Partager:

JAKARTA - Threats to corporate (corporate) social media are growing very fast along with the social engineering skills of cybercriminals.

Sometimes their techniques reach such high levels that even a tech-savvy corporate network administrator cannot tell the difference between fraud and truth.

Since many businesses use social media to promote their products and services, this threat is relevant for a large number of companies. To help keep them safe, Kaspersky experts offer the following advice for mitigating the cyber risks associated with social media in 2023.

Be wary of direct messages and drafts folders, delete old, irrelevant information

Companies should be careful about storing sensitive information in direct messages. If any breach allows cyber criminals to gain unauthorized access to accounts, sensitive data can be leaked or used to launch attacks.

To avoid this risk, make it a habit to delete irrelevant messages when the conversation is over and the information in them is no longer relevant. The same goes for posts. It's a good idea to carefully review what's stored in the drafts folder from time to time.

Review older posts to minimize reputation risk

To stay safe, take the time to review published posts, as they may contain information that does not correspond to current reality, or it could range from inappropriate jokes to controversial advertising campaigns. What was normal yesterday, may generate a negative public reaction today.

Be careful posting your success story

If a potential attacker knows who your supplier or contractor is, through a post made, attacks can appear with various schemes such as impersonating the third party's identity, hacking accounts to act on their behalf.

In addition, the more clearly the company's structure and work methods are depicted on social media, the easier it is for cybercriminals to prepare attacks.

Warn newcomers about the risks associated with posting "new jobs" on social media

After getting a new job, entrants will usually share their experience on social media, but they don't yet understand how the cybersecurity process is built in the company.

To reduce risk, offer information security training to new hires, and tell them to be very careful when posting about new jobs.

Control account access and change passwords when employees leave

If an employee with access to account and authentication data leaves the company, enforcing password change rules is as important as blocking their access to the company network. First of all, change the password for the email account linked to the company's social network; then unlink ex employee mobile number and check other authentication methods like, backup email.

Don't neglect two-factor authentication

Any account on a social network, let alone a company account, must be securely protected. Two-factor authentication (2FA) is an absolutely necessary setting for all account types.

Email addresses linked to accounts should be protected just like the social media accounts themselves. The best way is to register a social media account using a company email address. Because it will be more protected (assuming the company prioritizes cybersecurity). Additionally, internal security specialists can block access to that email along with all access to the corporate network.

Provide your employees with anti-phishing training

To mitigate cyber risks on social media networks, it is not enough to technically protect your company account, it is also important to conduct special training for employees on information security, various types of phishing and other threats.

“The attacker used sophisticated social engineering methods. Even representatives of the most advanced generations like Gen Z can be fooled by them. The human factor cannot be reduced to zero, but it can be minimized as much as possible with the help of special training.” Closes Anna Larkina, web content analysis expert at Kaspersky.


The English, Chinese, Japanese, Arabic, and French versions are automatically generated by the AI. So there may still be inaccuracies in translating, please always see Indonesian as our main language. (system supported by DigitalSiber.id)