Effective Social Media Risk ManagementPublished October 2, 2018 by Karen Walsh • 4 min read
Another Facebook security vulnerability? Must be Tuesday. You need to have a social media strategy as part of your branding. However, you also need to protect your company from the data risks inherent in social media activities. Social media risk management is an integral part of your IT security risk management process, but what do you need to know?
Managing Risks of a Social Media Presence
What are the primary social media risks?
You already recognize the idea that with great marketing comes great responsibility. You’re already out there creating a strong brand voice. Unfortunately, modern hackers are continuously trying to access your data using social media accounts.
The most recent Facebook vulnerability left 50 million accounts open to potential data leaks. If you’re using Facebook as your primary login, then your data is at risk. It’s that simple.
If you want the more complicated explanation, user authentication tokens allow you to use your Facebook login as a single-sign-on option. When you start using a new application, you’ll get the “sign on with Facebook” or “Sign on with Google” options. If you’ve used Facebook to log in, then your data may be at risk based on the vulnerability.
What we know right now is that Facebook closed the hole. What we don’t know is whether other applications such as LinkedIn or Google also have vulnerabilities. Therefore, you need to think about how you’re logging into your social media accounts and how you’re using them to log in to other applications.
Good ol’ phishing continues to plague us. Now, however, it’s begun targeting messenger applications. For example, maybe you’ve automated your direct messages to send discounts to your customers.
Hackers enjoy taking over these automation and sending out messages that look like yours. When they put links in the messages, they use the same social engineering tactics of fake links that look real. To protect your branding, you need to make sure that you’re monitoring your messenger applications regularly for these kinds of intrusions.
Poor Password Hygiene
That’s right. If you’re using a risky password for your corporate social media account, anything shared on there becomes hacker fodder.
Are you using something like “12345” or “password1”? You’re putting your corporate data environment at risk. Think about it this way: all of the information you collect as part of your social media marketing strategy is linked to those social media accounts. Any customer or potential customer information is at risk if a hacker gains control of your social media account.
Are you tracking potential leads based on social media analytics and using a weak password? You’re putting everything from your information landscape to your reputation on the line. All for the ease of remembering a password.
Why Managing Social Media Risk Matters
What Strategies Mitigate Social Media Risk?
Social Media Policy
Create a policy specific to your social media marketing strategy. This includes making sure that you have clear expections about:
- Password Strength
- Content Monitoring
- Access Lists
- Interacting with the Public
- Security Breaches
- Crisis Responses
You need to talk to your CISO about how you report and handle the aftermath of a social media hacker getting into your accounts. You need to make sure that you’re working together rather than isolating yourself from a department that helps you protect your client lists.
As boring as it sounds for a social media marketer, you’re the first line of defense for protecting all the information you access. More importantly, since you focus on protecting brand identity and image, you need to make sure that you’re creating a safe place for customers.
To do this, you need to make sure that you’re staying updated on the most recent threats to your social media accounts. Whether it’s another Facebook vulnerability or a Twitter hack, you have to educate yourself about how your activities threaten the whole company.
If you have multiple people working with your social media accounts, you need to make sure that you create a chain of command reviewing the activities.
Any risk management process includes doing due diligence over information activities. You need to be aware that your marketing strategies also impact other areas. If you retweet or share a phishing link, you’re putting your entire company at risk.
How ZenGRC Enables Social Media Risk Management Workflows
Workflow management requires communication. With ZenGRC’s platform, you can connect your cybersecurity activities to the overarching data security requirements set out by your IT department.
Your IT department can prioritize tasks that help you focus on real time tracking for vulnerabilities in your social media networks. As soon as they hear of a risk, they can tag you. If you hear of a risk, you can tag them.
With our intuitive interface, you don’t even need to be an IT professional. You can easily create and follow tasks so that you work as a team.
Our centralized dashboard offers the IT department actionable key performance indicators (KPIs) that help them see into the company’s information security protections. Connecting the marketing department’s data strategies to overall company policies supports your the company’s enterprise risk management strategies.