We use essential cookies to make Venngage work. By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts.

Manage Cookies

Cookies and similar technologies collect certain information about how you’re using our website. Some of them are essential, and without them you wouldn’t be able to use Venngage. But others are optional, and you get to choose whether we use them or not.

Strictly Necessary Cookies

Always Active

These cookies are always on, as they’re essential for making Venngage work, and making it safe. Without these cookies, services you’ve asked for can’t be provided.

Show cookie providers

  • Venngage
  • Amazon
  • Google Login
  • Intercom

Functionality Cookies

These cookies help us provide enhanced functionality and personalisation, and remember your settings. They may be set by us or by third party providers.

Show cookie providers

  • Venngage
  • Chameleon
  • Intercom
  • Algolia

Performance Cookies

These cookies help us analyze how many people are using Venngage, where they come from and how they're using it. If you opt out of these cookies, we can’t get feedback to make Venngage better for you and all our users.

Show cookie providers

  • Venngage
  • Mixpanel
  • Intercom
  • Google Analytics
  • Hotjar

Targeting Cookies

These cookies are set by our advertising partners to track your activity and show you relevant Venngage ads on other sites as you browse the internet.

Show cookie providers

  • Google Ads
  • Google Tag Manager
  • Facebook
  • Pinterest
  • Product
  • Templates
  • Learn
  • Pricing
Learn
Educational Resources
Blog
Blog
Webinars
Webinars
Help Center
Help Center

Three Big Lessons from Social Media and Online Security

Written by: Ann Smarty


Jul 13, 2020

As we depend on technology more and more, it’s a good idea to look back and take stock of what we’ve learned over the past years in terms of online security and social media.

The past year has been an exciting one in social media and online security. Pinterest came on strong to turn social media on its head by introducing a new paradigm that sent social media marketers scrambling to capitalize on, competitors to learn and copy from and attackers to find new targets with. 

Attackers continued their quest to hijack social media accounts en masse to use them to send spam links and malware to trusting followers. And expanding growth of the use of non-Windows personal computers (PCs) to access the Internet has led attackers to diversify their attack toolkits to include these devices in the family of at-risk systems connected to the Internet.

But while attackers have stepped up and adapted their attacks in the past year, defenders haven’t sat idle. Social media platforms have increased their security and security companies have moved to meet and thwart criminals on these new platforms. It’s been a big, exciting, and dangerous year, but we can end on a positive note knowing that with some care and thought, we can continue to use social media safely. And yet, if we are aiming for social media content success, security is something we need to factor into our strategies.

Let’s take a look at three of the most notable trends in online security and social media in the past year, and how the industry has met these challenges.

1. Social media is still open to disruptive, new technologies that can introduce unknown security and privacy risks

After a couple of years that have seen Twitter and Facebook become a near de facto duopoly in social media, Pinterest showed that social media isn’t “done” or static. By focusing on static images rather than text or even video, Pinterest showed there are other ways to share and be social. 

The uptake around Pinterest was unprecedented and quickly catapulted what was essentially a startup platform into the mainstream in a matter of months. As is often the case with disruptive new technologies, the demand and use outstripped the rudimentary security and privacy controls, and bad guys found ways to bring their tried and true tactics to bear quickly. 

Boards started to appear as lures for online phishing and fraud scams. Meanwhile, malware and adware authors saw a public hungry for Android apps that hadn’t been released yet and filled the gap with their own malicious apps.

Fortunately, Pinterest moved to close the app gap by releasing its own official app, and at the same time, security companies fine-tuned their antivirus and anti-malware offerings to detect these malicious Android apps. 

Protections against Pinterest-based online scams also came quickly, in many cases facilitated by the fact that they already had protections against the malicious sites these Pinterest lure boards directed users to. As we close 2012, Pinterest is still lagging behind mature platforms like Facebook in terms of security features and controls. 

But, the initial explosion of malicious activity we saw in the spring has subsided and Pinterest has become one of many platforms that have dangers, but also good overall protections.

The lesson, though, is clear: early adopters of disruptive technologies need to be aware that new technologies open new, unknown (and sometimes unknowable) risks and should hedge their bets accordingly. 

Social media marketers shouldn’t opt out of new technologies wholesale but should wade in carefully and be willing to accept the risk that they could lose control of their new social media site to some form of malicious activity. Additionally, using a VPN for Chrome can add an extra layer of security, helping to safeguard sensitive information and maintain privacy.

