There is no doubt that social media has penetrated the daily lives of billions of people. According to Statista, the number of monthly users of social media is slated to reach 3.02 billion people by 2021, which is around one-third of the world’s population. With social media becoming second nature to so many people in every corner of the world, the risk associated with its use is staggering.
We are online all the time creating a permanent archive of ourselves and our families. For many people, our personal posts spread into our professional lives as well. This has gotten us into the current state we’re in. Can we separate our personal selves from our business selves online? Will that post affect me professionally? Will the post affect the company I work for? All these questions are being played out online on a daily basis.
Understanding that social media is fluid and can change in an instant is a fact often overlooked by corporations. Keeping the lid on news or scandals, true or not, is difficult to manage. Some companies find themselves in social media scandals not of their own making.
Let’s go back to August 2017 and the “Unite the Right” rally in Charlottesville, Virginia. Violence erupted during the rally when protesters and counter-protesters clashed. Hundreds of photos were taken and posted online by the media, protestors and onlookers.
In many of the photos, protesters were seen carrying TIKI torches. When was the last time you saw a TIKI torch? According to the company’s website, “A yard illuminated by TIKI torches quickly came to symbolize the ultimate backyard gathering.” And now TIKI was catapulted into the public eye in a way that nowhere near symbolized the backyard gathering they envisaged. The riots forced TIKI to make public announcements on their website and social platforms denouncing the way their products were used in this circumstance.
As of July of this year, TIKI has only tweeted 443 times and has a scant 820 followers since they put up their Twitter profile in 2009 – hardly a robust Twitter following. But tweet they did once their products were seen associated with violence. The tweet relating to the riots has since been removed from their Twitter feed.
Many organizations’ social media policies remain vague with only skeletal guidelines on overall usage. Endless stories of turf wars on who controls social media along with a lack of general understanding of what can go wrong are pervasive organizational issues. For the most part, policies focus on the marketing aspects of social media rather than potential risk.
Now let’s toss a bit of social engineering into this mix. Social engineering is widely used by cybercriminals to gather data and figure out the best way to infiltrate an organization. They will scan the social profiles of staff, research the social profiles of the organization and evaluate the effectiveness and frequency of responses. Then they will launch their attack. An overwhelming amount of malware and ransomware attacks use social engineering to send believable phishing links to unsuspecting individuals.
The session I will give on social media risk at the GRC Conference next month in Nashville, Tennessee, USA, isn’t a story about how far we’ve come; it’s about the rapid pace by which we got here. It’s about the massive amount of information that can be mined about individuals, the places they work and the opportunities that become available to cybercriminals as a result. Understanding the inherent risks of social media is the first step in mitigating the dangers that may arise from its use.