Why marketers should prioritize cybersecurity for social media platforms

Marketing technology allows teams to scale, remove workflow obstacles, and automate daily tasks. We all know good social media management is critical to growing your brand, follower base, increasing lead generation, and staying connected with current customers. It’s a powerful channel to reach and engage with audiences worldwide.

But as business social media presences grow, so do the cyber security risks — many of which don’t commonly fall on the average marketer's radar. So how do teams balance an increasing dependence on social media apps with the escalated risk of cyber security threats?

In this post, we cover the realities of managing business social media accounts today and the risks associated with cyber threats that marketers should know. Get the best practices for your team to follow to protect the organization and online reputation you worked hard to attain.

It’s essential to recognize that most social media apps operate as nonfederated (also referred to as “unmanageable”) applications. Essentially, this means that they fall into a gray area of management, used by departments or individuals with little to no options for protection. Furthermore, nonfederated applications require separate usernames and passwords, so your organization’s identity provider (think Okta or Azure AD) cannot manage them centrally.

Social media apps are the most prominent example, but many other applications in your organization’s marketing technology stack likely fall into this category. In fact, according to Ponemon Institute, organizations report using an average of 96 nonfederated applications (23% say they use between 101 and 250 such applications!).

These are more complicated tools for IT departments to track. The same Ponemon Institute report found that 49% of organizations track nonfederated applications, and only 21% say they are confident in knowing all of the organizations' nonfederated applications.

Often with nonfederated social media applications, the dangers extend beyond the scope of traditional cybersecurity threats. They include:

• Data breaches: With customer interactions and sensitive data flowing through social media channels, a breach could expose large amounts of private information — putting customers and your company at risk.

• Ad spend redirection: With increased marketing spend allocated to social media advertising and SEM tools, cybercriminals can exploit vulnerabilities to misdirect funds from those applications.

• Cyber attacks: These range from phishing attempts, where attackers might try to trick employees into revealing passwords, to more sophisticated attacks to compromise the corporate social media account or associated networks.

• The human element: Disgruntled former employees are another potential source of damage if they still have access to your corporate social media accounts.

• Lack of visibility: When multiple employees have access to social media accounts, keeping track of who has access at any time can be challenging. This lack of visibility is a risk in itself. For example, if you are not managing access controls properly, an employee who has left the company or changed roles could still have access to critical social media apps.

The necessity of handling numerous usernames and passwords often results in poor security practices, such as using easily guessable passwords or repeating the same password across platforms. 

When these credentials get shared among team members and stakeholders outside the organization (think contractors and agencies), there is a heightened risk of unauthorized access or accidental leaks. According to a Cerby study, 76% of respondents say their employees share login credentials with internal and external collaborators.

Cyber threats represent a clear and present danger to marketers and the businesses they work for. The potential consequences of a security breach may look like:

• Financial losses: A successful cyber attack can result in substantial monetary losses. The average annual cost to investigate and remediate cyber security incidents involving nonfederated applications is $292,500.

• Onboarding and offboarding costs: The cost and time of onboarding and offboarding access to applications quickly increase. Seven hours is the average time spent onboarding access to a standard set of applications for one employee. At an average $62.50 hourly pay rate, the cost would be $437.50 per employee. Suppose offboarding one employee takes an average of eight hours; that costs $500 per employee. Use these benchmarks to calculate the impact on your organization based on the annual turnover of employees and contractors.

• Reputational damage: A major security incident can erode customer faith in your brand, leading to a decline in customer loyalty and, subsequently, revenues. Forbes reported that 46% of organizations have suffered reputational damage due to a data breach.

• Legal liability: Laws like the EU’s General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) hold organizations accountable for the protection of user data, and breaches can result in hefty fines, lawsuits, and long-term regulatory scrutiny. Nearly half (47%) of organizations report failing to meet regulatory compliance regulations due to an inability to secure nonfederated applications.

In short, a cyber security breach can transform from a technical problem into a marketing crisis overnight — emphasizing the need for comprehensive cybersecurity measures in managing social media platforms.

Social media is the centerpiece for engaging with audiences, from customers to customers. Until security best practices are implemented, your brand will be at heightened risk from attackers. Here are eight critical steps marketers need to take to protect the brand and maintain customer trust:

1. Inventory social accounts: Inventory all social media accounts currently used—whether used infrequently or daily. Tip: this can be quickly accomplished by Googling your brand(s).

2. Close unused accounts: Review all accounts with stakeholders to decide if they are an active part of your brand strategy. Deactivate any accounts no longer in use or unapproved.

3. Review third-party access: Review all third-party stakeholders that access your accounts. You can accomplish this by logging into each account and (usually) navigating to account settings>security>apps and sessions. Ensure only the third-party entities and individuals with access have authorization.

4. Use strong passwords: Update and set strong passwords on each account using a password manager. Do not reuse passwords. Each account should have a unique password. Even better, ask your IT team to leverage your identity provider and eliminate passwords completely.

5. Enable two-factor authentication: Enable two-factor authentication on every account. This may be the most critical step on this list!

6. Create unique email addresses: A unique email address per account means an attacker can only access what’s in that inbox if you are phished. An added benefit: this reduces spam.

7. Review ad spend regularly: Establish a process to review ad spending periodically. Baselining ad spend will help with budgeting and early identification of redirection. A common tactic of attackers is redirecting ad spend once they gain access to your accounts — 73% of businesses report experiencing ad fraud.

8. Review access frequently: Create a process to review access regularly. You should provide access to social media accounts on a need-to-know basis. Automate the review of access to remove the human component.

It’s clear that managing marketing technology and social media apps presents a significant challenge for teams. In particular, cyber security has emerged as a critical concern, with cyber threats posing significant risks of financial loss, reputational damage, and legal liability. The nonfederated nature of social media applications intensifies these vulnerabilities, necessitating the adoption of robust security tools and practices. As stewards of these corporate social media accounts, marketers are no longer bystanders in the realm of cyber security—they are front-line brand protectors.

Brand protectors are tasked with fostering a culture of cybersecurity awareness within teams and enhancing the resilience of overall marketing strategies, all while heightening the success of a brand’s digital marketing efforts. These groups can help significantly reduce cybersecurity risk for the business with the right processes in place. Start prioritizing cybersecurity by identifying risks, protecting passwords and credentials, and instituting best practices like two-factor authentication. The sooner you take these steps, the better.

This guest post came from our partner Cerby, an access management platform for nonfederated applications. Cerby brings advanced security features such as single sign-on (SSO) directly into social and ad accounts for Khoros and Cerby customers, helping to exceed security standards for their social media accounts.