Social media security: an integrated approach

Online sales can mean big business for those engaged in e-commerce, with many small businesses garnering a high percentage of their revenue through marketing on Instagram, Facebook, Snapchat or even Etsy.

Online marketplaces are filled with small businesses and entrepreneurs, whose livelihood depends on their ability to interact with their audiences to drive sales. These brands and individuals rely heavily on the sales social media promotions can bring through the door – often leading them to pump money into social media production and curation.

For those selling products online, this often means spending hundreds of hours crafting a cohesive aesthetic, scheduling posts and coming up with witty captions designed to edge small businesses ever closer to their growth targets. In a 2018 survey, 90% of Social Media Managers (SMMs) reported that online advertising has increased their exposure, and 41% of SMMs rely on social media to drive revenue.

Whilst these numbers may seem impactful in countries like the UK and the US, they are exponentially larger in countries like China and South Korea, where apps like Douyin and BiliBili are rapidly making the move towards integrated e-commerce systems, connecting influencer and product in a single click. No muss, no fuss, no lengthy check out. Just click the screen or scan a QR code whilst you’re watching a makeup tutorial, and your brand new sunscreen promoted by a beautiful couple on a beach in Bali will be delivered the next day.

The promoter earns a commission, the brand earns revenue and the cycle of next-generation e-commerce just keeps on keeping on.

Using social media to stimulate commercial growth can be an exceedingly positive and lucrative endeavour, however with reward comes risk.  In this case, you could lose access to your accounts because an anonymous online criminal compromised your systems and you can’t post anymore.

The account then gets ransomed back to you and your entire marketing budget is spent trying to regain control over your accounts, or even worse, the hackers start to post spam on the account they’ve seized control of and effectively harpoons the relationship you’ve built up with your subscribers and followers.

This can often lead to a loss of income, irreparable damage to your follower base, a loss of time while you attempt to find out how to compromise happened, damage to your reputation and in the case of statement based accounts like Twitter or Facebook, some rather unpleasant things being posted in your brand’s name. For instance, when Burger King’s Twitter account was compromised, hackers sent thousands of spam tweets and changed their banner image to promote McDonalds. This can also significantly damage individual accounts too and have enormous reputational implications, for instance when US rapper The Game’s Twitter account was compromised and used to deliver homophobic slurs.

If you’re a brand or an individual with a significant online presence, the power and influence you curate in an online space can be turned against you by criminals who are either seeking profit, or who wish to cause mayhem.

So, how should individuals and businesses deal with this? By recognising that their or their brand’s social media accounts are assets as valuable and as vulnerable as every other part of their infrastructure. Organisations need to have the processes in place to secure a culture of security accountability.

This means ensuring that security protocols are reviewed so that a disgruntled employee can’t leave the company and still have access to your social media accounts, keeping the processes for account recovery and re-activation stored and updated, and regularly maintaining/servicing all online accounts in the same fashion as an e-mail account or any other external facing systems.

We understand that constantly thinking about security is difficult, especially when you’re trying to grow your business and your aim is profit over protocol, but we can’t stress enough the importance of forward thinking. So if you’re a solo entrepreneur, influencer, or a small business you may want to consider periodic security reviews twice a year, or even a virtual CISO who can take the stress off your hands entirely.

For more information regarding online security for SME’s you can e-mail us at

At MDR Cyber we help organisations put the right foundations in place to protect against likely risks and give businesses time back to focus on growing their sales.