Blog

5.5 mins

Are You Really Anonymous on Snapchat? A Closer Look at Social Media Security

By Ryan Holmes | 5 months ago | No Comments

Image by Ed Yourdon.
Image by Ed Yourdon.

This post was originally published by HootSuite CEO Ryan Holmes on the LinkedIn Influencer blog. Follow Ryan on LinkedIn:

Want to go ghost hunting? Sign up for Snapchat.

The trendy photo-sharing service has recently implemented a feature that makes incoming users pick out its trademark white phantom from a set of nine pictures, before they’re allowed to join the network. This new measure comes in the wake of last month’s disastrous security breach for the social network.

In early January, hackers were able to access the usernames and telephone numbers of 4.6 million Snapchat users (including, apparently, the CEO himself). Much of this private information was then made accessible online, for anyone to see. This follows on the heels of discoveries that, contrary to claims, photos and videos sent via Snapchat are in fact stored locally on users’ phones and never completely destroyed.

For Snapchat’s detractors, all of this is timely comeuppance for the brash young network, fresh off turning down a $3-billion offer from Facebook. For companies that find themselves committing more and more resources to social media, however, this should also be a sobering wake-up call: Security and social media rarely go hand-in-hand.

In the last year, businesses have adopted social media in record numbers. 77 percent of the Fortune 500 now have active Twitter accounts and 70 percent maintain a Facebook Page, according to a University of Massachusetts Dartmouth study. Perhaps most eye-opening, 90 percent of small businesses now report using social media. But behind the enthusiasm for Twitter, Facebook and other networks is a sobering truth. Many companies, including some of the planet’s largest enterprises, are underestimating the risks they’re exposed to on social media.

There are, of course, the obvious ones. Twitter is public: Content posted can be seen by anyone and can never really be put back in the box once sent. Start a Facebook Page, by the same token, and your company “wall” is as vulnerable to vandalism in the form of vicious or off-color comments as any back alley.

Then, there are more insidious threats, internal and external. Organizations from the Red Cross to KitchenAid have been shamed by employees—either accidentally or intentionally—posting comprising tidbits on corporate social channels. Meanwhile, malicious hackers have made short work of some of the biggest consumer brands on social media, co-opting feeds from the likes of McDonalds, the AP and more. For companies in highly regulated industries—like finance or pharmaceuticals—the challenges are even greater. Strict communication rules can make compliance on fast-paced, informal social channels a legal nightmare.

Yet, for some companies, opting out of social media is no longer a viable option. According to a recent Nielsen survey, nearly half of all U.S. consumers now turn to social media for information from brands and businesses about their products and services. At the same time, companies able to navigate the shoals and use social media to its potential stand to unlock some $1.3 trillion in value in the years ahead, McKinsey reports. In many cases, there’s too much at stake to turn back.

Security technology plays catch up

Slowly, however, social media technology is catching up and starting to fill in the security gap. Over the last several years, software systems called social relationship platforms have emerged, offering companies ways to take at least some of the risks out of social media. Big software—like Adobe and Salesforce, among others—all have their versions, though dedicated vendors focused exclusively on social media (my company is one of these) have also emerged on the scene.

At their most basic level, all of these platforms force companies to consolidate and organize their social media presence. According to an Altimeter study, the typical enterprise has 178 Twitter, Facebook and other social media accounts associated with it—some official, others started informally by employees. Security risks here range from lost passwords and hacked accounts to rogue employees sounding off and confused customers who mistake satellite accounts for the real thing.

The standard social relationship platform centralizes these accounts in one software program—a kind of master dashboard for viewing and using all social channels. Access to accounts can then be regulated by a central administrator. At the same time, different permission levels can be extended to different employees, enabling, for instance, junior staff to draft messages and managers to approve them. Alerts for unauthorized access and special security features also make it considerably harder (but not impossible) for hackers to hijack company accounts.

The most secure platforms also offer an array of behind-the-scenes services from live support teams. Some vendors assist with audits to identify a client’s social media channels—both the real ones and knock-offs—then consolidate and map the legitimate accounts. Others provide crisis simulations to ready employees should a PR disaster ever go viral on Twitter or Facebook.

Increasingly, however, the real power of these systems lies in automation. A major consumer brand like Coca-Cola, for instance, may get tens of thousands of social comments everyday on Twitter, Facebook, Instagram and other channels. Many social relationship platform will have features to automatically weed out offensive or irrelevant content, as well as the increasing amounts of spam and malware distributed on social channels. Custom filters can even be set up to identify and eliminate comments containing flagged keywords, phrases or images.

The most robust of these platforms also have real-time monitoring functions, which automatically run messages posted by employees through a series of tests to ensure compliance with industry regulations. This kind of constant, background analysis is often critical in sensitive sectors like banking or securities, where violating FINRA or SEC rules on communications—even on social channels—can trigger heavy fines.

As for Snapchat, as a result of last month’s breach, members of the famously discrete network were besieged by spam—of the intimate variety. A steady stream of messages featuring topless women and ads for male enhancement, not to mention fake rolexes and diet pills, has invaded users’ phones, prompting many to cry foul over the network’s repeated violations of trust. Meanwhile, its new verification system has already been called out as flimsy after a hacker allegedly cracked the code in just 30 minutes.

The moral of the story: For companies for whom social media is more than a one-night stand, the path forward it seems isn’t anonymity or privacy but precisely the opposite—transparency and vigilance.

For more social media insight and to learn more about my company, follow HootSuite on LinkedIn.