Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

Keeping your company image safe on social media

Brand protection firm Cyveillance has seen an explosion of brand abuse on social media. What can you do to stop it?

The umbrella of security responsibilities now includes brand protection at many companies (See Brand protection: The expanding CSO portfolio for an in-depth look) and it seems like a constantly moving target. When the internet took off, organizations had to contend with scammers registering web site domains using company names for fraudulent purposes. Now similar activity is happening on the hottest forum for brand abuse--social networks.

Terry Gudaitis, Director Cyber Intelligence for brand protection services firm Cyveillance, lays out some common fraud scenarios and gives advice on how to protect your organization's good name.

CSOonline: Cybersquatting, or fraudulently registering a web site using an organization's name has been a big concern in brand abuse in recent years. Is this still the case?

Terry Gudaiti, Cyveillance: Where we have seen the increase in abuse is in social media sites. That includes, depending on how you define social media, the big ones like Facebook,LinkedIn, Twitter, MySpace, and that variety. But some even include the blogsphere in there where people can comment on other articles. Unlike a domain name where you have to go and register a name, you can jump on one of these social networks and as long as you have an email that appears to be legitimate, you can register basically any name.

What kinds of brand abuse occur on social networks?

We are seeing a trend where on Facebook and Twitter, people are registering the names of a company, as well as the executives, like the CEO or director of marketing. It's sort of like domain-name squatting but you are squatting on a social media site with a person's identity. And a number of things can occur for both brand abuse but also for security reasons. And we pay particular attention to that.

Read up on basic social media risks

Why the increase? Is it simply the huge growth in social networking? Or is there more to it?

I believe it's the prevalence of it but also the ease of access. And I mean that in two ways. Everyone has access at home now to a computer or smartphone, so it's easy for anyone to sign up for these services.

I also think it is proliferating because in traditional network protection models you lock down your firewalls and you get egress protection where people from your corporate network are not allowed to go out to these sites, but people don't need to operate through the corporate network anymore. I can walk outdoors with my smartphone and bypass the corporate network altogether.

And there are a lot of different people to consider now. You have rogue individuals who want to do the company harm, but also people in your company who maybe just because they love their company want to have the company associated with their Twitter page or Facebook page. There is also the authorized member of the team who is allowed to go out and message out to the public. So you have a lot of different entities now playing in a space that was typically designated for the authorized user. And even for authorized users, if the company doesn't have policies on how to use these social media sites; in terms of how to use these sites, how to be consistent on setting them up so the public knows this is the legitimate site for the corporation, it can create problems.

What do you recommend to clients in terms of protecting their brand on social media?

First we have several different types of training we do, and it includes executive level--C-level--training. (See also: Why executives are the easiest social engineering targets)Training on what risks and vulnerabilities a company and executive faces on social media. Because of issues like whale phishing, spear phishing, a lot of high profile executives are being targeted specifically and very directly. So we are training to familiarize them with these new issues that go along with social media and how it impacts them.

What they have to realize is it's not just their company blogging or tweeting, but also their family. That means their spouse or their children are maybe divulging information innocently that could have real security or brand impact on that company or executive.

After training, we look at social media policy for an organization. Do they have a policy? Is it up to date? We'll do a review and recommendation for what that organization needs to be able to enforce that policy. And in order to enforce the policy, Cyvelliance provides monitoring along the lines of what the companies have put forth to make sure the employees are following policy and we report violations.

Read 4 tips for writing a great social media security policy

We also assist companies with locking down their social media sites. Even if they don't use Twitter, don't want to use Twitter because that's not part of their business model, we still do domain name registration. We want to go and register their legitimate names across social media sites so the public can realize this is actual a legit site and not some individual masquerading as the company.

Can you give us some sample scenarios of brand abuse you've seen on social media?

We've seen a range of fraudulent behavior. One tactic is to set up a Linked In and Facebook account in someone's name. They reach out saying 'I'm Joe Smith, CEO of such and such company." They reach out to people who may be in that individual's network. What they are doing is collecting the network of an executive. That is valuable for both for scam and fraud, but also for sales reasons, for marketing reasons. To collect a social network like this is valuable data to have.

We've also seen people masquerade as companies or individuals on social media sites and put out false messaging that is interpreted by the public as being real. That can affect stock prices and it can impact what shareholders think of a company thus impacting investment and the bottom line. It's an effective way for competitors to plant rumors.

We've also seen activists utilize and take advantage of brand names to start campaigns against companies. They use the company name against them in a way that violates trademark rules.

And in some cases it may be purely mischief or a disgruntled employee who wants to paint a company in an unfavorable way.

Even in authorized users, they could message about the company or tweet back to companies in a way that violates company policy.

What are some best practices a company can adopt to ensure brand protection on social media?

Some of the best practices have to do with what industry are they in. What are they most trying to protect? What are their crown jewels and what wouldn't they want people discussing and registering for and the like? The first part is determining what is most important to you in your organization.

But I would say the first best practice is having a social media policy; one for unauthorized, and one for authorized users. While a lot of companies have a standard policy across the board, I do believe those professional individuals engaging with the public on social media should be guided by a company policy.

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: Cyveillance, Facebook
References show all

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the CIO comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: business issues, Cyveillance, internet, Internet-based applications and services, security, social media
Latest Blog Posts
Whitepapers
  • 10 Ways to Stretch your storage budgets in virtualised, consolidated environments
    Everyone’s heard the line about the only inevitabilities in life being death and taxes. IT managers, however, would quickly assert a third absolute – higher storage needs. There’s no question data storage requirements continue to skyrocket, and there’s absolutely zero likelihood of that ending any time in our lifetime. Enterprises have successfully controlled their IT budgets and server sprawl issues with the help of virtualisation technologies, but what’s next? Increasingly, organizations are turning to storage consolidation for virtualised server environments in order to reduce data center costs and inefficiencies.
    Learn more »
  • Mastering Backup and Restoration
    A backup strategy should not be static. Rather, it should establish a platform for a business to deliver continuous improvement through faster backup and restore features, easier management, lower operating expenditure, reduced complexity and delayed capital investment. These will in turn support greater business competitiveness. Read on.
    Learn more »
  • Protecting Generation Web
    From data privacy to personal safety issues, cyber-bullying, inappropriate content and malware, schools are facing an increasingly difficult task when it comes to allowing young people to spread their online wings without compromising their safety and personal development. The reality that most schools are catering to the needs of mixed age groups and abilities, and it’s easy to understand why a simple stop and block approach won’t work. Learning environments are, by nature, flexible. It stands to reason that the IT resources used in them should be flexible too. Read on.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.
Recent comments