Friday’s revelation by the Financial Times that several of its blogs and social media accounts were “compromised by hackers” has highlighted the growing risk of cyber attacks.

While the Syrian Electronic Army, which claimed responsibility for the attack and posted FT emails and passwords on Twitter, is unlikely to be a threat to Australian financial advice businesses, experts say companies face a growing risk of being compromised by social media hacks.

Craig-SearleEDMThis week is National Cyber Security Awareness Week and Craig Searle (right), operations director of BAE Systems Detica, warns that for business users of social media, protecting against hackers and spammers is crucial.

“Organisations risk losing followers and fans if problems are not resolved quickly, and more important, a company’s reputation can be seriously compromised by attacks,” he said.

“The problem is that often companies don’t put as much focus on the security of their social media channels as on other IT systems.”

Risky business

According to Searle, there are three main ways that social media accounts get hacked:

  • using software that submits commonly used words (including number-for-letter and symbol-for-letter substitutions) to guess password and username combinations, trying hundreds of thousands of words in a single attack attempt. It will eventually gain access to accounts, especially if they have predictable or easy-to-guess passwords
  • using phishing techniques by which individuals are tricked into filling in their username and password on a site that looks authentic but is actually just gathering information
  • gaining personal access to the account, either by the user leaving their browser open while logged in, or if a former employee retains the company’s password.

While not a direct form of hacking, look-alike social media accounts are often developed by fraudsters, Seale says. These mimic the branding of official accounts, but the message is vastly different to official company line or can even be used to direct unsuspecting users to malware-infected sites through the use of link-shortening services.

“Social media is a risky environment to operate in,” said Searle. “Twitter and other social media channels tend to be run by communications professionals without any involvement from the IT security department and who may be unaware of the security implications behind the systems.

“Social media professionals should be trained to understand the inherent risks of social media platforms and how to protect and secure these channels.”

Protect yourself

BAE Systems Detica suggests the following tips for businesses to protect their social media channels:

  • Consider all possible risky scenarios. Businesses need to have a clear idea of how they want to use social media and identify what kind of business information should be shared. Before posting content, consider how sensitive the information is in case it is abused.
  • Don’t automatically click on links. Use caution when clicking a link to another page. If an offer in a social post sounds too good to be true, it usually is – don’t just click. This is how cyber thieves can download malware to your system. Social media professionals should be trained to understand the risks involved and know to be cautious when clicking on unidentifiable links.
  • Protect your passwords and privacy. Using the same password on every social network account can easily expose the business to account takeover. Instead, use different and strong passwords for each of the social media accounts and update regularly.

Join the discussion