Businesses, employees and their customers rely on social media interactions more than ever since COVID-19 arrived. However, social media usage should raise certain privacy concerns. For most users, it comes down to a level of trust. In other words, users trust that social media platforms will protect and secure their personal information and data. Which, in turn puts the onus on those social media platforms to guarantee that privacy will be protected, yet numerous privacy failures have occurred on these platforms.
Despite that, social media usage is on the rise, at least according to the 2021 Consumer Security Mindset Report from security giant McAfee Corp. The report reveals that U.S. consumers intend to continue using the digital life tools they adopted since the pandemic started, with some 56% stating that they will continue to use digital platforms for social engagements. Other notable trends include consumers reporting they will keep using digital tools, with online banking (61%) and personal shopping (52%) as top use cases.
While social media and digital lifestyle tools may be good for helping businesses garner more consumers and manage employees, there is a dark side to all of those digital interactions. McAfee points out that 68% were concerned that their personal information, such as birth dates or addresses, could get hacked. This statistic is made more troublesome by the fact that one in three respondents (29%) admitted they were not confident in their ability to prevent a cyberattack.
McAfee’s study points to a perhaps foregone conclusion: that social media is still a risky endeavor, and users are concerned. That said, while many are aware of the threats posed by social networking sites, most are only focused on the specific threat of stolen personal information.
Few seem aware of other threats that are percolating, such as account takeover, which security vendor Kaspersky said spiked in 2020. Kaspersky defines account takeover as a bad actor being able to steal login credentials and seize control of an online account; these takeover attacks rose from 34% of fraud detected by Kaspersky in 2019 to 54% by the end of December 2020.
While social media companies and other organizations strive to protect privacy by using techniques such as MFA (multifactor authentication) and behavioral heuristics, other threat vectors seem to be manifesting in unexpected places. Take, for example, the latest series of attacks on specific components of social media platforms; namely, how users choose to communicate with each other. McAfee reported a serious security flaw in video conferencing software used by eHarmony, Plenty of Fish, MeetMe, and Skout. That security flaw allows bad actors to potentially eavesdrop on communications between users, making those services a prime target for social engineering and data theft. Even more troubling is that security flaws aren’t limited to those services. Healthcare apps, too, including Talkspace and Practo, have also been impacted.
The discovery of those security flaws prove even more troubling, since more and more users are turning to social apps to access face-to-face and in-person services no longer readily available due to COVID-19 restrictions. Today, consumers and patients use social applications to make appointments, have virtual visits and much more, potentially exposing information that should be kept private.
For cybersecurity professionals, the issues of social media account takeovers and data theft prove difficult to address. After all, the typical IT staffer has little control over what a user does on social media, especially if the user is on their own device. Solving those security problems comes down to a dose of awareness and, perhaps, a dose of policy.
For systems (and or endpoints) managed by IT, policies can be defined using endpoint protection solutions that force MFA usage on sites. What’s more, IT policies can be defined to limit the use of social media entirely and/or particular aspects of social media. Endpoints connected via a business network can be further monitored for data leakage and suspicious activity. If a business is providing access to customers via apps, those apps can be hardened and store only limited information. IT can also control access to those apps and deploy policies, such as security best practices to require MFA, frequent password changes and so on.
Ultimately, waiting for social media platforms to solve security problems may take a very long time, so due diligence is warranted, and that starts with education and policy controls, which will help to prevent data theft.