assessment, risk control, and incident response services that enable clients to secure their computing environments and meet applicable and mandatory cybersecurity regulatory standards. Founded in 2011 by former members of the U.S. intelligence community, Sera-Brynn is ranked #10 worldwide on the Cybersecurity 500 list.

Media Contact: