How To Recover From a Ransomware Attack
If you’re the victim of a ransomware attack, there are no guarantees that you can recover your stolen data. The best you can do is mitigate the effects of the attack and remove the ransomware from...
Social media managers play a pivotal part in enabling brands to raise awareness and connect with customers online. In that role, they sift through irrelevant and sometimes offensive content to provide prompt support and accurate information on popular platforms like Tik Tok, Twitter, Instagram, LinkedIn and Facebook.
Social media is a common entry point for cybercriminals looking to get inside an organization. However, because social media managers come across spam content constantly, actual threats can catch them off-guard. Their preparedness, based on adherence to best practices, and whether they have a solution for Privileged Access Management (PAM) in place, is critical.
In this blog, we’ll examine why the security of social media accounts is important to overall enterprise security, and the steps that IT and social media teams can take to secure their organization.
The Identity Theft Resource Center, a non-profit organization that helps victims of identity theft, found that social media account takeovers increased by more than 1000% between 2021 and 2022. Over half (51%) of social media account takeovers resulted in the original account managers losing funds or sales revenue as the result of accounts being compromised.
As a platform for companies to communicate about and conduct business, social media sites are an important domain for information technology and security teams to protect their organization’s reputation, revenue and existing customer relationships.
Organizations ranging from local businesses to Fortune 500 companies are at risk. In July 2022, a bad actor breached Anaheim Disney’s Facebook and Instagram accounts and posted hateful content. While Disney later regained control of its account and apologized for the incident, fans, families and park visitors had already seen the posts. Unfortunately, such high-profile attacks are reminders that secure credentials are an organization’s first line of defense.
Part of the vulnerability for companies on social media is inherent to the social media sites themselves. Information disclosure and an open network present ample opportunities for social engineering and phishing attacks. From there, cybercriminals can expand their access to critical systems that contain an organization’s sensitive and valuable data.
Other security challenges on social media sites are common to the ordinary security challenges of being online, but the scale of social media magnifies their impact. In December 2022, Twitter revealed that a bug in an API allowed attackers to scrape more than 200 million user emails over a period of six months. For companies with a dedicated online presence, security challenges with external sites can’t be accounted for, but social media teams should take deliberate action to protect accounts.
One common threat vector on social media is credential stuffing, in which cybercriminals leverage a common set of credentials to exploit multiple accounts at once. With a credential stuffing attack, passwords that have been reused for multiple accounts can put an entire organization at risk of a breach.
Keeper’s US Cybersecurity Census Report found that 30% of organizations leave password habits entirely up to employees. Among survey respondents, 44% said that their organization provides employees guidance for using strong, unique passwords. However, these organizations didn’t have a governance framework in place to ensure they are actually following that guidance. Just 26% of organizations reported providing best practices and a solution for their employees to adhere to it.
Without a solution to monitor user activity, including those who are using passwords already on the dark web, organizations leave the protection of their critical information at the discretion of individual employees.
The risk of taking a laissez-faire approach is significant. An outdoor apparel company, for example, suffered a credential-stuffing attack because of reused login credentials. The breach exposed the personal information of nearly 200,000 customer accounts. With social media accounts as a gateway to the rest of an organization, IT and social media teams should take concrete steps to secure their organization against breaches.
With social media posing a constant challenge to a company’s information security, IT and social media teams should take steps to protect company and employee information. Let’s take a look at some of these tactics below.
Social media managers can limit risks on social adherence with adherence to general best practices for staying safe on social media platforms, including using two-factor authentication (2FA) on accounts and being selective in interactions with other users. Although many organizations have a social media policy in place, the lines between personal and work content for social media managers can blur. A social media policy, defined between management, IT, HR, social media and legal teams, should clarify right and wrong account usage.
Even with guidelines in place, social media managers should be careful about disclosing personal details on their personal social media accounts. Cybercriminals often use clues provided by content that people post to guess easy-to-remember passwords, such as facts having to do with a hobby or place of birth.
IT and social media teams can simplify and strengthen their Identity and Access Management (IAM). An enterprise password manager removes the burden and risk of having to always remember complex credentials from users.
A password manager will instead place passwords and other sensitive information in a secure vault for safekeeping. With Keeper Password Manager, users can automatically generate and autofill strong, complex and random credentials for their social media accounts. Employees don’t have to remember logins to all of their different accounts, while social media accounts can still be secured with strong passwords.
According to a recent survey conducted by Capterra, a B2B software review site, 31% of all marketers reported that they shared management or usage of their company’s social media account. Among social media marketers, especially at larger companies and those with distributed workforces, collaboration on shared accounts requires the sharing of credentials.
Non-secure locations for storing credentials like spreadsheets or word documents, and non-secure means to share credentials like email or text messages, allow bad actors a way to exploit sensitive information. One additional benefit of having an enterprise password manager is enabling secure collaboration on joint accounts through the safe sharing of passwords.
Secure sharing supports social media teams that operate with a distributed workforce, or that have many contributors working on separate devices. Integrated two-factor codes through Keeper are available across multiple devices, including desktop, mobile and from a variety of web browsers. If a new social media manager in a remote location needs to access an account from a new device, the two-factor authentication code will be on their device once they install Keeper.
With best practices for password management built into and enforceable with a solution like Keeper Password Manager, social media managers can safely involve the wider team in posting to social media — without putting credentials at risk.
Social media is one of the most visible ways that companies connect with customers. Breaches, in addition to the severe business and regulatory costs of having critical information stolen and exploited, can put organizations in a bad light. They can shake customer trust, even for organizations with a strong customer base. Keeper has privileged access management solutions to protect your social media accounts and credentials, as well as critical information for the rest of your organization.