According to a Cyveillance whitepaper, social media is a phenomenon unprecedented; opening new worlds of opportunities for industries globally with great potential and rewards. This notwithstanding, it also presents numerous challenges and risks. Often-times organizations are faced with a hard time establishing and enforcing effective social media strategies.
Kenya, like many other countries, has embraced the ideals of social businesses. Social media technologies are being exploited successfully by corporations to sell their brand identity, increase sales of product and services as well as augment customer satisfaction. Companies not wishing to be left behind, have leveraged Enterprise Social Networks (E.S.N.Ts) without developing effective social media strategies or even considering doing gap analysis, to understand whether it fully meets their business objectives. Nonetheless, no alternative fully satisfies this ideal since companies that do not embrace E.S.N.Ts will not realize the benefits and will be disadvantaged to their opponents that have embraced them.
In 2009 for instance, the U.S. military considered a near-total ban on social media sites throughout the Department of Defense (DoD). Military officials cited inherent technical security weaknesses and lack of security safeguards on social media sites.
Risk, Privacy Concerns, and Security Issues in Social Media
1.Insufficient Authentication Controls
Most social media applications allow confidential information to be spread in many different locations. Hence even novice users can introduce flaws that can badly affect the entire system. Administrative accounts with no security controls, such as adequately strong passwords, can be brute-forced by attackers to determine passwords for a given account, which can be replicated to other accounts with single-sign-on arrangement. The attacker can eventually have administrative access to a number of systems.
According to PWC. (2013) most staff-related incidents normally involve staff misuse of the Internet or email. This happens in more than three-quarters of large organizations and around two-fifths of small businesses. Cyber loafing is the wastage of time in unnecessary web browsing and social media sites. Some organizations have flagged almost all social media sites within their enterprises. Employees have been forced to quit cold-turkey, since anyone can attest to fact that social media addiction has reached unprecedented levels.
3. Social media squatting
Cyber-squatting is becoming more common each and every day in Kenya. Both celebrities and government officials alike are being targeted by cyber squatters. Enterprises are also not left behind in this, there are people who masquerade as genuine company accounts on Facebook, Twitter, and LinkedIn. Business owners should therefore register their domain name immediately when they start operations to avoid cyber squatters from registering the name under their details as they wait for the business owner to approach them so they can demand payments (Cybersquatters-hit-ecommerce, 2016). A case in point — Larry Madowo.
Though phishing is not exclusive to social media, there has been a current spike in phishing attacks linked with social media sites (Fisher, 2011). Many people view social media sites on cell phones or other mobile devices, which makes it harder to distinguish actual and bogus web sites. Additionally, social media enables attackers to send phishing messages that appear to come from someone that the victim knows. Having obtained login information for a few accounts, scammers will then send out messages to everyone connected to the compromised accounts, often with an enticing subject line that suggests familiarity with the victims (Baker, 2009).
5. Information Leakage
Currently there is no distinction between work and personal lives, since the dawn of “always on connectivity”. Younger workers use the same technologies in the office as at home. Furthermore, social sites like Twitter and Facebook create the misconception of acquaintance and affection on the Internet, people may, for this reason, be inclined to share information that their employer would have wished to keep reserved. Even though people may not be divulging trade secrets, but the collective effect of small details can help a business’s opponents gain valuable insights about that company’s current situation and future plans.
Why do your company need a social media strategy?
To effectively control social media use by both employees and enterprises, a well-documented strategy needs to be developed, with the input of all the relevant stakeholders. This includes the business management, the human resources, officials entitled for risk management, and the legal representation.
An approach of this perspective is holistically integrating emerging technologies into the business to help ensure risks are considered with the view of the broader business objectives. A strategy to address the social media risks should focus primarily on user behavior, with the development of policies and support for training and awareness programs which cover individual use in the workplace, individual use out of the workplace, and business/enterprise use.
Proper education and training are imperative, and the vulnerabilities of social media usage should be well apprised to every employee. Organizations can also consider a standard “Social Media Safety 101” class as a good starting point. Consequently, compact and all-inclusive social networking policies should be put in place, and enforced through continuous monitoring leveraging intelligence tools like sentiment analysis, for monitoring real-time posts. In addition, proactive, continuous monitoring is highly essential for success.
Bunde Collins – digital forensics analyst, Cyber security enthusiast, OSINT and ML researcher and an IBM security blogger .