top of page

4 key cyber security tips for brands with a social media account

Key Cyber Security Tips

Cyber crime has seen a significant increase in recent years, and it has only been exacerbated by the pandemic. A big space that is being targeted by cyber crime is social media.

A study featured in the Applied Computer Systems journal notes how social media penetration has spiked in 2021, and is expected to see alarming rates of data breaches, cyber stalking, identity theft, malware, social engineering, phishing, and even burglary. These crimes are clearly of note for businesses, so it’s best to adhere to some key cyber security tips.

1. Beef up your password security

A password is the most common protective measure for social media accounts. The obvious thing to note here is the need to make passwords that are hard to crack. These days, experts suggest using random words for passphrases, and even encourage the mix of different types of characters and numbers to combat brute force attacks.

In our post ‘Power Up Your Password Security’, we note how there are four essential password habits: using passphrases with three random words, using a unique passphrase for each online account, using a password manager, and using Two-Factor Authentication (2FA) whenever you can. Most platforms today will inherently offer 2FA in their security settings, while a password manager enables you to generate passwords, manage them, and secure them (so you don’t have to manually remember everything).

2. Revoke access to third-party apps

There are numerous ways for an account to be attacked, but one particular hole that is too often overlooked comes in the form of third-party apps. These are the apps that are outside the scope of the social media platform but request access to your data or certain features in your account. Later’s article on Instagram hacking protection outlines how these apps are used to access your profile by way of the platform's database. Since these apps are "authorised", they have free rein on the data you have provided and make it that much easier for unwarranted eyes. Make sure you consistently check the settings on your social media accounts and see any suspicious apps or unnecessary ones. Then, choose the option to revoke their access. 3. Make regular security checks

It’s important to keep monitoring your accounts and their activity, even if, say, your business social media account isn’t active at all. In fact, this inactivity can even make you more susceptible as a victim. Even if there’s no sensitive data to be linked to, you may find that a hacker could maliciously take over the account and start posting without your consent. Consider Reuters’ coverage on major Twitter attacks, where it is noted how Twitter has removed thousands of accounts for inauthentic behaviour. Action on this was reported in 2019, despite the unauthorised access being revealed to have occurred in 2015. The same article shows a later attack on Facebook, this time exploiting software weakness to access 50 million users’ accounts. 4. Educate employees on best practices

It’s also important to ensure that any social media managers and employees with access to these platforms follow good digital habits. Avoiding suspicious links, disregarding sketchy e-mails, not using public Wi-Fi, and keeping the password a secret are just a few of the main lessons that, though seemingly obvious, need to be reiterated. A good reference for this is A recent report on UK data breaches revealed that a whopping 90% of data breaches that occurred in the UK in 2018 happened because of human error. Considering how important social media has become for businesses in the modern age, it would be wise to make use of these tips to ensure security and success. Simple measures such as picking secure passphrases, disabling access to third-party apps, monitoring your accounts regularly, and training your social media managers can already be huge for your business's cyber security.


GoldPhish educates end users on the cyber threat and helps build more secure organisations with awareness training and phishing simulation

Get in touch for more information: 


bottom of page