Cyber-attacks can be incredibly disruptive to your business, especially if you are reliant upon using Facebook’s marketplace, Instagram and Twitter to generate revenue over social media.
If a hacker got into your email or social media account, what would they find? Health and banking information? Names and contact details for your clients and customers? For most businesses, it’s at least one of those.
In the period between 1st December 2021 – 1st December 2022, the National Fraud Intelligence Bureau dashboard revealed that social media hacking and email compromise was the top cyber threat to businesses in the South East region.
Some victims are extorted for money, whilst others have their accounts used to send malicious links to their contacts. One victim who had multiple email and social media accounts hacked paid over £2,000 to regain access to them. Another victim reported that her hacked Facebook account was used to trick her friends into sending money into a PayPal account they thought belonged to her.
How can you keep your social media accounts secure?
We have compiled some simple tips in this video that will help you to secure your social media accounts.
Two-step verification (2SV) (also known as multi-factor authentication) is designed to help stop cybercriminals from accessing your accounts even if they obtain your passwords. Two-step verification ensures that any new device trying to log in or make account changes needs a second layer of security before access is given. 2SV includes single-use codes being sent via SMS, email, phone, or smartphone application. How to turn on 2SV for social media - Instagram, Facebook, Twitter and LinkedIn.
Remember to have strong passwords, your first level of protection when securing your online accounts or customer data is a strong password. Whilst complex passwords can be difficult to remember, the National Cyber Security Centre (NCSC) encourages businesses to use three random words; such as HouseForestFlower. This helps you protect against common issues like brute force attacks. This is where an attacker tries many passwords with the hope of guessing them correctly. The aim of a strong password is not to make it so you won’t remember it, but so cybercriminals struggle to crack it. You can include symbols, capital letters and numbers to make it even more secure. Default passwords must always be changed and you should change any passwords if you witness any suspicious activity taking place on your account(s). If someone leaves the business it's recommended that you review the passwords on your social media accounts and consider changing them.
Consider using user roles on your social media accounts, it’s best practice to grant direct access to just a few select employees so your social media accounts can stay secure. This is especially important if you are using freelancers or external agencies with your social media accounts. Using user roles can reduce the risk of malicious or erroneous mishaps with your accounts by granting access without sharing any passwords. When a user changes their job or leaves the organisation, their access can easily be modified or removed altogether.
Do you know which devices are signed into your social media accounts? You should always know what devices are logged into, as a matter of basic digital security. We recommend every month performing a checkup, just to see which devices have access to your accounts.
Secure your social media accounts on mobile devices - use the FaceID feature To make it easy to log in, many people who don't have their settings require two-factor authentication for social media on mobile devices. Although you may not want to require a password each time you log in, you must have passwords to lock your phone and prevent unauthorized use of social media accounts. Facial recognition and fingerprint scanning are also available to keep accounts secure on mobile devices.
Consider implementing a security policy for social media, this policy should allow employees to have access only to sites that are safe and trustworthy. Your policy should also be set up to detect, monitor, and have an action plan if an incident occurs. Businesses should monitor any activity on social media to automatically detect and report threats, and take action.
Make sure your policy makes employees wary of clicking on links from unfamiliar followers For example, shortened links can infect a system with malware and infect computer systems, if opened. Employees should use tools that allow them to view the full URL before clicking, as an infected link could harm not just their devices but the entire company network. How to check your privacy settings - Whatsapp, Instagram, Facebook and Twitter.
How does The South East Cyber Resilience Centre work with SME's to tackle the threat posed by cybercrime?
We provide many free resources designed to improve your #online security, from checklists to Incident Response templates, there's something for everyone. Get yours today and receive our FREE welcome pack here https://www.secrc.police.uk/free-information-pack.
For more support, please do get in contact with us to discuss how we may be able to help you.