Is Social Media an attack vector for businesses?

Next story
Mark James

Mark James, ESET IT Security Specialist, looks at Social Media as a potential attack vector for businesses large and small.  

There is no denying how social media has become an integral part of our everyday life, not just in a personal aspect but more than ever businesses are realising the potential of having an active social media presence and the rewards (along with some headaches) it can bring.

Everyone likes up-to-the-minute news, promotions and information delivered to their device of choice wherever that may be, but as with any technology it has its risks.

They require a degree of trust to ensure that anything posted is correct and suitable for the company’s name to go alongside it.

If the social media account were to be compromised then all manner of damage may be posted on their behalf, this is one of “those” instances where you have to be airing on the side of caution.

Ensure your passwords are complex, unique, secure and changed on a regular basis, I know it’s something that’s always talked about in this industry but password lapses will be one of the easiest for someone to compromise your account.

Many social media companies provide notifications when you log in from different locations, most of the time your posting is probably done from the a location that never changes so getting an email or alert when suspicious activity is detected could be an early heads-up that something is wrong.

In some cases you may be able to utilise two-factor (2FA) or multifactor authentication to protect those accounts and this should be something to consider.

If you do use social media on the move for your SME then you should have some kind of policy or guidelines about using public, free or untrusted networks, these could led to your internet traffic being compromised or hijacked.

We should also be very mindful about phishing or scam attempts at gaining our login credentials. Emails or links may seem very authentic and it’s easier than you think to be duped.

With the right knowledge and training staff can become a valued security advocate for the company and not the weakest link.


Do you use your company name within your social media, and do you think it is safe to do so? Let us know on Twitter @ESETUK.


Join the ESET UK LinkedIn Group and stay up to date with the blog. If you are interested in seeing where ESET has been featured in the news then check out our ‘In the news’ section.