- The Web 2.0 boom and the growing use of social media by companies have brought a corresponding threat to brand owners
- “Corporate security plans, whether for large or small businesses, must include contingency action plans in the event of public crises caused by any of these online platforms and resulting in reputation damage and financial losses” (Luis Corrons, Technical Director at PandaLabs)
Companies are changing the way they communicate with customers and their target audience. Traditional systems are evolving towards collaborative environments where businesses engage in a dialog with the user community. According to the 1st Annual Social Media Risk Index for SMBs, released by Panda Security, The Cloud Security Company, 78 percent of surveyed companies use social networking sites to support research and competitive intelligence, improve customer service, drive public relations and marketing initiatives and directly generate revenue.
However, corporate social media strategies and security policies usually overlook crisis management plans to face the challenges posed by social media in terms of authenticity, security and privacy.
These risks can be quantified. Facebook was cited in the study as the top culprit for companies that experienced malware infection (71.6 percent) and privacy violations (73.2 percent). YouTube took the second spot for malware infection (41.2 percent), while Twitter contributed to a significant amount of privacy violations (51 percent). For companies suffering financial losses from employee privacy violations, Facebook was again cited as the most common social media site where these losses occurred (62 percent), followed by Twitter (38 percent), YouTube (24 percent) and LinkedIn (11 percent).
Protecting brand or digital identity should be a priority for all businesses, however, in reality, neither the top social media platforms nor companies themselves seem to pay much attention to it. The fact that anybody can create a fake online profile in the name of a real business means that people could be speaking on behalf of a company without actually having anything to do with it. This could lead to the creation of communities of users ‘tricked’ into believing that a corporate account is authentic or even publication of information that could actually damage the brand and result in public relations disasters.
Only a few social media sites like Twitter allow users to show their account is authentic through a Verified Badge, but most of them do not include that option. It is therefore recommended to proactively register all your company trade names on the main social media sites, clearly identifying a business official communication channel if there is no other verification mechanism available.
Companies are affected by the same problems as individual users connecting to social media sites, but with more devastating results. The main security concerns include:
- Identity theft. Administrators could become infected and have their profile login data and passwords compromised. This could result in anybody being able to take control of the corporate account to perform any actions, including scheduling events (on Facebook, for example) with malware links. Similarly, any malicious user that took control of an account could post information from a company’s official profile with disastrous effects.
- Infection risks. Attackers could take advantage of instant messaging applications or the timeline feature in microblogging platforms to send users information with hidden links to malware sites. In the case of large corporations, this could result in targeted attacks specially designed to infect users‘ computers in order to penetrate networks and access all kinds of information. Similarly, followers could also post malicious links on profile walls contributing to the spread of computer threats. In any event, any of these actions could clearly compromise brand integrity.
- Platform vulnerabilities. The year 2010 saw the appearance of a number of security exploits in popular social networks like Facebook or Twitter, putting millions of users at risk. As more users join these sites, there will be more researchers looking for security flaws, and many of them will unfortunately be hackers.
Following good password management practices like changing them regularly and strengthening them (through the combination of alphanumeric characters) can help protect corporate integrity. Security awareness and education as well as keeping oneself up to date on the latest security threats will help corporate profile administrators to stay alert and detect any irregular activities.
Corporate profiles are managed by administrators who can sometimes make too much information available to followers or visitors.
This information could then be used by malicious users against the company itself either online or offline. For example, they might post information about corporate finances, practices, work processes, etc. Too much risk.
Also, it must be taken into account that, as shown by the study, 77 percent of SMB employees use social networking during working hours and could share confidential information on there.
According to Luis Corrons, Technical Director at PandaLabs: “Along with the better protection of the corporate network, the use of common sense, often the least common of the senses, is what we have to do to prevent headaches associated with problems of both security and privacy”. Having adequate training programs and social media policies will greatly help minimize the risk of confidential information leaks.
“In the past, most social media sites were used for individual use –explains Corrons–, but now we are witnessing a boom of Social Media strategies in the corporate sector. Web 2.0.has proven to be an extremely efficient and cost-effective way to implement marketing, communication, customer service actions, etc. However, just as companies benefit from social media, they are also exposed to many risks and public relations disasters.
Corporate security plans, whether for large or small businesses, must include contingency action plans in the event of public crises caused by any of these online platforms and resulting in reputation damage and financial losses. It is clear that cyber-crooks will start shifting their attention to companies using social media and launch targeted attacks on them, as they return much more benefits than individual users.”