So the unthinkable has happened: Your customer has suffered from a social media security breach. Now the customer is coming to you with questions on how to handle it and how to overcome it. What do you advise?
Naturally, the first step is to understand the nature of the breach. What happened? Were corporate devices (or BYOD devices connected to the corporate network) infected with malware, perhaps picked up from a risky click on a social media site? Or have employee access credentials been stolen, perhaps due to a successful phishing or spearphishing scam? Neither case is better or worse than the other; catastrophic data breaches can happen both as a result of malware (think of the damage the Backoff malware has caused for Target and Home Depot, among other victims) and as a result of identity theft.
In both cases, the first step to addressing the social media security breach will be through technology. Once discovered, malware must be dealt with using a robust and up-to-date antivirus and malware protection solution. Even if only one or a few devices appear to be infected, all devices should be scanned and cleaned. Additionally, the domain from which the malware originated must be identified and blocked to prevent future downloads. When it comes to guessed or stolen access credentials, meanwhile, the compromised user or users must of course change their passwords immediately. It may be wise, in fact, to require that all users who can access the affected systems change their passwords. A password breach is also an excellent opportunity to beef up password strength requirements.
Next, organizations must work to discover exactly what damage may have been done due to the breach. Here's where user and application activity monitoring solutions can come handy. If they've already been deployed, IT can comb through the logs to identify suspicious behavior, including frequent logins or login attempts, logins at unusual times, and large or otherwise anomalous file downloads or data access. If your customer does not have a robust activity monitoring solution implemented, the task of rooting out what data has been stolen becomes much more difficult but provides an opportunity to educate on the value of such solutions in future.
If any sensitive or confidential data has been stolen or exposed due to the social media security breach, the organization must follow the guidance of its legal counsel as far as disclosure and further legal action.
Finally, social media security breaches almost always illustrate a need for more user education. Among the next steps a compromised organization should take is end user training. If the breach was due to malware, it is time to remind all employees of the dangers of social media links and how to identify and avoid suspicious ones. If the breach was due to phishing or spearphishing scams, on the other hand, employees may need a refresher course in online stranger danger. As mentioned above, account credential compromises also present an opportunity to beef up password strength requirements and to educate end users on the importance of strong passwords. End users should not use the same passwords for their social media accounts as they do for corporate systems, for example, and they should not be allowed to use easily guessed or forced passwords.
Social media security breaches can be alarming, but they are not the end of the world. By taking quick action, an organization can rebound and become safer than before. All that's needed is for the organization and its employees to learn their lesson.
How do you recommend customers handle social media security breaches? Tell us what you think in the comments.