DIGITAL INTERACTIVE SERVICES
Digital safety on social media platforms
The ever-increasing instances of cyber-attacks on social media (SM) networking sites have created complex situations for compromised users. Social media sites have many areas of applications such as digital marketing for business firms, social e-commerce, branding and other activities that provide growth opportunities for all types of businesses, making these sites an essential component of market presence. However, in the fast-growing user base of social media networking sites, not many are aware of the cyber security risk the sites pose.
The main function of cyber security applications is to protect users and their devices from unauthorised access and loss. However, that is not enough. The social media behaviour of both employees and employers can also help mitigate the risks involved. Increased awareness of risky behaviour is essential to minimise exposure to attacks on social media sites. This awareness coupled with updated security measures can keep cyber-attacks at bay. Here, we highlight several such instances of potential exposure to cyber-attacks.
While using social media, users post pictures and share information, leaving the SM sites vulnerable to data privacy breaches. Such users might be oblivious to the fact that whatever information they have put on the social media - a data trail - can be of interest to hackers/identity thieves/criminals. And once, such unscrupulous elements get access to social media accounts they use the content in these accounts indiscriminately.
Businesses often reserve SM handles across channels to ensure a consistent brand presence. In such cases it is essential to monitor accounts if they are not used very often. Unmonitored SM accounts are easy targets for hackers who could use such accounts to post fraudulent posts. Such posts could range from incorrect information to infected links that could cause problems for followers of such SM accounts.
Human error could also result in security breaches. Clicking on questionable links could result in the download of malware that could harm a whole network of systems in a business. A percentage of cyber-attacks happen because of such human errors.
Who would have thought memes or quizzes that users engage on social media can be risky? Harmless-looking fun quizzes are often fronts for scammers to hack into user accounts. Everything one does on social networking sites becomes a potential ‘open door’ for attackers. They are able to aggregate data available across online forums and use it to inflict harm.
Another example of risky online behaviour is to have the same usernames/ email addresses/ passwords for different platforms. If one platform is compromised, it puts all other platforms at risk too.
Phishing - an attack that attempts to steal information can target social media sites as well. On social media sites phishing takes the form of fake pages that look like authentic ones and ask users for information. Such information gets misused.
Some social media contacts can also pose a risk. Reshared posts could reach hackers and be misused if they contain sensitive information. Often cyber attackers are able to detect patterns and then send messages to engage unsuspecting potential victims. Hackers are able to gauge a lot about social media account holders from the way the account functions.
Often some simple clicks online can result in accounts getting hacked. Such attacks are called ‘clickjacking attacks” and are most common on Facebook. Zeus is the name of an information stealing malware that is often used to steal financial data.
At times, some sites offer users access with a login from their Facebook or Google accounts. Most of us feel that it is easy and convenient but are totally ignorant about how much knowledge and to what extent personal information has been shared with third-party applications. These applications may download malware without users’ knowledge or consent. Such malware can spread fast and infect linked systems and devices.
An attack on any user’s account on LinkedIn, a professional networking site, can be in the form of an email or a message that urges an employee to divulge personal information. While on Instagram and Facebook, it is usually through a fake page where an impersonator gains access to an account’s details and eventually takes complete ownership of the original user’s account.
Twitter has explicitly mentioned in its users’ policy that it sends messages from its two domains i.e., twitter.com or @etwitter.com. Yet attackers are able to fool several users. LinkedIn manages to block several fraudulent accounts at registration itself using automated defences. Still some such accounts do slip the checks and are discovered later when other users report them. Such malicious accounts are removed manually on a regular basis. Estimates from Facebook place fraudulent accounts at 5% every month. These are removed as part of regular checks.
Ensuring and enforcing a strong social media policy for employees and by making them aware of the unethical practices adopted by hackers will assist in empowering employees and help in overcoming the potential risks posed by popular social networking sites to companies. Installing social monitoring systems will ensure early warnings in case your brand and keywords are involved in any suspicious activities. Installing permission-management software is yet another measure that can be used to help keep SM accounts secure.
*For organizations on the digital transformation journey, agility is key in responding to a rapidly changing technology and business landscape. Now more than ever, it is crucial to deliver and exceed on organizational expectations with a robust digital mindset backed by innovation. Enabling businesses to sense, learn, respond and evolve like a living organism, will be imperative for business excellence going forward. A comprehensive, yet modular suite of services is doing exactly that. Equipping organizations with intuitive decision making automatically at scale, actionable insights based on real-time solutions, anytime/anywhere experience, and in-depth data visibility across functions leading to hyper-productivity, Live Enterprise is building connected organizations that are innovating collaboratively in future.