Facebook, Twitter, LinkedIn. These and other social media platforms are providing new and better ways for businesses to communicate, engage and connect with customers and build their brands like never before. However, like all activities that transpire on the Internet, using social media comes with risks — threats to security that could inflict serious damage to businesses as sensitive information is compromised.
Being that some of these threats are not yet fully appreciated, here’s a look at six very real social media risks for businesses.
Malicious mobile apps
No question about it, the explosion of mobile computing has driven the proliferation of social media. Smartphones and other mobile devices once left at the corporate door are becoming more popular for business use. And since employees are already adept in using mobile devices, they think nothing of uploading a myriad of apps on them, even on phones and tablets issued by the company for business use.
Unfortunately, as Google discovered the hard way a few years ago, some applications come with malicious software designed to perform all sorts of nefarious activities such as exposing a user’s private information and destroying data. Businesses that allow the use of mobile devices need to place limits and restrictions on their use to prevent advanced malware from compromising data.
Related Resources from B2C
» Free Webcast: Build Better Products by Identifying and Validating Your Riskiest Assumptions
Social “con games”
Social media use encourages the sharing of personal information that can be exploited by social engineers who are constantly on the hunt to catch users with their guard down. Virus writers use social engineering tactics to persuade unassuming users to open malware-laden email attachments. Phishers use social engineering to try to trick people into divulging passwords and other sensitive information.
Then there are the Scareware vendors who use scare tactics to get people to run malicious software designed to wreak havoc with the devices they think the software will protect. Employees need to be made aware of the security risks posed by social engineering and then adequately trained to better protect proprietary information from being compromised.
Social networking sites themselves
Earlier this year a Burger King tweet boasted being bought out by McDonalds. Next came a tweet on Jeep’s twitter feed that Cadillac had just acquired it. Soon it was revealed that hackers were responsible for the erroneous tweets, which calls into question the safety of individual networking sites. Twitter, with its shortened URLs, can be used to trick unsuspecting users to click on malicious sites designed to obtain personal information. If these sites are accessed through a work computer, corporate information could be compromised.
Social media allows employees to interact in an atmosphere of assumed trust that can create lapses in judgment and security. For example, sharing a little too much information with friends about secret corporate projects could jeopardize proprietary information.
The spontaneity of social media can also cause employees to act impulsively, posting improper comments or criticisms about the company, coworkers, or worse yet, customers. Such comments cannot be taken back and could cause backlashes that damage both the corporate brand and bottom line. Training employees on the proper use of social media for business purposes, both while on and off the clock, is mandatory for reducing security threats from within.
A non-existent social media policy
Companies that allow employees to use social media platforms for business purposes without first implementing a social media policy do so at their own peril. The policy must provide specifics regarding who in the organization is authorized to use social media, along with specific guidelines for using it properly. Although social media is all about communication and engagement, every aspect of a company’s social media initiative must be carefully orchestrated. Nothing must be left to chance or to an employee’s individual interpretation.
Lack of policy enforcement
This may sound redundant, but once a social media policy has been implemented, it needs to be actively enforced by a designated social media manager. Training should be ongoing and routine reviews should be conducted formally and informally to make sure all employees clearly understand the company’s official social media policies.
Companies that take social media security seriously stand to reap the many benefits that this exciting and transformative tool can bring to their businesses.