May 4th is World Password Day – a good opportunity for organisations to assess how they’re protecting some of their most overlooked accounts: social media
When business leaders consider the role of password security in preventing data breaches, they naturally focus their attention on the most obvious weak points, such as employee email accounts and network passwords. However, social media passwords pose unique security issues that companies are sometimes ill-prepared to address. Whether due to an internal policy or if social media is outsourced to a third party agency, this lack of password security could be putting organisations and their reputations at risk.
Ways organisations expose their social media passwords
The lack of centralised, secure social media password management leaves businesses vulnerable to cyberthreats. In social media agencies, for example, unnecessary risks could start as early as the customer onboarding process when clients insecurely share their social media passwords with their agency through unencrypted emails or messages.
Another common mistake is that passwords are regularly stored in a spreadsheet or text file which creates a single point of failure. If this document is compromised, all accounts are compromised. Similarly, if the same password is used for multiple social media accounts, which is often the case, cybercriminals can more easily access other accounts if one is compromised.
Using weak passwords, or ones that have already been compromised as part of a public data breach, leaves accounts vulnerable to credential-stuffing and password spraying attacks. Oftentimes, social media teams will be completely unaware unless they have measures in place to alert them to any weak or compromised passwords that are available on the dark web.
Securing corporate social media passwords
All social media accounts should be protected by strong, unique passwords that are stored and shared securely. Additionally, these passwords should never be sent via email or SMS, where they could potentially be intercepted by prying eyes.
A password manager is essential for securing social media accounts, especially if they need to be accessed by multiple people. A password manager can automatically generate strong passwords, store them in an encrypted vault, and allow employees to securely share the credentials with anyone who needs access.
Another advantage of a password manager is that it makes it easier for teams to protect accounts with two-factor authentication (2FA). Any user logging in with the password manager will have immediate access to 2FA codes through the shared record. This means they won’t have to ask their colleagues to send them the code through an insecure channel. Controlling access to employee and contractor accounts through role-based access control (RBAC), in conjunction with the principle of least privilege access, also limits access to the company’s social media accounts to only those employees who need it.
A lack of centralised password management increases the risk of an insider threat and a threat actor’s odds of successfully accessing the company’s social media accounts. Without a secure password management solution, it’s not possible to properly secure shared accounts with enterprise grade multi-factor authentication, making accounts even more vulnerable to compromise.
World Password Day is a fantastic opportunity to secure social media (as well as many other types of) accounts. A password manager can drastically reduce the chances of a compromise that can hurt a company’s reputation or brand.
