MOST COMMON WAYS CYBER CRIMINALS ATTACK BUSINESS SOCIAL MEDIA ACCOUNTS CUM PREVENTIVE MEASURES

About 95% of business enterprise and large organizations today have a sizable presence on social media, including Twitter, Facebook and LinkedIn, among others. While social networks can enhance customer engagement and strengthen the company's brand in the marketplace, opportunistic attackers looking to embarrass an enterprise, tarnish its brand, tap from her resources or make a statement to the world have no better avenue than compromising corporate social media accounts.

Here are the most common ways in which attackers compromise social media accounts, and measures enterprises should take to ensure they don't fall prey.

Secure social media management

Using social engineering in phishing emails means an attacker doesn't have to circumvent network perimeter defenses, rather they only craft a credible and persuasive email that tricks the employee who manages the organization's social media accounts into clicking a malicious link or providing the password to the accounts.

Enterprises and organizations with a large social media following must ensure that those employees responsible for social media accounts receive security awareness training that covers how to recognize and deal with social engineering-based attacks prior to being given access credentials to corporate social media accounts.

This training should explain how social engineers operate and the tactics employees should be on the lookout for. With the proper training, these encounters should become second nature; the employee should know to trash offers that look too good to be true or links requiring login credentials, even if they appear to come from an internal address or partner organization. Simple safeguards such as checking that the sender actually sent an email with an attachment are invaluable. Be sure to keep employees informed of the latest techniques being used in brand hacking attacks such as phishing emails based on breaking news stories, both true and fictitious. Enterprises must also put procedures in place for employees to report unusual emails so that network surveillance can be stepped up and other employees forewarned.

Emerging attacks and security controls

It's important to note that it's not just social media account credentials that need safeguarding. A number of attackers have successfully compromised social media accounts by subverting domain name system (DNS) data. By capturing the login credentials of people authorized to modify DNS records, attackers can redirect tweets, blogs and other traffic to servers they control. Enterprise DNS administrators should take advantage of security features offered by Registrars to control modifications made to their domain.

Twitter itself has also put security controls in place to help prevent hacking across its platform. A recent SEA attack against Twitter was only partially successful as the company had implemented the "Domain Lock" feature which prohibits certain changes to a domain until it is unlocked -- a simple but valuable control.

In addition, two-factor authentication should be introduced for both social media accounts and for those that control important services like DNS. Out-of-band checks such as a security code sent to the user's mobile phone can greatly reduce the chances of a phishing email being enough to gain access to an account. Ideally, dedicated computers should be used to access and update social media content so that additional security checks and controls can be deployed on these systems to monitor for unusual network traffic and keyloggers, which have become another suspected method used by hackers to obtain social media account credentials.

It is critical to draw up an emergency response plan to reduce the impact of a social media account breach, should one occur. It is important that website administrators know which modules or components within a site provide social media content so that they can be quickly disabled should the need arise. This will also help prevent the need for an entire site to be taken offline.

While social media is a great way for enterprises to interact with their customers and strengthen their reputation, companies that want to maintain trust in their brand must put forth the extra effort required to stop them from falling prey to brand hacks and social attacks.