When compared to many other security challenges facing the enterprise today, social media security can seem relatively minor and relatively safe to neglect, both for IT decision-makers and VARs. But that isn't the case. Facebook, Twitter, and LinkedIn visits might not take up much of an average employee's workday, but one mistake on a social media site can spiral into security disaster. VARs that know how to convey social media's risks (and the ways to reduce them) are well positioned to guide their customers towards better social media security and peace of mind. Here are some key points to know.
1. Social media is everywhere.
Unless an organization blocks corporate network and device access to social media sites, it can be comfortably assumed that at least some (more likely many) of the organization's employees are browsing social media during the workday. This is compounded by the introduction of mobility and BYOD to the workplace. Employees are far more likely to use social media on mobile devices than on computers and, in fact, use social media apps the most at the office, according to a Reality Mine study. What this means for social media security is simple: More attack surfaces for viruses, malware, scammers, and cybercriminals to exploit. VARs should clearly communicate this. Having network activity logs on hand to illustrate how prevalent social media use is at the organization may help, too.
2. Social media is a security minefield.
The fact that widespread social media use and widespread mobile use create more attack surfaces with more vulnerabilities has not escaped cybercriminals. More and more malicious code is being aimed at mobile platforms, which are less likely to be protected by antivirus and malware detection programs than laptop and desktop computers. The average enterprise end user on a social media site is at risk of clicking links that lead to virus and malware downloads. If a compromised device connects to the corporate network, the malicious software can spread. Malware doesn't just take down a few devices here and there, either. It can open the door to major data breaches. And that's not the only social media security risk. Users may find themselves targeted by phishing and spearphishing attacks, through which scammers can learn corporate access credentials and use those credentials to steal sensitive or proprietary enterprise data. VARs should use these facts to ensure that customers do not underestimate the risks of neglecting social media security.
3. Social media can't be avoided.
When faced with facts like these, however, the temptation may be to run away at full speed by blocking access to social media site domains. Unfortunately, this option is growing less and less viable for most organizations. Personal Internet use at the workplace can improve productivity, according to Dashburst. Dashburst also reports that tightening social media restrictions may have a demotivating effect or cause employees to attempt to get around the restrictions. As with other end user efforts to circumvent IT policies—think shadow IT and the adoption of questionably secured consumer-facing cloud apps in place of IT-approved solutions—this may lead to even more serious social media security risks. At the very least, it could result in a loss of productivity or engagement. And a small but growing number of workers considers workplace social media prohibitions a valid reason to turn down or terminate employment at an organization.
When customers suggest simply blocking social media sites, VARs should redirect them to technologies and practices that can improve social media security without disrupting employee activities. Mobile Device Management (MDM) or Enterprise Mobility Management (EMM) solutions can help keep corporate and BYOD devices correctly configured and protected against viruses and malware, while end user education can help employees learn safer social media browsing behaviors. For VARs, the problems of social media security can create significant opportunities.
What do you think VARs need to know about social media security? Tell us in the comments.