Social media has become an integral part of peoples’ lives, as it is a primary channel through which we get information and interact with others. The pandemic has only exasperated this as isolation pushed people to lean even more on social media platforms as their primary connection to the rest of the world. This has resulted in the amount of information people are sharing to skyrocket.
With Social Media Day upon us, as we give thanks for all the benefits these platforms give us, we wanted to share some best practices for using social media platforms securely.
Think before you share
What is posted on social media is not necessarily only seen by the friends and family with whom you are directly connected. Depending on your account settings, what you post could be seen by anyone and everyone. And this isn’t limited to what you post, but also what posts or photos you are tagged in, groups you are part of or interests you follow.
Cybercriminals frequently leverage publicly accessible social media information to tailor their attacks. The process, which is one aspect of Open Source Intelligence (OSINT), allows them to target specific individuals for an attack, or profile broad groups of people to attack.
You may be thinking, “I’m not interesting, so that wouldn’t happen to me.” But that is not a safe way to think about social media security.
Any employee can be targeted as a point of entry for a corporate level attack. Your profile tells a lot about you and might inspire a targeted phishing email or vishing call or text that results in a corporate network compromise.
Common social media sharing mishaps include:
Practice good account hygiene
As security professionals, we know securing accounts starts with a strong password. However, with password cracking software continuously evolving, what we considered a strong password before may not be enough anymore to keep us secure.
Passphrases are much stronger than passwords – the more complex and unusual, the harder it will be to crack. These involve a sentence that contains a mix of letters, numbers, and special characters. If you are wondering how in the world you will remember all these different passphrases, consider using a secure password manager.
It is also important to be careful which emails you are linking to your social media. Organizations should put in place a policy that prohibits the use of corporate emails with social media accounts. This will help mitigate the risk of attackers gaining access to corporate networks through compromised social media account credentials. It is best to use a unique email specifically for social media accounts, limiting the valuable information available to an attacker should your account be compromised.
Some additional best practices to follow are:
Keep corporate accounts secure
Most organizations today have multiple corporate social media accounts, as this is a direct connection to communicating with consumers. A Least-Privileged Administrative model, which is commonly used in IT teams, can be applied to social media access and used to increase security. Employees that have direct access to social media accounts through the native application should be minimized.
Organizations can also use a social media management platform to further limit their users’ privileges to exactly what they need to complete their responsibilities and nothing more. This access model will help control the posts that are published, ensuring quality, and avoiding deliberate sabotage – a win-win.
Beware of Cyberpropaganda
Social media feeds are filled with a plethora of fake news and misinformation. Cyberpropaganda has existed for a long-time, and social media platforms are perfect for this type of nefarious activity. Misinformation sharing on social channels has even become a service offered in the underground or gray marketplaces. It is important to remember this when browsing on social feeds and check the sources of links carefully before clicking or sharing.
To ensure you are not a victim, or a part of the problem by sharing fake news, you should be vigilant about what you click and share. Here are some ways to verify a post is real:
When browsing through social media feeds, you could use a mindset similar to the concept of Zero Trust. This means that you do not inherently trust anything, even if it is posted by a trusted person. Start from a place of Zero Trust and verify before deciding to trust a post. You never know if your friend or another organization may have been tricked and shared fake news, or their account may have been compromised.
Staying safe on audio-only apps
A recent trend has been the social media apps that are audio-only, like ClubHouse, and recently launched Greenroom by Spotify. And like the rest of social media platforms, it is subject to malicious activity as well. Here are some security best practices to use when on these platforms:
Social media is a double-edged sword. It has been a lifeline during a very difficult time, allowing us to find another way to communicate, when the traditional, in-person method was unsafe. It allowed us to connect with loved ones and delivered critical information in a very uncertain time. However, cybercriminals abuse it, and will continue to do so, as it is full of valuable data they can steal and is an easy platform for them carry out malicious plots. By using best practices, we can stay safe and reap the benefits that social media offers.