Learn how to secure social media applications for your business.
In the wake of the pandemic, a new category of applications emerged, creating new challenges for companies. At Cerby, we call them unmanageable applications because they don’t support common industry security standards like single sign-on. A great example is social media applications like Facebook, Twitter, Instagram, and TikTok, but unmanageable applications cut across all categories.
Despite the lack of support for enterprise-grade authentication, many organizations still use social media applications because they often create new business opportunities. A solid social media presence helps organizations increase brand awareness, cultivate loyal customer communities, and generate new sales. However, unmanageable applications, social media apps included, can introduce significant security risks into an organization, from cyberattacks and regulatory compliance costs to reputational damages.
Securing social media is essential for businesses
For attackers searching for the lowest common denominator, social media applications quickly became too tempting to ignore. According to the 2022 threat trends and intelligence report from Agari and Phishlabs, social media attacks increased by more than 100% over the past year. Attacks on social media are widespread because they often exploit the same opportunities social media applications create for organizations. For example, increased brand presence and business-to-consumer interactions are big bonuses for businesses, but they also make social media the ideal environment for spreading sensitive or false information.
Organizations can take several steps to secure social media applications better. We highly recommend that all organizations take the following five steps while also understanding that these steps alone won’t be enough to completely protect your organization from the risks associated with social media applications.
Five steps for securing social media applications
Here are five steps every organization should take to secure social media applications:
- Inventory your social media footprint: List all your organization's social media applications and close unauthorized or inactive accounts.
- Review third-party applications: Check which applications can access your social media accounts and remove any you’re no longer using, e.g., Sprout Social, Loomly, etc.
- Set strong passwords and enable 2FA: Set strong, unique passwords for each account and update them regularly; enable 2FA and ensure it stays enabled.
- Use unique email addresses: Make a new email address for each social media account, so if the credentials are compromised, attackers can’t access all your emails or farm your data.
- Regularly review access: Create a sustainable process for reviewing access to social media accounts, including rotating passwords, verifying user activity, and identifying third-party apps.
Why securing social media applications isn’t enough
Although partially effective, teams must execute the above steps manually. Most of the time, this means more work for IT, security, and marketing departments. Under pressure to crack down on cybersecurity risks, many employers try to eliminate social media threats at the source by banning or blocking applications altogether.
Understandably, non-security employees resist these decisions and, in some cases, may rebel against them. Our research found that 92% of employees and managers want complete control over the applications they use for work, and 51% of employees would continue using an application, even if blocked by their employer.
When employees use applications without permission from employers, they often assume the responsibility of securing them, even if they’re ill-equipped to do so. Our research found that 42% of employees are responsible for managing their passwords, and few use a consistent method.
A look at common approaches to password management
To better understand why most common practices for password management fall short in the face of social media applications, let’s take a closer look at some of the pros and cons of typical methods:
Sticky notes or passwords printed on paper
- Cheap (positive)
- Secure when stored appropriately (positive)
- Not secure from a physical security perspective (negative)
- Difficult to share with agencies (negative)
Collaboration platforms (i.e., Slack or SharePoint)
- Convenient (positive)
- Easy to use (positive)
- Anyone with access can see passwords (negative)
- Doesn’t help with 2FA (negative)
Spreadsheets (i.e., Google Sheets or Microsoft 365 Excel)
- Easy to share access (positive)
- Can be secured using 2FA (positive)
- Anyone with access can see passwords (negative)
- Hard to organize and keep track of who has seen the password (negative)
Enterprise password managers (i.e., LastPass, Dashlane, or 1Password)
- Considered one of the most secure methods (positive)
- Only need to remember one password (positive)
- Difficult to scale (negative)
- Hard for multiple users to access without disabling 2FA (negative)
- Recent vendor breaches (negative)
- Not connected to the organization's identity provider (negative)
Privileged identity management (PIM) or privileged access management (PAM) tools (i.e., JumpCloud, CyberArk, or BeyondTrust)
- Mature technology with strong access controls in place (positive)
- Offer widespread integrations for existing security tools (positive)
- Not always user-friendly (negative)
- Doesn’t often integrate with social media platforms (negative)
Although each of the above methods has merits, none offers a complete solution for unmanageable applications. Organizations should consider new approaches for managing social media applications–one that brings employees and users into the fold and leverages automation to handle tedious but important security tasks like setting strong passwords, enabling and enforcing 2FA, and securely managing access to shared accounts.
If this is a challenge for your organization, you can learn more about how Cerby can help your company secure its social media accounts with a new, automated approach.
