On social networks, people let their guard down. They take advantage of their lunch break to check the feed, when work is over, and even before bed, as a form of fun and relaxation. On Instagram, Twitter, Facebook, and so many others, the environment is casual. So, the care with the information, consequently, is lower.

And it is these bits of data, left by the social network in photos, stories, location tagging, project celebrations, that can be (and probably will be) used against employees and the companies they work for.

For cybercriminals, social media are reconnaissance tools for designing targets. A tweet about attending a leadership conference can be used in a targeted phishing email with a malicious link. If an email is personalized to the recipient, it increases the likelihood of the intended response (in this case, the click).

When someone neglects privacy settings or publishes personal notes and photos, it leaves cybercriminals free to use the information. This kind of scenario is what we call OSINT - Open-Source Intelligence. The insight gained from processing and analyzing open-source, public information.

Social networks cannot protect your data

In Q4 2012, there were a total of 76 million fake Facebook accounts, while by Q4 2018 that figure had increased fivefold, with a total of 371 million duplicate or fake accounts.

So the first thing we need to accept is that social networks cannot protect their own environments, let alone yours.

So while networks are not responsible for creating completely new cyber threats, they amplify the risk of existing ones. From reconnaissance to brand hijacking and threat coordination, cybercriminals have been using social media to increase the effectiveness of attacks for years.

Of course, social media risk is not only linked to brand and reputation damage. It can also lead to major data breaches, numerous compliance issues, and countless amounts of lost revenue due to fraud and mis-selling.

What does all this mean for your brand?

Security professionals and marketers alike must begin to treat social networks as the security threat they really are. And thus align defense strategies. A specialized information security team can contribute to the plan. Either way, the steps involve identifying the customer's most valuable social assets and touch points, and developing technical capabilities to monitor them for signs of compromise and behavioral abnormalities.

It is also critical to understand your external risk environment and scour networks for cyber threats outside of your direct control - be they doxing attempts, brand impersonations, or physical security threats to your employees or senior executives.

Staying proactive and using monitoring, detection, and response solutions is about minimizing the attack surface of the enterprise. Security professionals can choose a combination of tools that provide a holistic view of the organization's attack surface.

Risk management in social media cannot belong exclusively to one department

Cloud channels touch every department: marketing, sales, commercial, recruiting, management. Therefore, responsibilities across teams must be clearly defined, even before developing a robust strategy to protect people and the company on platforms like Twitter and LinkedIn. Social media risk management is a collaborative effort that must be carefully developed before it is put into action. Teams also need tools that can provide visibility into potential threats, such as detecting bad actors trying to forge social connections and spear-phishing (or whaling) attacks against executives.