Companies are engaging customers on social media now more than ever. It’s no wonder that cybercriminals see prominent social accounts as a ripe target for attack. Account takeovers have become synonymous with embarrassing headlines that feature prominent companies and figures.
Australian businesses and organisations’ widespread use of social media puts them at high risk of being hacked. According to The Yellow Pages Social Media report, 85% of large businesses have at least some kind of social media presence, while small & medium businesses (SMBs) sit at around 51-58%.
Successful cyber attacks targeting companies’ social media accounts have produced sudden and often severe consequences. For example, earlier this year Channel 7’s Facebook accounts were temporarily shut down after a hacking incident caused them to redirect to Mark Zuckerberg’s old roommate’s profile.
Similarly, the major data breach suffered by survey-building service Typeform in June saw thousands of registered users’ email addresses – and, in some cases, Twitter handles – compromised after hackers exploited a vulnerability in Typeform’s security.
Despite the growing breaches of social media handles, most organisations still lack the protective countermeasures or the expertise to mitigate risk and respond to such incidents. Few companies know how to regain control after an account compromise—or how to prevent an attack in the first place.
How are the takeovers possible?
The details of social media account takeovers are often oversimplified – many think it’s only a matter of mismanaged passwords, but the reality is more complex.
Currently, 90% of large businesses and 40% of SMBs in Australia have a social media strategy in place. These businesses are usually very active on multiple accounts at once. However, each online platform has its own complicated operational environment which lies outside the control of company IT departments.
As a result, companies making use of social media typically lack the same controls and power over security as they have for their websites and internal email systems. The more accounts a company has, the more likely it is that one of them could be taken over.
Complexity is the key
The average enterprise brand has hundreds of social media accounts across social platforms, including Twitter, Facebook, YouTube, and others. And they typically have several dozen admins with account login and publishing privileges.
In addition, they often authorise multiple publishing applications to connect to their social accounts to create and communicate content. And there are a lot to choose from—the publishing ecosystem includes more than 20,000 unique apps.
Companies with very active social feeds can have as many as 35 authorised publishing apps on a single Twitter account. This introduces a high level of risk; each admin and authorised publishing app becomes part of the attack surface for each social account.
Bad actors phish account admins for social page or app credentials. Attackers may even use a malicious mobile app to gain access.
Without the proper security controls in place, this complexity makes it difficult to detect a compromise until it is too late. For example, enterprise brand accounts make up to 50 changes a day on the authorised apps, admins, descriptions, and pictures—in addition to the high volume of content posted.
Reducing the risk of account takeovers
Here are seven ways marketing and security teams can reduce the risks of someone hijacking their social media accounts:
1. Implement access management, strong passwords, and two factor authentications
Shared passwords, dormant users, weak passwords, and manual password tracking increase your company’s exposure to social account takeovers. Only users with a business need should have access to your accounts, and they should be subject to strong password policies. Ideally, you should adopt two factor authentication as well.
2. Audit your publishing apps
So many apps are inadvertently granted approval to connect and publish to your social media accounts. Use a solution that audits all the apps that have been granted access and de-authorises those that shouldn’t, as well as monitors for any new unauthorised access and locks down the app if it has been compromised.
3. Automate locking your social account
If your account is compromised, deploy technology that automatically locks your account to prevent future publishing and stop the attacker from doing further damage.
4. Establish a process to stop new content posts
If your account is compromised, the last thing you want is for your apps to continue churning out bad content. Disabling any application capable of spreading the negative content will help you avoid further damage.
5. Suspend your account
If you cannot recover the account by resetting passwords, contact the platform immediately to suspend the account.
6. Develop and test your response plan
Develop a strategy for responding to account takeovers. These strategies should include pre-defined messages that let your stakeholders know the actions you’ve taken, the procedure to follow, and the correct messages for the press. It should also include procedures for escalating issues and communicating with customers. Then test your plan. Run a “red team” exercise that improves its effectiveness.
7. Create a response web page
Create a hidden web page with a shortened link that is pre-approved and ready if an event occurs. The page should have a basic template in place that you can quickly modify with the proper response. This link can then be shared across the appropriate channels to drive a clear and consistent message.
Today around 50% of the Australian population logs into Facebook on a daily basis and as mentioned, 90% of large businesses and 40% of SMBs in Australia have a social media strategy in place. Also, according to Hootsuite’s 2018 Social Business Report, eight out of ten Australian financial service businesses said social media has become more important in the last two years.
Social is everywhere now. We are always on and always connected. If businesses choose to be on social media then they should not only focus on pushing out engaging content, but also ensure that their platforms are secure and save themselves embarrassing front page headlines.
Article by Proofpoint senior sales engineer Omer Lahav.