For all the same reasons marketers love social media—its ease of use, low cost, and high number of users across the globe—so too do cybercriminals and scammers. As marketers continue to leverage social media, security becomes increasingly more important.
The biggest companies on earth are turning to social media to engage with customers, drive business, and have their voices heard. There are millions of dollars being made on social media each day—making it a prime target for exploitation and extortion.
Most social media pros encounter scams or fake profiles frequently enough that they are not easily fooled. But can you the same for your executives? For every person in your organization? For your customers?
According to the cybersecurity firm Norton, 40 percent of social media users have fallen victim to cybercrime on social media, and one in six users believe their accounts have been compromised. A recent McAfee study found that employees experience far more cybercrime on social media than any other business platform. That includes email, the place most people usually keep their eyes peeled for scams and “phish-y” messages.
When it comes to social media, employees, customers, and brands themselves all face security risks.
1. Brand risks
Corporate-owned accounts are the flagship for any modern organization operating on social. For many companies, they are at higher risks than a website because social profiles are so visible and valuable.
An account impersonating a brand isn’t necessarily bad. But anything that account does, especially engaging with customers, can impact the actual brand. On the playful side of the spectrum is a parody account, which, depending on the industry, some companies don’t mind.
In the middle of the spectrum is an impersonator hijacking your hard-won social media popularity for any sort of shady activity, like piracy or selling counterfeit goods. These accounts steal clicks and impressions, confuse consumers and erode your share of voice.
On the dangerous end, an impersonator account can engage with customers as if they are the genuine brand and deliver phishing links or malware exploits. The cost here is huge: customers who associate the attack with your brand likely won’t be doing business with you.
Losing control of a branded account is every social media marketer’s worst nightmare. It’s happened to the best of them: Associated Press, CENTCOM, Chipotle, the NFL, Delta, Crayola, NewsWeek, and the University of Michigan. Such an attack can turn into a PR nightmare, costs countless dollars in damage control or lost business, and erode customer trust.
2. Employee risks
Everyone at your organization is on social media. You likely have built out policies for users or even employee advocacy programs. But what happens if they click something they shouldn’t or post something out of line?
Fake executive accounts
Fake executive accounts, like fake brand accounts, are building blocks for other types of threats. A fake executive may slander the company online or engage with employees at the company to launch attacks (think of a fake CFO account sending a virus disguised as compensation paperwork to new hires via LinkedIn).
Spear phishing is the oldest trick in the book. Originally associated with email, spear phishing involves sending a bad link, such as a phishing or malware attack, appended to a carefully crafted message.
Both the spray-and-pray approach (attach every trending hashtag you can fit) and the highly-targeted approach (use all the publicly available personal details from the target profile to craft a nastily specific message) are effective on social media.
These attacks, if they get as far as breaching a corporate network, can cost huge amounts of money, create bad press, and anger customers.
Internal policy violations
For any marketing team that is not operating their executive’s or high-profile employee’s account, enforcing and regulating internal social media policies is a challenge. Any time an executive says something controversial or off-brand, it’s on the PR team to clean it up.
3. Customer risks
Customers are the lifeblood of any business. Although they exist outside a marketer’s jurisdiction for how they operate on social, they, more than anyone, are worth protecting.
Scams can take many forms, depending on the industry. They range from “free iPad!” scams to money-flipping financial scams and fake travel sweepstakes. The associated costs vary as well: direct financial lost, stolen travel points, fake customer support payments, leaked credentials, and more.
What makes scamming in the social media age so dangerous is scale. A scammer can exploit an organization’s hashtags (or impersonate their brand outright) to launch a scam aimed at any would-be customer who uses social media. Consider if all the calls to action on your social media advertisements and posts drove to malicious websites instead of content and conversion forms.
Protecting your brand from social media threats
Social media practitioners are at the forefront in the fight against all these risks. They are responsible for the safe execution of social marketing and for ensuring that the brand and its people are not exposed to threats.
In order to do so, marketers should monitor continuously for all varieties of risks and get malicious content removed when necessary. Social media is an ocean of dynamic data and searching it manually is nothing short of a herculean task.
Social media is a powerful business driver and an excellent place to engage with customers. Because of these clear advantages make it all the more important to protect your company’s investment in social media. As marketers continue to grow their business on social, they should work to do so safely and securely.
ZeroFOX for Hootsuite is built to help the modern marketer solve these mission-critical challenges. It protects your investment in social media by automatically identifying and remediating social media risks in a simple Hootsuite stream. Download it from the Hootsuite App Directory.
Learn how to protect your brand from social media threats—both internal and external—in an upcoming webinar with ZeroFOX and Brandwatch.