To prevent the hacking of social media accounts becoming a regular occurance for small business, the best thing you can do is arm your employees with best practices and guidelines to minimize risks of using social media networks like Twitter, Facebook and LinkedIn. The following ten tips can help you protect your business:
1. Provide easy-to-follow guidelines. Regardless of whether or not social networking is permitted at work, employees need to know what information can be posted about their organization and by whom. Keep the following in mind when creating your organization's social media guidelines:
- To stay within ethical guidelines, remind your employees that they are employed or paid by your company.
- Remind customers to only share personal information via email or personal messages. Let them know where to go for help if they have questions or concerns about sharing confidential information.
- Use resources such as SocialMedia.org to develop your guidelines and to learn more about social media.
2. Define what's confidential. In your business security policy, cover social networking sites such as Facebook, Twitter, LinkedIn, and more in your nondisclosure agreement for confidential business information.
3. Protect the privacy of your data. Adopt the mindset that any information posted online is publicly available. Apart from exercising caution when posting on personal accounts, users should avoid sharing sensitive business information via social media private messages or chats. Doing so can easily lead to data leakage if hacked.
4. Look at your employees differently. Businesses cannot place the blame for social engineering squarely on the shoulders of employees. In many organizations, Facebook, Youtube and Twitter are marketing tools, implemented to attract a wider customer audience. In fact, organizations that do not allow social networking face potential limitations in recruiting the younger and, more connected workforce. Nonetheless, businesses need to teach employees how dangerous over sharing in social networking sites can be. Even if you cannot stop them from sharing information in social media, you can opt to limit the amount of time they spend on these sites while at work to lessen the chances of your company's security perimeter from being breached.
5. Be social but be smart. Only publish and share business information that you feel perfectly comfortable with disseminating widely. Limit the amount of personal information employees can share online as well. Finally, remind employees to avoid clicking suspicious links from people they do not know.
6. Invest in a password manager. There are multiple ways we can help prevent social media accounts from being compromised. A simple first step to take is to use a different password on every service used. You're probably thinking, "Are you kidding me? There's no way I can remember all of these passwords. It's not realistic!" A password manager solves this problem. High-quality password managers on the market today are both easy to use and very affordable. Having one is the probably the second best security investment you can make on your computer outside of a well known, trusted internet security product.
7. Use two-factor authentication. Two-factor authentication (also known as multi-factor authentication) is a method in which you need to provide something you know and something you have in order to log into a service. Considering the fact that one in four reuse passwords, and it's often possible to guess the answers to challenge-based questions, small business should consider protecting their important, business critical systems with some form of two-factor authentication.
8. Set up difficult security questions. In the age of Facebook, using a security question like, "What was your high school hockey team's name?" is a very risky proposition since it's too easy for strangers to find out that kind of information. Go for harder questions whose answers aren't so easily researched.
9. Don't link all of your accounts. You've seen plenty of sites, like Facebook and Twitter, that ask if you want to just use an existing login. Don't! All you need is to have one account hacked and the fallout is every where.
10. Be skeptical online. If it seems too good to be true, it likely is. If you receive a vague or unexpected message from someone you know, pick up the phone and call or text to see if they actually sent you a bizarre link pointing to a party photo. It is everyone's responsibility to be safe online.
Laura Maio is the director of customer solutions at Trend Micro, a global leader in security software, strives to make the world safe for exchanging digital information.