The Risks Of Social Media

As digital transformation continues to accelerate — living in a digital world as a means to work, communicate, purchase products, conduct research and be entertained — our lives are moving into an almost fully digital space. This allows for easier social engineering attacks, selling of personal information, impersonation and general fraud.

For both corporate entities and private individuals there are five key types of social media threats:

Fraud: An incident designed to deceptively deny a right to a victim or provide illegal gain, including the unauthorized sale of account credentials; exposure of banking details; providing access to tools designed to commit fraud; and other financial threats.
Impersonation: An incident including a purposeful spoof of a corporate brand, individual, executive or employee with intent to sway opinion or fool victims into performing an action.
Cyber threat: An incident that includes an intentional cyber risk to the targeted victim, such as hacking.
Data leak: A leak or unauthorised share of proprietary or sensitive data such as login credentials, corporate documents or source code.
Physical threat: A physical threat of harm specifically directed toward an employee, a physical location or an event.

To combat the growing risks, there is an urgent need for security teams to closely monitor and manage social media activity. Here are some standard rules that employees should follow:

• Do not click on links in posts, tweets or direct messages unless you are 100% certain that they are genuine and well-intentioned.
• Recognise threats of financial issues or offers that seem too good to be true.
• If in doubt, call the number of the organisation or individual from whom the post or tweet – to check its authenticity.
• Know that even if the post or tweet seems to come from someone you trust, their account may have been hacked or spoofed.

Additionally, implement procedures to protect against threats likely to grow in future:

Concentrate on phishing security awareness: In most cases, phishing attempts require some kind of user action or response to succeed, so make users aware of the tactics used by scammers.
Employ professionals: Use experts dedicated to the detection of these threats. Active monitoring is necessary, and emails should be flagged if they reference, impersonate or replicate a brand’s content, logo or images.
Empower your employees: Encourage employees to take proactive participation in organisation-wide training .
Protect your accounts: Always use a company email address to create social media accounts and have at least two “admins” on each account. Additionally, each company should employ standard password protocols.

To learn more about how your organisation is vulnerable to cyber threats or for details on how to mitigate cyber risk and safeguard your workforce; contact us at

Sign up to our security newsletter

* indicates required