How to Secure Business Social Media Accounts

Time to read
3 minutes
Read so far

How to Secure Business Social Media Accounts

Posted in:
A phone with Facebook open sitting next to a laptop on a table.

Although social media is one of the best marketing tools, it is also a massive target for cyberattacks and scams. Unfortunately, its popularity entices bad actors. Whether companies use an account to post news, network or market products, they must ensure it doesn’t fall into the wrong hands. What can business leaders and information technology (IT) teams do?

Cybercriminals Use Social Media as an Attack Vector

Since so many businesses use social media as a marketing tool, attackers view it as a lucrative attack vector — and they’re not wrong. In 2021, approximately 34% of companies experienced 11-50 social media attacks. Another 17% reported 50 or more. While not every attempt is successful, many are. They often result in reputational damage and financial losses.

Phishing is one of the most common methods cybercriminals leverage because it’s relatively innocuous and easy to set up. When they reach out, their goal is to get the account holder to click a malicious link, visit a fake website or give up their login credentials so they can take over. Once they have control, they can make demands. 

In a brute force attack, a hacker — more likely a bot than a human — attempts all possible combinations until it gets the password correct. It takes time but is typically effective since people use recognizable text strings like names, dates and words. 

Session hijacking isn’t as common, but it can happen if a professional logs into a company’s social media account on unsecured public internet. A hacker can stealthily monitor their online activity, including what they type and what websites they visit, meaning they’re essentially handing over their login credentials and passwords.

Evil twin attacks are similar. Here, a malicious public Wi-Fi access point is made to look legitimate to trick users into connecting to it. The cybercriminal must be nearby for it to work, but can easily blend in when in a busy space. There’s about a 50% chance their target will use it since they can jam the others’ signals or name their connection the same as the original. 

Common Social Media Scams That Target Businesses

As if cyberattacks weren’t enough, scams are also prevalent on social media. They often leverage phishing or social engineering tactics to trick or scare people into acting urgently. They’re more likely to get money, account access, login credentials or sensitive information if the victim doesn’t think twice about what’s happening. 

Scammers often pose as the official customer service, security or support for whatever social media site their target uses. They may say they’ve detected a suspicious login attempt or spin an elaborate story about a survey. Either way, their goal is to obtain credentials, one-time passcodes and answers to security questions to hijack the profile. They often ask for a massive ransom in exchange for returning access. 

Fraudulent search engine optimization scams follow a similar pattern — the attacker wants their victim to have some level of instinctive trust in them as an expert or authority figure. They promise to boost organic traffic and average session duration, but the result is the same as the other con. 

In a bad news scam, business owners receive a comment saying something like, “Hey, is this you?” They may claim to have seen counterfeit merchandise, heard an unflattering rumor or spotted an alarmingly negative review. In their rush to see what’s gone wrong and make it right, the individual doesn’t stop to realize the link the commenter left is malicious. 

Meta Platforms Inc. has the most popular attack vectors in the United States. According to the Federal Trade Commission, 94% of scam victims identified Instagram or Facebook as the platform they were on when they were targeted in 2020. That said, scammers are constantly evolving, meaning businesses should also be wary of apps like TikTok, LinkedIn and Twitter.

Best Practices to Secure Business Social Media Accounts

Whether an attacker reaches out with fraudulent promises of financial relief, impersonates a business partner or launches a covert cyberattack, their target’s social media profile is at risk. IT professionals must take the initiative to secure their online presence against these threats.

1. Create Strong Passwords 

A password is the first — and most common — line of defense online. Creating one that’s strong enough to withstand brute force attacks is exceedingly simple. It should contain at least 12 special characters, numbers and symbols, using a combination of uppercase and lowercase letters. Recognizable strings of text like words, phrases, dates and names should be avoided. 

2. Use Multifactor Authentication

Multifactor authentication requires users to confirm their login on a secondary device — usually a smartphone — before giving them access. This way, even if bad actors get legitimate credentials, their attempts fail. Even better, the subsequent confirmation pop-up informs the legitimate account holder someone is attempting to hijack their profile.

3. Prohibit Personal Devices 

A business owner doesn’t know what bad online habits their employees have. Do they click on banner ads? Have they gotten used to using public Wi-Fi? Do they readily accept friend requests without knowing the person? These seemingly insignificant behaviors make them more susceptible to cyberattacks and scams. For this reason, managers should prohibit personal devices from being used for work purposes. 

4. Set up Account Permissions

IT professionals and management should collaborate to set up account permissions. Restricting what content creators, moderators, business leaders and marketers can view, edit or interact with can help prevent attacks and deter attackers.

5. Conduct Regular Employee Training 

Raising awareness about the variety and frequency of social media scams can help staff avoid them. They should be taught to only connect to private Wi-Fi, change their passwords regularly and never click on random links. Training should be periodic since employees forget roughly 50% of what they learn within a few days of the initial session. 

Securing Social Media Accounts Takes Time and Effort

Even if IT professionals leverage authentication and security tools, they must still monitor their company's social media profiles. After all, bad actors often take advantage of complacency and strike when least expected. Teams should use monitoring technologies and set up a login alert system to be safe.