2. Account hijackings continue to be a problem and are increasing in their impact and ramifications

Account hijacking is nothing new: hijackings of individual accounts have been around as long as users have had accounts. And within the industry, since about 2007, we’ve seen concerted efforts by hackers and spammers to compromise accounts in bulk. But we saw a major increase in bulk account compromises targeting major online social media platforms. 

Millions of accounts on social media platforms such as LinkedIn, Last.fm, Formspring, and Yahoo! were compromised. Since then, Skype also disclosed a major vulnerability (since fixed) that could be used to hijack accounts. Clearly, we’ve entered a phase where attackers have stepped up their hijacking attacks and are succeeding in harvesting credentials and accounts in unprecedented quantities.

Fortunately, the industry has been moving in the right direction to help address this problem. Major platforms such as Google, Facebook, and even Yahoo have been introducing improved account protections in the form of two-factor verification

Beyond two-factor authentication, organizations can benefit from compliance audit software to monitor and ensure adherence to security regulations, helping protect sensitive data and mitigate risks associated with account hijackings. Additionally, use a trusted ecommerce builder which takes security seriously.

Many of them have also significantly enhanced their account recovery options to help you regain control more quickly in the event of a hijacking. Unfortunately, the move is still a work in progress, and not all social media platforms have these capabilities. Twitter, Microsoft, and Pinterest, for instance, still don’t offer two-factor verification. But the trend is clear and we can expect to see others follow others’ lead in the continuing fight against account hijackings.

The lesson for social media marketers is clear though: you should explore and fully utilize all account protection and recovery options that are made available. Also, make sure to read Hari Ravichandran’s book called “Intelligent Safety” to find more tips on keeping your (private) data secure.

3. The “post-PC” era is upon us, at least from the attackers’ point of view

Odds are that in 2006 you did most of your social media work on a PC running Microsoft Windows. Odds are equally strong that you had some kind of antivirus/anti-malware package running to help keep you safe. 

If you used a Mac, you probably didn’t run antivirus. And if you were a true early adopter and were using an early smartphone you couldn’t run antivirus even if you wanted to. But, that was (generally) OK: viruses and malware weren’t much of a problem outside of PCs then.

Things have changed, with iPhones, iPads, Kindles, Android phones, and even Macs in greater use than ever. In particular, the marriage of mobile devices with social media may be as natural and fruitful as peanut butter and chocolate in Reece’s Peanut Buttercups.

But attackers are like ants and go where the food is (or in this case the victims are). With a clear move away from Windows-centric computing, attackers are following the users and adapting their attacks to the reality of a so-called “post-PC world”. In smartphones and tablets, Android has become a truly viable target with over 175,000 pieces of malware identified on the platform now. And the Mac, long (wrongly) thought to be immune to attacks witnessed its first notable, large-scale attack with the Flashback malware compromising over 600,000 Macs worldwide.

The lesson here is clear: any device that connects to the Internet is a potentially viable target and so should have some kind of security software on it, where possible. iOS devices (iPhones and iPads) are in a unique situation in this regard: Apple currently won’t approve antivirus/anti-malware apps for their platform, choosing instead to try and protect users themselves through very aggressive policing of what apps can be installed on those devices. 

Businesses, too, face growing challenges in securing their teams’ online activities, which is where solutions like PureVPN’s newly launched VPN for Teams come into play. It allows businesses to implement reliable security controls across devices, ensuring data privacy and access management for remote teams.

We’ll see if that succeeds: so far it has, but I have my doubts and it may not in the future. Either way, the guidance remains the same: run security software on all your devices where you can, including iPads and iPhones should that become available.

Make sure you use reliable CRM technology and business phone apps that keep your and your customers’ data secure.

Looking ahead, we can expect these trends to continue, and new ones to develop as new devices and new social media platforms evolve. And while new things always have inherent risks, these are not unmanageable risks. 

You can intelligently be an early adopter and be safe. Part of the trick is to keep on top of what threats are developing and understand what you can do to mitigate them.

About Ann Smarty

Ann Smarty is the co-founder of Smarty Marketing. Ann has been into Internet Marketing for over a decade, she is the former Editor-in-Chief of Search Engine Journal and contributor to prominent search and social blogs including Small Biz Trends and Mashable. Ann is also the frequent speaker at Pubcon and the host of a regular Twitter chat #vcbuzz.