Why every enterprise needs data loss prevention for all social media channels
Security leaders face tough decisions when it comes to using social media in the workplace. Social and other digital channels are fundamentally changing the way modern businesses communicate. They’re tied to critical operations ranging from customer support to marketing to internal collaboration. Avoiding them isn’t an option. At the same time, relying on the security and privacy settings of these platforms can leave your company open to a serious incident.
It doesn’t help that social media comes with an enormous attack surface. The sheer scale of message creation on these platforms makes it especially hard to prevent the leakage of private data, like personally identifiable information (PII) and other privileged information. Security teams need to stop relegating social media as a communications channel. It is essentially a public cloud environment, and needs to be protected as such.
Social Media Is Often the Biggest Blind Spots in Enterprise Security
Data loss prevention (DLP) has long been a standard security practice applied to things like business email and internal collaboration platforms. It’s a standard feature in certain Office 365 plans, for example. However, DLP rarely extends to social media and other third-party platforms that lie outside conventional perimeter security. Given the fact that social media is one of the most publicly visible faces of modern brands, the impact of misuse is enormous. Cybercriminals are also turning towards these platforms to carry out phishing attacks in a highly effective and targeted manner.
Losing Control Over Your Data
One of the biggest challenges facing InfoSec teams is data sovereignty. Although there’s no denying the value of social media and collaboration platforms for businesses, everything that’s posted is entirely at the mercy of the platform. Social media privacy and security controls are often limited, making it critical to evaluate user messaging and block any restricted content from entering these platforms. On social networks, where such content can spread like wildfire, it can mere seconds for restricted content to be posted across thousands of pages, both within and outside the platform. Once that happens, it’s extremely difficult, if not impossible, to remove. Furthermore, the social networks have no obligation to delete the content, unless it’s illegal in nature. Even then, it’s a monumental challenge since you’ve already lost control over the data.
Succumbing to Phishing Attacks
The widespread use of social media in the workplace has made it a favorite attack vector for cybercriminals. Although the major social networks have banned hundreds of millions of fake and malicious accounts in recent years, targeted attacks remain a problem. Spear-phishing attacks continually target business users in an attempt to dupe them into surrendering confidential information through private messages. Other attacks attempt to dupe victims into clicking on a malicious link or downloading a harmful file. Targeted attacks are effective because they involve building up a profile of the would-be victim using information that’s publicly available. Where any exchange of information takes place, it’s critical that the conversation follows your security policies.
Falling to Insider Threats
Whether intentional or malicious, most security threats stem from within the organization. After all, it’s extremely easy to post the wrong thing on social media. All it takes is an honest mistake, such as copying and pasting PII or product information in DMs. Insider threats may also take a malicious turn, as may be the case when former employees who departed the business on bad terms still have access to their old work accounts. For one government client, we detected a former employee exfiltrating classified material to Twitter. Security policies alone are not enough to protect your organization.You need ongoing security awareness training, along with the technical measures needed to automatically detect and prevent the attempted exchange of confidential information through unsecured channels.
Data Loss Prevention Reduces Risk on Social Media
DLP is a proactive measure that constantly monitors the flow of data in real time to prevent sensitive information from leaving an organization. It allows companies to tag their digital assets by sensitivity level and enforce policies around how they’re used. Things like intellectual property, trade secrets, partnership contracts, PII, and transaction details might all be classed as restricted. If any such information attempts to leave the organization through a restricted channel, such as social media pages or instant messages, it will be stopped automatically. Administrators can customize their DLP rules to align them with existing policies, thereby providing a concrete method of enforcing them.
Overcoming the Challenges of Scale
With the flow of information across social channels, instant messaging apps, collaboration platforms, and other third-party platforms being so great, overcoming scale is one of the greatest challenges of all. As businesses adopt new channels, they need a DLP approach that scales with them. Any solution must automatically identify potential policy violations and alert administrators so they can act immediately. High-risk actions, such as the attempted sharing of highly-sensitive documents, must be prevented automatically, with said documents being quarantined until administrators can take remediation action. Other automated actions might include takedowns of malicious posts, images, and files, as well as the suspension of unauthorized or compromised accounts.
Guarding Against Unknown Threats
Traditional signature-based threat-detection is no longer enough to protect organizations from cyberattacks. With the cyber threat landscape constantly changing, it’s important to capture all content to manage the full cycle of digital risk protection and feed it into a comprehensive risk-modelling solution. Modern DLP solutions do more than simply detect specific key words and phrases in outgoing communications. They also leverage machine-learning and AI to automatically classify information and assign risk scores. This allows the system to prioritize the most serious incidents while minimizing disruption due to false positives. Combined with real-time threat modelling and behavioral analytics, DLP protects businesses against new and unknown threats on social media channels.
Image credit: William Iven / Unsplash
Otavio Freire is President, CTO and Co-Founder, SafeGuard Cyber.