Have you secured your business social media accounts?
Cyber attacks can be incredibly disruptive to your business, especially if you rely on using Facebook’s marketplace, Instagram and Twitter to generate revenue over social media.
Whilst media attention about cybercrime often is focused on large organisations with big budgets, it’s important to remember that the vast majority of cybercriminals are indiscriminate – any company that works online, sells online or uses social media is a potential victim.
A recent spate of attacks on businesses via Facebook in the second half of 2022 has seen police issue increased guidance to small businesses and people with 'side hustles' paying for advertising on Facebook. This scam lets hackers access the settings page, enabling them to change spending limits and other controls. It can be difficult to stop this fraud, even after the business has spotted the problem.
What threats does my business face on social media?
In December 2020, Manchester Restaurant, Northern Soul Grilled Cheese, had their Instagram account hacked with the attackers asking for a ransom. The owners lost close to 30,000 followers, with just two weeks before Christmas, the company had to start the page again. It meant reconnecting with their customers and fans, which they had built up over seven years.
“We’ve worked so hard, and I can’t tell you the pain that we have felt in terms of losing our community online… we won’t give in to hackers or bullies.”
Compromised social media accounts are more often on personal accounts and less so on businesses but in the case of Facebook, you often use your account to access your business advertising profile or business page. So you must keep your accounts just as secure with two-factor authentication and strong passwords and review your privacy settings.
In November 2022, we saw an increased threat level raised for Twitter users with the recent takeover by Elon Musk. Computer Weekly reports that a litany of security and compliance issues have been exposed. In many cases, this has been caused by Elon Musk’s takeover of the social media platform.
At the time this blog was published, there had been no major cyber incident or data breach affecting platform users. However, public perception of Musk’s abrupt termination of thousands of Twitter employees is causing the platform to fray at the edges as various technical issues start to mount up.
The emerging favourite to take over from Twitter, Mastodon, also has its security issues, according to Forbes. The decentralized social media platform had numerous vulnerabilities and other security issues; researchers discovered an HTML injection vulnerability that could be used to steal your credentials, it was also found that a hacker could download all the files on a server, including shared photos sent via direct messages.
Learn more about securing your Instagram account by following us; we share a range of daily security tips and guidance.
What are our six top tips to keep your social media account secure?
Two-factor authentication (also known as 2FA, two-step verification or multi-factor authentication) is designed to help stop cybercriminals from accessing your accounts even if they obtain your passwords.
Two-factor authentication (2FA) ensures that any new device trying to log in or make account changes needs a second layer of security before access is given. 2FA includes single-use codes sent via SMS, email, phone, or smartphone application.
Remember to have strong passwords; your first level of protection when securing your online accounts or customer data is a strong password. Whilst complex passwords can be difficult to remember, the National Cyber Security Centre (NCSC) encourages businesses to use three random words, such as HouseForestFlower. This helps you protect against common issues like brute force attacks. This is where an attacker tries many passwords with the hope of guessing them correctly.
A strong password aims not to make it so you won’t remember it, but cybercriminals struggle to crack it. You can include symbols, capital letters and numbers to make it even more secure.
Default passwords must always be changed, and you should change any passwords if you witness any suspicious activity taking place on your account(s). If someone leaves the business, it's recommended that you review the passwords on your social media accounts and consider changing them.
Consider using user roles on your social media accounts; it’s best practice to grant direct access to just a few select employees so your social media accounts can stay secure. This is especially important for using freelancers or external agencies with your social media accounts.
Consider assigning responsibility on a per-network basis - while one staff member takes care of Instagram activity, another can manage Twitter.
With Twitter, you can give different access levels to individuals affiliated with your Twitter handle. Multiple users can be given access to a Media Studio account. Each user can log in with their username and password and will be able to access the Media Studio accounts to which they have been granted access.
Using user roles can reduce the risk of malicious or erroneous mishaps with your accounts by granting access without sharing passwords. When users change their job or leave the organization, their access can easily be modified or removed altogether.
Do you know which devices are signed into your social media accounts?
Regarding basic digital security, you should always know what devices are logged into. We recommend performing a monthly checkup to see which devices can access your accounts.
Secure your social media accounts on mobile devices - use the FaceID feature
To make it easy to log in, many people have settings that require two-factor authentication for social media on mobile devices. Although you may not want to require a password each time you log in, you must have passwords to lock your phone and prevent unauthorized use of social media accounts. Facial recognition and fingerprint scanning are also available to keep accounts secure on mobile devices.
Consider implementing a security policy for social media; this policy should allow employees access only to safe and trustworthy sites. Your policy should also be set up to detect, monitor, and have an action plan if an incident occurs. Businesses should monitor any activity on social media to detect and report threats and take action automatically.
Ensure your policy makes employees wary of clicking on links from unfamiliar followers. For example, shortened links can infect a system with malware and infect computer systems if opened. Employees should use tools that allow them to view the full URL before clicking, as an infected link could harm their devices and the entire company network.