As we begin a new year, it’s time to make sure your organization is prepared to protect itself against the latest digital and social media threats. Do you know what to watch out for? Are you ready for a social media hack? Do you have a plan? Do you know the right people in your organization to coordinate with in the event of an incident? Are your policies and procedures up-to-date?
According to Proofpoint data, the top four digital and social media threats in 2018 include:
- Angler phishing – fraudulent customer care responses on social media that phish unsuspecting customers of their username and password credentials. This social engineering threat continues to find success with a 70% increase in social media phishing links from April-to-June 2017 and a 200% increase in fake customer-support accounts in just the past year.
- Domain fraud – registration of spoofed branded domains by cyber criminals looking to phish unsuspecting customers of their username and password credentials. There was a 100% increase in suspicious-vs-brand-owned domains from 2016-to-2017, and a 200% increase in lookalike domain attacks from Q1-to-Q2 2017.
- Compliance-related social account sprawl and profile monitoring – supervisory challenges in monitoring digital footprint and keeping track of brokers and advisors who need to adhere to regulatory requirements on social media. On average, there are 10 social media accounts per brand, mostly comprised of multiple Twitter, Facebook, and LinkedIn accounts and we’ve seen 1,000 different profile changes per year from Proofpoint customers – 10 changes per day, including apps added, profile pictures changed, admins added, etc.
- Protecting key people, executives and places – Assessing and monitoring the risk and safety of key executives on social media and the dark web. This has become even more important with the increased presence of executives on social media and the adoption of employee advocacy programs by companies.
Six ways to prepare and protect your organization against these threats:
- Review and update your digital and social media risk management strategy and governance, including policies, processes and programs to specifically address the growing number and types of threats. Have a clearly defined plan that addresses these threats, with specified roles and workflows in place. Make sure these are all clearly communicated to the key stakeholders across the organization.
- Think comprehensively. As the number and types of risks continue to expand, the responsibility for managing digital and social media risks extends well beyond the IT department. Make sure you are partnering effectively across your organization. Your strategy planning, governance and workflows should include not only the office of the CIO, CISO and any other key information security team members, but also social media team, internal communications team, marketing and communications teams, PR / corporate affairs, privacy, compliance and HR -- especially in the case of an employee social media account hack.
Develop a comprehensive approach to risk management to address new threats coming from digital, social media, and mobile and collaborating and communicate across departments and functions are critical to protecting your organization against emerging digital and social media risks.
- Ensure that your employee social media policy and training is up-to-date and includes instructions about how to secure both branded and employee accounts. Include instruction on how social media hacks like phishing attacks happen, password best practices, etc. to best protect social media accounts. Develop employee communications, training and enablement programs to help employees better understand, identify and manage these new risks, and make social media training for employees a priority, including it as part of the new employee onboarding process.
- Monitor social media and make sure that everyone who is responsible for social media monitoring is aware of what to look for, and the plans and workflow in the case of an attack.
- If you experience a social media hack, file a customer support request with the affected social media channel, and contact your account representative at the affected social media channel(s) to escalate the support request. Instruct the representative or support team at the affected social network(s) to delete any unauthorized posts and temporarily disable the account until it is safely back under your control.
- Partner with a technology vendor. Tools and technologies can proactively protect these accounts and alert you to potential hacks. Deploy these technologies to proactively identify and manage advanced attacks delivered via email, social media and mobile apps.
By following these tips and best practices, you’ll be better prepared to protect your organization against phishing and a hacking incident, and if an incident happens, how to handle it and who to partner with to handle it quickly. Best wishes for a secure new year!
To hear more about these tips in detail, listen to our webinar recording: https://go.proofpoint.com/2018-Digital-Risk-Forecast-Webinar.html