Cybersecurity, social media and the workplace  

ramsac team members 20211019 219822 RT.min

Snapchat, Facebook, Instagram, Twitter, TikTok, Reddit, BeReal – the list goes on. Social media platforms are so ingrained in our everyday life that not using them would feel strange.  

However, for companies across the world, employees using social media can pose an immediate risk to the security and confidentiality of their business, customers and other sensitive information.  

Social media use has become an intrinsic part of everyday business life for many, whether that’s updating LinkedIn with the latest company updates or using Twitter for industry connections. But although it provides many positive opportunities, when mismanaged, it can pose many challenges too. It’s both a blessing and a curse to have social media in the workplace. 

Different types of social media in the workplace  

As so many social media platforms have sprung up over the years, knowing what’s currently used by businesses and employees can help you to understand the security risks of each.  


What is it?  

Facebook was the first social media as we know it today. Businesses can create pages to share text, photo and video updates, run ads and sell products.  

What is a common cybersecurity risk?  

As it’s an older social media platform, scammers will often impersonate your company to try and entice confidential information and more.  


What is it?

Twitter is a short form social media platform, where you can tweet up to 280 characters, as well as including photos, videos and GIFs.

What is a common cybersecurity risk?

As you can’t edit tweets unless you pay for Twitter Blue, Twitter’s paid subscription, only delete, anything that has been said will forever remain on the internet. So, if you accidentally tweet the wrong thing, you could quickly compromise a lot of information.


What is it?

Instagram is a photo and video sharing app. You can either a share post that lasts forever, or a temporary ‘story’ that lasts 24 hours.

What is a common cybersecurity risk?

Instagram is purely photo and video based, so a misplaced contract or confidential information on a screen in the background of a photo can be seen by anyone who follows you.


What is it?

LinkedIn is a business-focused social media, designed to allow B2B connections their own place to flourish and promote businesses and learning tools.

What is a common cybersecurity risk?

Being purely B2B focused, it’s easy to let your guard down and share sensitive data, such as client details, contract negotiation progress, job role status and more.


What is it?

YouTube is a video sharing site. It’s commonly used by businesses to host videos before embedding them on websites.

What is a common cybersecurity risk?

If posting a video, such as an office tour, it’s all too easy to have invoices, proposals, contracts and more on the desk without realising.


What is it?

TikTok is vertical video sharing app. You share videos up to 10 minutes long, and it’s shared on an algorithmic feed to others.

What is a common cybersecurity risk?

TikTok is all about keeping up with trends. If the latest trend requires you to show your staff coming into work every day, for example, you could reveal sensitive information by accident.


What is it?

Pinterest is a photo sharing inspiration social media. People ‘pin’ photos to ‘boards’ on a certain subject, like home, weddings or more.

What is a common cybersecurity risk?

You can attach links to every post you make, so a dangerous or old link could reveal sensitive information about your company that shouldn’t be on the web.


What is it?

Reddit is a niche-based forum site that allows people to post a topic with a conversation generated in the comments below, even providing the space for AMAs (Ask Me Anything).

What is a common cybersecurity risk?

Reddit can be used anonymously. For example, you could ask a question about a specific problem relating to a client, and the client or a competitor could see that you don’t know something or are revealing too much.

ramsac team working on accountancy project

Cybersecurity threats from social media

As well as the obvious hack of an account, there are other threats from social media. Here are a few common ones that hackers will use to compromise your business.

1. Social media reconnaissance

Cybercriminals can easily spy on your public profiles, see job changes and other company announcements, and use these to entice you to send money or reveal more sensitive information.

What may seem a harmless congratulations or commiserations message could actually prove more dangerous than anticipated. It may seem like they work at the same company as you, but they could easily be impersonating a fake manager or colleague to try and entice you to share information.

2. Profile impersonation

A cybercriminal can easily impersonate your company or a colleague. It’s advisable that when you set up a business, you get social accounts for each intended social media that you want to use, even if you don’t intend on using them immediately. This prevents a hacker’s ability to impersonate you.

Similarly, keeping tabs on people who say they work for your company on social media, especially platforms that allow you to set a job title like LinkedIn and Facebook, can prevent people from being able to impersonate your employees or pretend they work for you when they don’t.

3. Malware and infection of viruses

By sending a message pretending to be someone, or sharing a convincing file, training course link or similar business comms, you can easily spoof someone into thinking they’re clicking something legitimate.

Hackers will often use masked links to try and get unsuspecting employees to download viruses or give access to their computers.

ramsac team members 20211019 220006.min

What can companies do to reduce the risk of breaches?

For business owners there is an onus to provide a layer of protection and training to employees, both through software and through the human firewall. There are steps that you can take to ensure the protection of your business against cyberattacks and cybersecurity breaches.

1. Install a browser-based virus protection software

Many viruses on the internet these days can be accessed through spam sites, messaging and even broken websites. By using browser-based virus protection software, you can prevent employees from accessing malicious sites or downloading spam software.

If you use an antivirus like Sophos, you can often get browser protection included. It’s worth activating it and regularly checking for any alerts, as it can be hard to stay on top of it.

2. Provide social cybersecurity training

As part of your induction and regular cybersecurity training, it’s important that you highlight the importance of being secure online. While you don’t need to dictate what an employee does or doesn’t do on social media, making sure your workforce is aware of the risks when sharing online is important to ensuring the safety of your company.

3. Implement a culture of asking

A common method that hackers use to gain access to a company’s sensitive information is by posing as directors or senior members of staff requesting urgent information such as passwords, monetary payments or similar. To overcome this, staff need to feel confident that questioning senior members of staff or directors to gain confirmation before sending money or sharing confidential information is ok.

4. Use 2FA on all social accounts

For all company-facing social media accounts, having two-factor authentication turned on is imperative. As many company a team of people may run social media accounts, rather than one person, having two-factor authentication that redirects to a central phone or email address will help to keep your account truly secure.

5. Regularly log into company social accounts

Even if you don’t use your company social media accounts, logging into them regularly and ensuring they are secure with no unexpected logins will help to prevent malicious actors from accessing your company data.

This also prevents your accounts from being shut down or rendered inactive, especially after an employee who was in charge of them leaves the business.

Our cybersecurity and social media checklist