Social Media Marketing

Eddy Willems (UK): How Social Media is Affecting UK Businesses

With social media exploding around the world, it is no wonder businesses are keen to get their brands on platforms like Twitter and Facebook. In the UK, one in five hours spent on the Internet is on social networking sites (source Ofcom – for April 2011), which means businesses have a huge audience ripe and ready to engage with.

But social media can also take on a darker side. Employees will no doubt be on social networking sites – blogging, posting and tweeting away. But what if the content they are publishing includes negative comments about their employer – your company? Or even information about the company that is not in the public domain? Problems can arise concerning branding and messaging, as well as issues over confidential information.

However, companies have a bigger worry. Cyber-crime has also entered the world of social media, with malware now being spread via these social networking sites on a daily basis. The key point to remember when considering social media security is its openness. Businesses and consumers, criminals and victims are all exposed to one another, and are able to communicate at their own free will. Yes, openness has its advantages, but it is also accompanied by risk, primarily concerning the end user. Businesses have had strict email and website restrictions in place for years, but are failing to consider that social media now provides criminals with an alternative route into the heart of their company.

Targattacks (targeted attacks) and spear phishing are techniques used to take advantage of specific end users, and social networking sites are proving to be more than useful to cyber-criminals. Social engineering is one technique cyber-criminals are using to help them ensure these attacks are accurate and effective, and often allows scamsters to get their foot through the door of businesses. In this context, social engineering is when scamsters use social networks to gain information about employees within a company.

With people posting and tweeting personal information constantly, it is easy to find out an employee’s details, as well as common interests which can form a basis for trust. All it takes is a cyber-criminal to send a link via social media to a specific employee with a message that is tailored to their interests, E.g. ‘Check out this incredible video about football’. The victim-in-waiting then clicks on the link, thinking they are going to see some interesting content, but instead downloads malware onto their system. Cyber-criminals can also direct these Targattacks at specific employees’ email, encouraging them to divulge information allowing the criminal onto the company network.

It is worrying for businesses when you consider that one in five users click on all published links when using social media, regardless of who they are from (source: G Data Security Survey 2011). If end users are not educated and security solutions are not in place, it is only a matter of time before any employee falls victim to downloading malware, which has the ability to seize passwords, and subconsciously granting thieves access to company credentials and data.

It is time for businesses to sit up and take social media security seriously. The approach businesses should take is two-fold. First and foremost, companies must utilize technology. An effective business security solution with a built-in http scan should be mandatory, and will help to block any malware that is given access unintentionally by an employee. Another useful technology is a PolicyManager, which blocks unwanted IT behavior by employees, like blocking access to certain platforms.

Secondly, organizations should formally lay out what employees can and cannot do regarding social media with a corporate policy.Clarifying what is and what is not confidential or sensitive information will help to ensure it does not get tweeted or posted. Additionally, educate your employees to ensure they are aware of the risks they run by behaving in a certain way online.

Many Internet users still believe what we like to call ‘Internet myths’. With 54% of users incorrectly assuming that most malware is spread through e-mail and 13% believing the main method is via USB sticks, education is clearly needed to correct people’s perceptions of online safety. Employees need to be made aware that clicking on unknown or suspicious links can be dangerous, and that social media communications can have malware attached, just like e-mails.

Social media is an innovative and exciting way for businesses to interact with each other, as well as with consumers. However, the increasing popularity of such networks means that businesses must be aware of the risks, and ensure they have practical processes in place in order to keep them in business.

By Eddy Willems, Security Evangelist at G Data


« Manu Bonnassie (Middle East): Delivering Regulation in Real-Time: The Data Center in the Spotlight


Alexander Egorov (Russia): Good or Bad News for Startups in Russia? »