Attacks on businesses through social media are becoming more common. In 2010, Nestle’s sourcing of palm oil was attacked by Greenpeace through social media. Since then it is not unusual for businesses to be attacked through social media by persons of malicious intent who seek to damage or blackmail an organisation.
In any business, the marketing manager has the responsibility of producing a sustainable flow of profitable income for the long-term future of the organisation. Amongst the many aspects that effect modern business, the risks and threats posed by social media and computer communications have potential to do serious damage. Thus it is increasingly important that the marketing manager, as well as other senior managers have a policy and plan for dealing with any problem caused by social media or a breach of computer security.
Social media can very quickly become extremely damaging, when manipulated by those with malicious intent. Recent IT attacks originating in Ukraine have spread rapidly across Europe and beyond, affecting both government departments and commercial businesses. Companies find themselves facing attacks not only against their IT systems but also against their operations from social media.
Businesses are increasingly represented on social media because it has proved revolutionary for launching advertising and promotional campaigns and is an ideal way to interact with customers, clients and prospects. However, it is just as easy for the attacker to use an organisation’s hashtags as a means to target the organisation, its employees and customers. Social media provides an ideal platform for attackers to launch highly effective technical or behavioural attacks, for the purpose of phishing, malicious impersonations or malware, because of the trusted nature of social networks. Attackers can distribute malicious links to amplify their message to their target audience, hijacking legitimate internet traffic, and distributing malware on an organisation’s hashtags.
The principal targets for attacks are an organisation’s publicly facing accounts. If an attacker gains control of an account, they can do serious damage, be it slander, malware or phishing. By planting malicious links where users are interacting, discussing and sharing, attacks can spread organically and touch a wide array of potential victims.
Social media provides an ideal platform for attackers to launch attacks, for the purpose of phishing, malicious impersonations or malware, because of the trusted nature of social networks.
Malicious attackers often target an organisation’s customers by posing as customer support or providing fake offers, so that it is difficult for the average user to distinguish between a coupon and a phishing or malware link. These actions undermine trust in the organisation and can result in the loss of previously loyal customers.
Corporate and executive impersonations also operate in social media. Here a well-made account can send phishing links and malware to associates, slandering the company, as well as scamming customers or employees. While businesses may be well aware of the dangers of external attacks via IT or social media, it is often the case that the real threat comes from within, where errors and misjudgements on the part of employees create vulnerabilities that are open to malicious exploitation.
How to respond
Having outlined the potential threats from social media, there are a number of things that the marketing manager should do.
- Recognise that the security of the computer systems is not the sole responsibility of the IT manager. Security of customer and commercial data is the responsibility of the marketing manager.
- Train and empower staff to identify and resolve problems before they escalate to online channels, with regular refresher training.
- Organisations need to be watching social media for unauthorised usage of their logo, verbiage and brand when assessing all types of social media threats.
- Have a social media policy to clearly outline guidelines for employee conduct and stressing the importance of responsiveness, respect and integrity in all communications. Include a crisis management component that identifies responsibilities and communication channels.
- Protect social accounts like any other high-value asset. Two factor authentication and robust passwords are critical first steps, but organisations need to be actively monitoring their own accounts for indicators of compromise.
- Prevent hacking by creating strong passwords, maintaining different passwords for each social network, and changing them regularly. Limit admin rights to administrators and senior managers.
- When an employee leaves, ensure that all admin rights are withdrawn promptly.
- Use alerts and monitoring tools to keep track of mentions, and conduct periodic reputation audits by searching your company or brand name.
- If there are complaints about staff or policies, don’t wait for things to escalate to resolve the problem. If the problem cannot be resolved satisfactorily, be transparent with customers and compensate generously when performance fails customer expectations.
- Publish a response to a complaint, to explain what happened, and how it is being rectified. Post it to your website, blog or wherever you’re receiving the brunt of criticism, and direct inquiries there.
Social media and computer hacking exploits any errors made by employees, which can cause serious problems. Marketing managers, while exploiting the potential of social media to benefit the business, must ensure that employees are trained to understand and avoid its potential dangers, and to have a policy for dealing with attacks from social media and computer security.
Social media is now firmly a part of the business equation, thus the marketing manager must take it seriously and regard it as a potential resource, but one over which they have limited control or influence.