Reputational Damage & The Human Factor In Social Media

Uploaded on 2018-10-03 in TECHNOLOGY-Key Areas-Social Media, NEWS-Cybersecurity News, FREE TO VIEW

Experts agree: The greatest cybersecurity risk modern businesses currently face comes from people, not from a lack of firewalls or security policies. 

In one survey, 77% of respondents indicate that despite training and corporate policy, mistakes by employees remain the most likely source of a cyber-security attack. Your employees need help recognising the warning signs and understanding how to protect themselves online.

This risk is especially apparent on social media, where brand reputation and personal relationships play a strong role in the level of trust users place in shared content.

Not All Forms of Engagement Are Equal
Inherently, social media is about engagement, and liking, sharing, and commenting are typically among the primary features offered by social networks. Actions like these are baked into the very fabric of the networks themselves through features designed to drive users to engage with media through notification, suggestion, and promotion of various kinds.
With a push toward engagement comes an inherent level of trust that content posted by colleagues or other trusted organisations and communities is truthful and safe to view or engage with. 

For years now, we've educated employees about the dangers of scams, phishing attempts, and malicious content delivered via email (e.g., "Don't click that link!"), but when it comes to social media, organizations struggle to effectively deliver the same message.For instance, your employees may assume at times that they are engaging with customers in need of assistance or prospects who are requesting information when in reality, bad actors often use fake accounts to target your staff on platforms such as Twitter, LinkedIn, and Facebook. 

Without proper training and tooling to secure social media accounts and identify these risks, users often fall prey to a host of issues that threaten not only themselves but their employers as well.

Whether via account takeover attempts, personal and corporate data leaks, cybercrime, or malware delivery, social media risks pose a material threat to organisations, and your employees need help recognizing the warning signs and understanding how to protect themselves online.

Your (Un)intentional Brand Ambassador
Although social media engagement is an explicit aspect of some employees' job responsibilities, most organisations will find that, whether intentional or not, a larger swath of employees represents their brands online. 
With no more than a quick Google or LinkedIn search, employees can be traced back to your organisation, and employees’ shared content and personal views have the potential to reflect poorly on your brand when in conflict with your organisation’s core values and principles.

In recent years, you may have even noticed an increase in proclamations and account descriptions containing phrases like "views are my own" or "retweets are not endorsements." While such statements may seem like a solution to the issue of separating corporate and personal personas, public perception will inevitably continue to associate your employees and their (potentially controversial) viewpoints with your brand. 

This is especially true for high-level executives; and, while we may like to think that corporate executives have the ability to understand that personal expression and corporate attribution are easily entangled, history has repeatedly proven otherwise.

Regardless, employees of all types should be cognisant of the impression they make on social media and its influence on corporate perception.

Beyond employee-driven risks lie additional dangers. Bad actors often target employees on social media as a first attempt to access your organization at large. Imposters have disguised themselves as customers, executives, prospects, and colleagues to encourage employees to click malicious links and share confidential information. 

This can be detrimental to your overarching brand, particularly if it leads to a breach or account takeover. In the past, we've seen this result in the termination of business contracts, levying of fines, and other immeasurable impacts to trust, opportunities, and revenue.

Protection vs. Privacy
A simple mistake on social media can leave a lasting impression; however, when it comes to protecting employees, employers often cite privacy concerns. Trading privacy for security is a classic tussle and undesirable compromise, and it’s relatively safe to assume that most employees are uncomfortable with the notion that their employer may be monitoring their personal social media activity. 

This "Big Brother" concern often leads to inaction on the part of an employer, causing an unnecessary level of risk on the books. To combat this issue, it's important to empower employees to take social media protection into their own hands — without compromising privacy.

Put Your Employees in the Driver's Seat
As participants in social media, your employees' actions online shape and contribute to the perception and messaging of your brands and organization. 
Despite the blurring of lines that exist between professional and personal accountability, you have the ability to empower your staff to make smart decisions on social media and help protect all parties involved. Here are a few tips for getting started:

● Assemble a Social Media Task Force: Loop in marketing and information security teams to assess and prioritise risks, establish a set of processes and policies, and decide on roles and responsibilities.
● Train Relevant Staff: A critical component of a social media protection program is training relevant staff on policies defined by the task force. When you train employees on internal policies, also include general education topics around social media protection, security, and privacy. 
At the very least, ensure employees are comfortable with two-factor authentication, identifying malicious posts, and recognising when credentials have been leaked.
● Watch for Trends and Update Policies & Processes Accordingly: Assign someone to stay abreast on social media topics, including emerging threats, evolving threat vectors, and changes in policies and regulations (these should be rapidly incorporated into existing policies and procedures).

By taking these steps, organisations can reduce risk and bolster corporate confidence while simultaneously keeping your employees safe and in control of their own social media. 

Dark Reading:      Image: Nick Youngson

You Might Also Read:

Cyber Know How For Management In The Digital Age: (£)

Social Media & Crisis Management:
 

« The Image Of Julian Assange Grows Darker
Organisations Are Identifying Cyber Threats More Effectively »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Graphus

Graphus

Graphus provides a simple, powerful, automated solution that eliminates 99% of social engineering and spear phishing attacks against G Suite business Gmail users.

VU Security

VU Security

VU is a specialist in Cybersecurity software development with a focus on the prevention of fraud and identity theft.

SQN Banking Systems

SQN Banking Systems

SQN Banking Systems fraud detection software products are a critical step towards overcoming the growing problem of fraud across the various payment channels.

SOOHO

SOOHO

SOOHO helps to detect security vulnerabilities earlier. Our blockchain security platform audits from smart contracts to on-chain transactions.

In-Sec-M

In-Sec-M

In-Sec-M is a non-profit organization that brings together companies, learning and research institutions, and government actors to increase competitiveness of the Canadian cybersecurity industry.

Get Indemnity

Get Indemnity

Get Indemnity are specialist insurance brokers with experience working on a wide range of innovative business insurance products that combine risk management, indemnity and incident response services.

Action1

Action1

Action1 is a Cloud-based lightweight endpoint security platform that discovers all of your endpoints in seconds and allows you to retrieve live security information from the entire network.

BlackFog

BlackFog

BlackFog is a leader in device data privacy, data security and ransomware prevention. Our behavioral analysis and anti data exfiltration technology stops hackers before they even get started.

Presidio Identity

Presidio Identity

Presidio Identity offers a digital-native approach that brings security, privacy, and simplicity to user authentication and digital interactions.

Astrix Security

Astrix Security

Astrix enables security teams to instantly see through the fog of connects and detect redundant, misconfigured and malicious third-party exposure to their critical systems.

Votiro

Votiro

Votiro is an award-winning cybersecurity company that specializes in file sanitization, ensuring every organization is safe from zero-day and undisclosed attacks.

VinCSS

VinCSS

VinCSS Internet Security Services JSC is a leading organization working in the field of researching, developing, producing products as well as providing cyber security services.

Helix Security Services

Helix Security Services

Helix Security provides IT & information security consultancy to government and businesses across New Zealand.

Securin

Securin

Securin offers a comprehensive portfolio of solutions including Attack Surface Management, Vulnerability Intelligence, Penetration Testing, and Vulnerability Management.

Technoware Solutions

Technoware Solutions

Technoware Solutions is a global company committed to helping entities navigate the digital waters of modernizing their system processes in an ever changing cybersecurity landscape.

Advanced IT

Advanced IT

Reliable managed IT Security & support services that will help you take your business operations to the next level without breaking the bank!