On the other hand, hackers are becoming more sophisticated and more organised. They can essentially compromise any system that lacks proper security — making them easy targets. Hackers use multiple methods of intrusion including dictionary attacks, social engineering, software, or social media applications. The use of Twitter and Facebook accounts introduce additional risks, as these platforms may provide hackers with access to valuable data such as passwords, APIs, or other sensitive information.
Mitigating the risk of social media breaches
Social media management systems are often adopted by organisations to manage social media accounts, but these solutions are built as management tools and lack a focus on security. In order to properly secure and protect social media accounts, they should be viewed as privileged accounts and best practices for privileged account security must be employed to mitigate the risk of compromise.
Here are some of the ways privileged account security can be strengthened.
- Store credentials securely. Protect social media credentials from being stolen by storing passwords for the accounts in a secure place, and not leave it lying around in a notepad or on an Excel sheet. This will reduce the ability of hacker organisations to take over social media accounts.
- Enable transparent access. Allow authorised users to seamlessly authenticate to the account without knowing their passwords, making it difficult for hackers to discover and steal credentials. Utilising an agent-less technology securely exchanges passwords without requiring an agent on the cloud applications.
- Eliminate the need for shared credentials. Storing passwords in a digital vault that requires users to login individually for access instead of sharing one password among many eliminates the accountability challenges that shared credentials have.
- Change passwords on a regular basis. Passwords can be changed as frequently as after every use, and this process should preferably be automated. Regularly updating passwords reduces the chance of an outsider stealing and using a valid credential.
- Track and record every social media session and activity. Create a record of activity on social media accounts to trace all posts directly back to an individual authorised user. This helps identify weak areas of security and identifies rogue employees that may be posting damaging content. Recording social media account sessions, provide further proof and an audit trail of exactly who did what within an account.
The threat to social media is real, it is evolving, and the risk is increasing. Preventing account takeovers through shared privileged accounts is imperative and necessary. Privileged Account Security plays a critical role in protecting access to social media accounts thereby preventing embarrassing incidents that can result in brand damage.
Sign up for CIO Asia eNewsletters.