Drake Software recently fell victim to a social media attack. Is your business just as vulnerable?
It's about protecting your clients, your data, and your reputation.
At some point over the last few days, the Drake Software Facebook page was compromised and its name changed. Initially, it did not appear that any content was altered; however, the page has temporarily been disabled while Drake Software works to regain access. Unfortunately, this event occurs all too often with businesses on social media. Are you taking the precautions to protect your business and your clients?
for bringing this to our attention. Josh is an amazing tax professional with a strong technology background who speaks for Financial Guardians frequently.
Social media is a very generic and broad term that refers to applications, apps, or websites that allow members to interact and exchange ideas. Obviously, this includes providers such as Facebook, LinkedIn, TikTok, X/Twitter, Instagram, Snapchat, and hundreds of others. Businesses have migrated to social platforms in droves to leverage the interconnecting power these tools provide for marketing, networking, educating, and exchanging of ideas.
The risks and mitigations actions discussed below should be applied for BOTH personal and business accounts.
Social Media Attacks
Unfortunately, with the introduction of these new platforms comes the introduction of new risks. These risks include, but are not limited to:
Account Breach An account breach occurs when a malicious user gains access to a social media account through a password hack or breach (one of many types of attacks, including social engineering). This attack usually provides the actor with full access to the account, including permissions, data, and settings.
Shadow/Duplicate Copy A shadow copy of a profile or account occurs when a malicious actor creates a second account that mimics or appears to be the targeted company. It could be as simple as modifying “apple” to “apple_". This attack usually targets clients or followers of the targeted company and attempts to gain access to follower information or details.
Denial-of-Access A denial-of-access attack occurs when a malicious actor continually provides incorrect credentials to lock out an account so the organization cannot gain legitimate access to it.
Comment/Post Flooding A comment or post flood occurs when malicious individuals post (particularly excessively) on an organization’s page or feed with unwanted, unnecessary, spammy, or inappropriate comments, reviews, and posts. This distracts from the overall content and messages the organization is trying to relay.
The Risks
The risks from an attack can be quite extreme and the same for personal or business accounts. The level of impact may vary, but it is important for users to recognize that both their personal and business accounts could suffer damages from a social media attack:
Breach of client/follower data (possibly personally identifiable information)
Based upon what content is breached, a financial institution such as a tax professional, accounting firm, bookkeeper, financial advisor, etc may be required to follow their Emergency Response Plan and complete their Breach Response Action Plan.
Protecting Your Social Media
No matter how limited you believe your exposure or risk to me, it is critical for a business to take as many precautionary steps as possible to lock down and safeguard its social media profiles and accounts.
The more precautions taken, the greater your chance of reducing exposure. Precautions should take place on both your personal and business accounts:
Use Strong Passwords The better your passwords, the more difficult it is to breach. The more frequently they are changed, the more difficult it is to breach. You know this drill. Apply it to ALL of your social accounts.
Use Multi-Factor Authentication (MFA) Yes, we all hate it, but enable MFA on all of your social media accounts. In fact, make sure it is MFA and not just 2FA - the more, the better! Also, reduce the uage of text/sms messaging and e-mailing as much as possible: those methods are much easier to mimic/breach than other methods.
Reduce Access From time to time, a business owner might provide access to their social accounts to employers, contractors, interns, or more. It is important to manage their access as much as possible, terminate their access when no longer needed, and make sure that they protect their personal and linked accounts as well.
Safeguard Social Media Management Tools Many organizations use third-party tools to link and manage their accounts, collect analytics, and manage comments. These tools have high-level access to many social media accounts and should have the same safeguards as all of your account accesses.
Review Tags Many social media platforms allow accounts to be ‘tagged.’ Monitor your tags to ensure you are not tagged in content or by individuals/businesses you do not want associated with.
Educate Yourself on Social Phishing Trends
Phishing (particularly spear phishing) attacks occur very frequently on social media sites. Please review all interactions cautiously before interacting, double-check all tags and accounts before interacting, and encourage more in-depth interactions off of social media platforms.
Monitor Social Media Accounts Frequently
Business owners should monitor their social media accounts frequently for excess or unwanted comments or activity. Turning on notifications or requiring approval for posts/comments/activity can improve the overall ease of managing accounts.
Create a Policy / Don’t Permit Personal Conversations Businesses should have a social media policy for their enterprise and employees as well as expectations for clients and followers. This policy should include permitted usage, approval processes, and expectations. It should clearly state that personal information (particularly PII) should never be exchanged over social media.
Hire Assistance if Needed If a business is overwhelmed or unsure how to manage its social media accounts properly, it should hire either a marketing firm to manage content and interactions or an information technology firm to assist with security.
Complete This for Business and Personal Accounts
Keep It Protected
Hopefully, these suggestions will provide guidance that can help you or your organization improve the security of your business’s social media accounts. If you are ever unsure how to proceed or would like assistance with your technology needs, please reach out to Financial Guardians at protect@yourfinancialguardians.com.
Financial Guardians is a proud member of InCite, the recently launched online community exclusively for tax professionals, bookkeepers, and accountants.
