The TCS Blog rss

  • Home
  • Tips to Keep Your Business Safe on Social Media

The TCS Blog

Tips to Keep Your Business Safe on Social Media

By: Jessica Clifford

Pretty young woman holding colorful social media icons balloon.jpeg

Social media has already consumed our personal lives, but now social sites, with their inexpensive forum for marketing, networking, and client out-reach, are approaching our companies with a friendly vengeance. Most company websites use social media to encourage clients to follow them on Facebook, Twitter, Instagram, and so on, helping their clients become the first to hear news about their brand, upcoming events, or sales. Yet, social media does have its negatives, such as phishing extortion, shortened URLs, and fake accounts attacking a businesses’ privacy. With countless benefits, how do you keep your business safe on social media? The answer is simple: know what you are looking for.

According to experts from the security firm, Proofpoint, “phishing attempts are up this year by 150% on major social networks like Facebook, Twitter, Instagram, and LinkedIn”.[1] One of the worst phishing scams haunting social media profiles for businesses is Spear-Phishing. This type of fraud is the most personal of all phishing attacks because hackers steal information from specific employee’s social media profiles, such as their name, employer, and work phone number. Hackers who do this are hoping the person receiving the instant message or email believes the writer knows them. This gains the user’s trust, making him or her reply to the hacker’s urgent message. Spear-Phishing pressures one or more employees to click on a malignant link, rendering their company’s private information unsafe.[2]

Spear-Phishing, similar to other phishing attacks, only affect a company if an employee replies to a message, or opens the link inside the message.  Therefore, companies need to keep a careful eye on social media messages, or emails detailing private information from an unknown source. If this happens to a company, simply deleting the message before taking action will prevent a possible security disaster.2

Other scams awaiting companies using social media are shortened URLs and HTTP links. Hackers create these links to trick the user into visiting a malicious site, so their private information is open for the hackers’ taking. Shortened URLs seem easy to avoid, yet they look harmless to an uninformed employee. Therefore, it is essential to hover over a shortened URL and see the full URL at the bottom corner of the browser. If the site in the full URL is unknown, then it is best not to click on the link. Besides this method of prevention, businesses can use sites such as Securi, URLVoid, and MyWOT to check the security of a link as well.[3]

Besides shortened URLs, it is also best to be wary of HTTP links. These links are regular HyperText Transfer Protocol, but when a link includes an ‘S’ (HTTPS), the hyperlink is secure against hackers. The latter is safer because, “using HTTPS, the computers agree on a ‘code’ between them, and then they scramble the messages using that ‘code’ so that no one in between can read them.” By placing the code on a Secure Sockets Layer, or SSL, keeps the information safe during an exchange between sender and receiver. Since no one else can understand the intricate code, this protects the user’s information from hackers.[4]

A third kind of fraud used via social media is fake accounts. This innovative attack makes an employee believe the hacker is a friend or a work acquaintance telling he or she to take action, or click on a link. Messages with these attached links will redirect the viewer from the social media site to a malignant site. Unfortunately, fake accounts are less questionable than most scams because the hacker uses a personal friendship against the viewer. If this type of fraud confronts a business, an employee should be weary whether the message content and writing style is normal for the sender. If the message continues to feel ambiguous, then the employee should contact the friend to affirm or deny he or she sent the message. [5]

These aforementioned prevention tips are not the only ones necessary to keep a small business safe from social media fraud. With the plethora of attacks over social media, it is best to create a social media policy for staff to follow. Setting accessible guidelines for every employee through training seminars helps to specify what is acceptable and unacceptable social media usage to prevent leaking private company information. In addition, limiting who has control over the company’s social media profiles lowers the possibility for a privacy disaster. Lastly, installing secure technology software that checks for malicious apps, viruses, and worms in all incoming emails is pertinent for total security. [1]

Next time your company has a laisse-fair attitude towards social media safety it is best to speak up. Let your employer know, “social scams range from fake customer accounts or your friends, to [contest spams] in social comments that lure you to ‘buy this’ or ‘click here’”.1 Social media use in small businesses is not a fad; therefore, treating information safety as such is not acceptable either.

Do you want more information on how to keep your business safe from cybercriminals? Fill out a form for TCS’ Cyber Security Workforce Training for your organization.

[1] Sam Milbrath, “5 Social Media Security Risks for Businesses (and How to Avoid Them),” Hootsuite, May 5, 2016, accessed December 15, 2016,

[2] No author, “6 Common Phishing Attacks and How to Avoid Them,” Cloud Pages, May 11, 2016, accessed December 15, 2016,

[3] Guest Author, “5 Threats to Your Security When Using Social Media,” Social Times, November 18, 2016, accessed December 15, 2016,

[4] “HTTPS and HTTP Difference,” Instant SSL by Comodo, Accessed December 20, 2016,

[5] Maxwell Chi, “Reducing the Risks of Social Media to Your Organization,” InfoSec Resources, March 16, 2011, accessed December 15, 2016,

1 Sam Milbrath, “5 Social Media Security Risks for Businesses (and How to Avoid Them),” Hootsuite, May 5, 2016, accessed December 15, 2016,