5 tips to secure your social media channels on World Social Media Day

Today (30th June) marks World Social Media Day which recognises social media's impact on how society uses social media to communicate and to reflect on how the content that is shared is changing rapidly.

Did you know that there are 3.5 billion users of social media and over 60 billion WhatsApp and Facebook Messenger messages sent each day? Or, are you aware that each day there are 500 million people using Instagram Stories and 95 million photos uploaded to Instagram each day?

These figures give a snapshot of just how busy social media channels are, whether these are used for personal, business or educational purposes. There are many positives to using social media, but unfortunately they are also an easy target for hackers and the cyber criminal world.

With 81% of small and medium businesses using at least one social platform to stay connected with their customers, it's essential that business owners take the necessary steps to protect themselves and their customers from cyber attacks.

According to UK Finance, the prevalence of scams beginning on social media increased significantly in 2021, with social media becoming the most profitable way for scammers to operate. This provides cybercriminals with unlimited opportunities to exploit victims through the likes of Instagram, Twitter and Facebook.

"I lost my whole business in seconds" - A real case study

The Cyber Resilience Centre for the South East recently worked with a social media influencer who lost their Instagram platform to hackers. The influence received a message which at first glance seemed like an official message from Instagram. The message was positioned to scaremonger the user into thinking they had violated a copyright law, and in order to prevent the account being closed within 24 hours, they needed to follow the onscreen instructions.

They clicked on the link, logged into their #Instagram account and within seconds were logged out of their account. Their passwords were changed, and they were no longer able to access their account. This is a real example of a #phishing attack where the business owner lost access to a system they heavily rely on.

The business then received a #whatsapp message from the #hacker with instructions of how to pay so they could regain control of their account or face its deletion within 24 hours. The company had built their online presence over the last 8 years, so quite rightly were worried at the potential loss of valuable content and customer contacts.

How can I protect myself and my business and keep my accounts secure?

  • When did you last update your password? Make sure you are using a strong and separate password to protect your email - Don't use the same password on multiple accounts! Make sure that you're protecting your other important accounts, such as banking or social media.

  • Always enable two-factor authentication (2FA). It really simple to set up and will help you to stop hackers from getting into your online accounts, even if they find your password.

  • Be wary of messages which ask for your login details or authentication codes. Despite some messages appearing genuine or claiming to be from someone you know.

  • Use online support or help pages. If you can't access your account, you'll often find information about how to recover your account.

  • Always report suspicious emails you have received. Please forward scam emails to report@phishing.gov.uk. and suspicious texts you have received but not acted upon to 7726

If you think you've become victim to a cyber attack:

  • If you lose access to your account or a hacker has taken control, please follow the NCSC’s guidance on how to recover a compromised account.

  • If you receive a demand for money, do not pay the suspect so you can regain access to your account. It’s likely that the suspect will demand more money instead of giving you control of your account back.

  • If you have paid any money, contact your bank immediately and report it to Action Fraud online or call 0300 123 2040 as soon as possible.

The Cyber Resilience Centre for the South East exists to support sole traders, micro-businesses and SMEs across the region. We offer free membership which will inform you of the current threats gathered by policing intelligence, as well as providing simple steps to take to reduce your vulnerability to an attack. We also offer an opportunity to speak to our Head of Cyber and Innovation regarding your cyber security and concerns.

The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the South East is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the South East provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

The Cyber Resilience Centre for the South East does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the South East is not responsible for the content of external internet sites that link to this site or which are linked from it.