Last month I examined whether social media has dispensed with privacy. Since influencers in the social spaces suggest that success in new media increasingly will be enhanced by your willingness to extend your personality into the Great Wide Open, privacy probably has been disrupted – as the social thought leaders are wont to say – forever.
If there is a flip side to privacy, it’s security. Even the casual participant in social streams has probably experienced Twitter accounts that have been hacked, which often then send Direct Message (DM) spam with colorful messages or alarming warnings coupled with links that invariably lead to adult content or sites that install malware code on your computer ever-so-quietly in the background. Early on I tried to help by notifying hacked Twitter account owners to change their passwords. Some thanked me, some never replied. Today I just delete the DMs from my streams or delete the friend altogether if the account owner can’t take control. And attacks don’t have to come from DM spam. Legitimate blogs and websites get hacked, malware code is inserted and unsuspecting visitors are compromised.
Such cybercrime is more than an annoyance. It can be costly to your business, your clients or your entire organization, from a few thousand to millions of dollars in lost time, data and equipment. Time, money and reputation are at stake. Infonetics Research studies show that organizations lose from 0.5 percent to 2.5 percent of revenue due to security-related downtime. And you’re on the financial hook as well, especially if you fall prey to the insidious and very common “ransomeware” attack.
The exponential growth of social channels has created a lucrative business for network security solutions providers. But it’s more than about protecting individual devices such as computers, tablets and smartphones. Your social brand is now under constant attack. On the corporate side, businesses spend huge sums on hardware appliances and software designed to protect networks from DDoS and DoS attacks launched by tens of thousands of infected systems converted into “zombie bots.” They are ordered to attack businesses and organizations for any number of reasons, including political, criminal, financial, anti-competitive and state-sponsored assaults. The source can also be an unhappy current or former employee serving up a harsh dollop of digital revenge.
While network administrators protect businesses and ISPs from massive attacks via sophisticated technology fortifications, as a social media marketer it’s largely up to you to protect your social brand or the social accounts you manage for your company or your clients. The simple question to ask is can you afford to lose all the work and effort you’ve put into building a prosperous social business channel on Facebook, Twitter, Google Plus, YouTube or Pinterest because of a lax security?
For example, someone hacks into your well-established Facebook account, compromises your password and then goes after everyone in your list of friends. The fix is simple, right? Just pick up the phone, call Facebook and get things straightened out. After all, there’s surely plenty of Likable people to help amongst the thousands of Facebook employees at the Menlo Park, Calif. campus. Respected author, blogger and Internet influencer/veteran Shel Israel probably doesn’t think so. If you want to know what will probably happen if your Facebook account is hacked, you should immediately click this link and sober up to the thin social ice on which we all tread. Shel’s tale of woe should be a wake-up call for any company or organization: if your account turns into a zomboid on steroids, it’s more than The End of Business As Usual. It’s the end. In an earlier post this year, blog colleague and security expert Christopher Budd cited Facebook as “a high value target” for cyber hijackers, and offered advice on how to shore up your account defenses.
Few of us have the connections to get an audience with a Facebook security specialist. Even when Shel Israel did have a meeting of the minds, it’s not clear that Facebook did anything more than listen and shrug its shoulders. The fact of the matter is that unless Facebook or any social network is financially impacted (read: the board of directors or shareholders punch some buttons), the security and preservation of your social media accounts are totally up to you. As Shel noted in his Forbes post: “The keepers of global neighborhoods such as Facebook just aren’t eager to jump up and protect us. They don’t seem eager to use online forensic tools to track down the bad guys and throw them in the slammer.”
There’s a definite trend here, and it’s probably going to get worse. As you expand your social presence for business applications, cyberthugs will exploit the very qualities that are keys to social business success: your desire for openness, transparency and accessibility. Hackers ripped off 6 million LinkedIn passwords just because they could. Mark Zuckerberg’s Facebook page was commandeered because Facebook, the biggest kid on the block, didn’t employ security protocols that had been around long before the Zuck left Harvard.
So when it comes to security, you probably will not be able to turn to your social channel to help unravel an account mess. In other words, you are pretty much on your own. Christopher Budd outlined a variety of steps you can take to recover from a hijacked social media account. After personally experiencing a series of attacks from compromised blog sites and social channels, one of which resulted in a total system meltdown requiring a re-install, I created my own short list of protective steps to fight this growing trend:
1) It’s not enough to have an anti-virus program. You have to have a malware protection program as well. And, by the way, Macs are no longer immune. When Macs held a low percentage of market share, cybercriminals needing to infect tens of thousands of computers looked to Windows PCs. Now there are Macs everywhere, and the hackers know it. I have used ESET’s anti-virus program for years. Is it perfect? No. It has missed several malware attacks that occurred when I visited a hacked website that surreptitiously infected my computer. Looking for a free anti-virus alternative, try AVG Free. I also use the free Malwarebytes program, which focuses exclusively on malware rather than viruses. I recently opted to purchase the Pro version of Malwarebytes, which enables the software to operate in real-time like an anti-virus program. Not sure which program to use, try free online file checking utilities such as VirusTotal or VirSCAN, which will test a suspicious file against dozens of the most popular anti-virus and anti-malware programs.
2) The latest trend in account protection is two-factor authentication. If you have a Google account, you’ve probably been offered to convert your login security to its 2-step verification process. Though I agree using two-part authentication can be annoying at times, for the time being it is considered the best approach for protecting your social accounts from intruders. If a social platform or tool offers it, add the extra layer of protection.
3) Link-shortening systems revolutionized social engagement by reducing content curation text clutter in posts and status updates. The problem is any shortened link is like a box of chocolates – you never know what you are going to get. Why take chances? If you’re just not sure about a shortened link in a Tweet or an email, check it out with any number of handy link-revealing apps such as Unshorten.it (which features a site trustworthiness rating), Unshorten or UrlReveal. You’ll also find bookmarklets and URL revealer extensions for Firefox and Chrome.
4) Still not sure about a link or file sent to you in an email, or a URL in a DM. Want to open it without risk? Instead of recycling an old PC or notebook, set up your own testbed computer. Restore it to the factory default installation, load up on anti-virus and anti-malware software, and test away. If the file or link leads to unwanted results, just do another factory restore. Alternatively, you could use a program such as Acronis True Image to create a backup “mirror” copy of a testbed computer already loaded with apps, and restore from the mirror image when needed. For a wonkier approach, you can create a temporary virtual machine for testing, but I still prefer to assign the risk to a stand-alone, non-critical device that can implode with no worries.
5) Backup your crown jewels. By now you should have a backup strategy for your computing devices. Backup to a local server or USB hard drive is good, but double up with a backup to the cloud, via any number of services such as Carbonite, Dropbox, Google Drive, iDrive, Mozy and others. You’re not done yet. What about your blog, your website or sites you manage for a company or clients? There are plenty of free and paid backup plugins and options for WordPress and other platforms. I’ve used BackupBuddy from iThemes, restoring entire sites (including all data) with ease.
Do you feel more or less secure today than a few years ago? With increasing reports of hijacked Twitter, Facebook and other social accounts, do you think it’s time to beef up on your social business security?