How to Protect Your Organization from Social Media Cybersecurity Risks

Over the course of 2016, several popular social media platforms — including Facebook, LinkedIn, Instagram, and Twitter — realized a marked increase in fraudulent activity, with security firm Proofpoint noting a 150 percent increase in social media phishing scams alone. And 2017 seems to be following a similar pattern.

Many of these phishing efforts were focused around the creation of fake customer service profiles that would contact end customers directly, requesting personal account information or encouraging users to inadvertently download malware or other malicious code. In fact, as part of the same study, Proofpoint found that of the 4,840 social media accounts associated with 10 well-recognized brands, 19 percent were fraudulent. And over the course of Q2 2016, the firm detected nearly 600 new fraudulent accounts each month.

Not sure what to do if one of these phishing scams is effective? Read: Data Breach Disasters: How to Prepare for the Worst and Respond at Your Best

Another leading motivation for these fake accounts — roughly 30 percent — was directing consumers to counterfeit products and services. Meanwhile, protest and satire accounts comprised a minor, yet notable percentage as well.

Why Target Social Media?

Put simply, it’s where the people are. According to market projections, there were approximately 2.2 billion social network users at the end of 2016, roughly 30 percent of the planet’s population. So if a criminal or scammer is searching for a target-rich environment, social media provides an ideal platform.

At the same time, communications between social media accounts routinely lack the same security and monitoring tools that are used to identify and prevent fraud and cybercrime through email.

What Does Your Business Need to Use Social Media Responsibly?


Particularly if your organization runs multiple social media accounts, putting in place clear guidelines across these departments and platforms is critical. A sound policy will dictate rules and processes for:

  • Password strength
  • Content monitoring
  • Access lists
  • Interacting with the public
  • Security Breaches
  • Crisis responses


With a defined policy in place, it is important for your business to share these rules with anyone directly (or indirectly) involved with your social media efforts. These relevant parties should be familiar with what is and are not an appropriate activity for corporate accounts.

Also, given the increased activity of criminals and scammers within social networks and the tendency of most employees to check their personal accounts multiple times a day — frequently with company equipment — provide everyone in your organization with regular data security training. If your workers are able to identify phishing scams or other suspicious activity while online, they will not only keep their personal information safer but avoid placing your organization at increased risk as well.


Of course, not all risks come from outside of your company. A poorly phrased tweet or unauthorized missive can quickly land your business in a scandal, particularly during a slow news cycle. If possible, invest in control software that filters content before it is posted and prevents inappropriate messages from slipping through.

US Airways found itself trending on Twitter and the subject of several news stories after an employee “accidentally” attached an X-rated image to a customer service tweet. Purportedly, the image had been sent to the business by another user and flagged as inappropriate content; however, the graphics file was mistakenly included when the person managing the account responded to an unrelated complaint.

Bare minimum, create a chain of command for who is responsible for managing and maintaining each account. And part of that responsibility should include the constant review of what has been posted.


Life is messy, and eventually, something will go wrong with your social media accounts. Whether the result of outside hackers, a disgruntled employee, or a simple miscommunication, your wisest option is to respond quickly to the situation and offer an honest and sincere apology.

Rather than developing a process in the middle of a crisis, determine how your business will communicate to affected customers, the public, and the press ahead of time so that when the time comes, your team can focus on sending a clear, concise message.

The Next Step

Cybercriminals are a reality, and if given the chance, they will happily exploit your business and your customers. Factor in disgruntled employees and human fallibility and maintaining a social media presence for your business can quickly become a daunting prospect. But with a little planning and preparation, your company can more safely navigate the dangers of online communication and be better prepared to respond quickly if — or when — a problem occurs.

To learn more about how our security awareness courses can help your business develop sound social media and cybersecurity policies, request a demo today.