Managing Your Business’s Social Media Risk

Subscribe to Our Blog

We all have social media accounts. Team MainSpring posts regularly on Facebook, Twitter, and LinkedIn. The posts are part of our monthly plan to share advice on IT security and productivity tips.

But we are also aware of the cybersecurity threat social media carries, and you should be too.

Social media in the news

If you have watched the news in the last six months, you may have noticed an increased spotlight on social media. Who is blocking who? What does Section 230 mean and how does it protect Internet free speech, and should I care? What’s new in 2021, and how will it impact our market segment?

Last year, the Netflix documentary The Social Dilemma became a streaming hit. Tech experts sounded the alarm on the impact of social networking.

If you watch the documentary, you may be left with many questions and maybe even some concerns. (If you have not watched the documentary, here is a link to the Netflix trailer)

You may find it hard to keep up, but are you asking the most important question? How does social media impact the security of my business and my brand?

Protect your brand

Recently, I wrote a blog about using technology to protect your brand. Firewalls, virtual private networks (VPNs), and passwords all help protect your brand. Still, do you have protocols in place to create a social media human firewall?

We have all heard the stories about home invasions after a family posted their vacation plans on social media. Or perhaps a friend was hacked after tying the name of their pet to their social password. “Invasions” can happen in the business environment too.

If you think that social media is not tied to cybersecurity and your brand, think of your social posts as breadcrumbs that lead back to your essential company data. You may accidentally be providing a social media hacker not only access to your social accounts but to your company and customer data.

Ways to create a social media human firewall include being mindful of personal information, employee protocols, malware alerts and anti-phishing training.

Protect corporate information

Don’t accidentally give away your corporate information through a social media post. Here is an example that may be relatable.

Imagine you are a craft brewery. You accidentally post about your next seasonal beer release before your brewmaster has perfected the recipe.

Or you post too soon, and your competitor beats you to the market. While fans visit your competitor to taste their latest seasonal beer, you just lost thousands of dollars from an erroneous social media post.

One way to ensure that each post fits your brand, and does not give away company confidential information, is to create a social media plan. Once you create a plan, stick to it.

If you create a monthly or quarterly calendar, including written content, you minimize the possibility of unfortunate posts. Making the calendar is just the first step; the second step includes a fresh set of eyes or two. Once your content is created, ask for a peer review.

Another way to minimize social media mistakes is to limit the number of administrators to your social accounts. As you restrict access, also ensure that you disable access if you off-board any of your social media managers. In a recent MainSpring blog, I review steps to off-boarding an employee.

Social media and employee protocols

In recent years, the link between corporate culture and employee social posts has become a sticky subject. Over 90% of your employees have at least one personal social media account. It is tempting to talk about ones' employer.

Disgruntled employees may make inappropriate posts, or an employee may say too much in their individual posts.

My top tip to prevent an unfortunate HR situation is to include your company's social media protocols in any employment agreement or contract. And do not forget to include these protocols within any agreement with contractors.

Be malware and phishing smart

Social media provides a door for both malware and phishing. Social media ads, links from friends, and even shortened URLs can provide a conduit for malware. You may think that you are clicking on an Instagram account, and you just opened your company up to attack.

Social media accounts are often outside of enterprise control and are usually not included in a security review. But social media is a gold mine for hackers. To sum it up, here is a quote from Steve Durbin, Information Security Forum.

“Once someone is onto a site like LinkedIn, Twitter, or Facebook, there is almost an assumption that the way you are interacting with others is without risk. Psychologically, your guard is down. As a result, social media sites have become a useful channel for those who want to spread malware through social engineering."

You can halt the risk of malware and a social engineering hack through employee training. It is important to note that your employees should participate in a training program, not just your IT team. Your training should be continuous—not once a year—simple, and modern. Nobody has time to sit through one-hour PowerPoints. Training should also be available to employees that Work From Home. (WFH) MainSpring offers a free evaluation within our Automated Security Awareness Program.

Your future with social media

With care and planning, a social media campaign will help grow your business this year. As a business manager or a team leader, your goal should be to ensure that social media's impact on your business remains positive.

MainSpring is an IT managed services provider in the DMV metro area. If you are in the DC, Maryland and Virginia region, find out how we can help you by visiting