Social Media Security and Elections
Social media impact on the U.S. politics
Social media platforms used by popular U.S. political leaders often lack the security controls necessary to prevent disinformation campaigns. U.S. politicians have grown their social presence over the last few presidential elections following a general trend away from mass media, and nation-states have taken notice.
Most of the attention dedicated to security in social media networks focuses on the companies running them. But what about the users, particularly political leaders with huge followings? What can they do to secure their social media accounts?
In this threat briefing, the research team at Cerby set out to evaluate some of the biggest platforms in terms of the security controls they offer their users. Researchers evaluated five prominent social media platforms across critical areas, such as two-factor authentication (2FA), enterprise readiness, and privacy. The research zeroes in on a critical balance: social media platforms' security and privacy options extend to their users and users taking advantage of them.
Using a scale of 0 to 5 for each category (with 5 being the highest possible rating), Facebook took the top prize with an overall score of 3.34. Twitter came in second at 2.75. The third spot was Instagram with 2.68, followed by TikTok at 2.00, and Reddit at 1.95. Based on the findings, researchers at Cerby are not recommending politicians stop using these platforms but focus their efforts on mature platforms scoring at least 2.6 or higher. Platforms scoring 2.6 or higher, while currently lacking mature support for enterprise-grade authentication like single sign-on (SSO), offer robust security controls for 2FA with support for emerging standards like Fast Identity Online 2 (FIDO2).
Despite their continued growth as the news medium of choice for voters, the U.S. does not have security standards or oversight for social media platforms. Until this changes, politicians and voters should expect a continued assault from nation-states looking to execute disinformation campaigns.
Figure 1. Social Media Platform Security Ranking
What is a political leader to do?
Political leaders must ensure they use solid passwords via a password manager and have the most powerful 2FA method enabled. They should not use SMS-based 2FA as it is easy to exploit and a favorite of attackers. On Facebook and Twitter, this means using something like a YubiKey to take advantage of the ultra-secure emerging FIDO2 standard. On platforms like TikTok, unfortunately, they are relegated to email-based 2FA or, worse yet, SMS-based 2FA, which is very susceptible to SIM-based attacks.
Political leaders with IT staffer support and SSO providers available (for example, Okta and Azure Active Directory) should consider emerging options that allow connecting social media platforms, such as those reviewed in this brief, even if they lack native support.
Researchers note that a delicate balance exists between too little and too much regulation. In the digital realm of the U.S., free speech online is regulated by Section 230 of the Communications Decency Act, which went into law in 1996. Politicians need to consider updating this regulation to provide security and privacy oversight for social platforms that now dominate the U.S. political landscape.