Social media has become an essential aspect of how businesses communicate with their audiences and advertise their products and services in the quickly changing digital market. However, as people rely more on social media platforms, small businesses are getting more prone to cyberattacks.

India is the third most targeted country for phishing attacks on a list of 111 countries. Moreover, Accenture’s Cybercrime study reveals that nearly 43 per cent of cyberattack victims are small businesses. Only 14 per cent of these SMBs are prepared to face such an attack. Furthermore, on average, SMBs spend between $826 and $653,587 on cybersecurity incidents.

Therefore, there is a greater need for effective cybersecurity measures to protect small and medium-sized enterprises (SMEs) from potential attacks and vulnerabilities.

To discuss the same, SME Futures spoke with Bhaskar Ganguli, Director, Marketing and Sales- Mass Software Solutions Pvt. Ltd, a SaaS company that provides a variety of solutions for MSMEs, about practical steps that SMEs can take to improve their social media cybersecurity and protect their online presence.

Edited Excerpts:

For small businesses social media does wonders. For the uninitiated or the first-time users, what are the best practices to ensure social media security?

MSMEs should take some steps to protect their identities on such platforms like two-step verifications that verify the identity of the person logging in and ensure that only authorised individuals can access it. Also, enterprises that are new to this media must be aware of their digital footprint, meaning sensitive information like accounts or location must be shared with discretion. On an organisational level, workshops must be arranged to increase employees’ awareness about the red flags of a compromised social media profile.

What’s your opinion about using third party tools to enhance security, or regularly updating social media apps and checking privacy settings?

Using third-party tools to improve security can be beneficial if you use renowned and trustworthy ones. Additional layers of protection such as antivirus software, firewalls or password managers can help secure your devices and personal information from various risks.

It is essential to keep social media apps up to date. Software updates frequently include security patches that repair vulnerabilities and safeguard against potential exploits. Updating your apps ensures that you receive the most recent security features and lowers the chances of unauthorised access to your social networking accounts.

Most importantly, check the privacy settings on your social media platforms to maintain control over your personal information. You can control who can see your posts through privacy settings, photographs, and other personal information. It is essential to check and customise these settings based on your preferences and comfort level. Regularly monitoring and updating privacy settings can assist you in efficiently managing your online privacy.

Every post in each social media profile connected to a business could let cyber criminal’s deploy social engineering techniques. How can this be avoided?

Every post is fodder for hackers to manipulate information on social media for their benefit. MSMEs should remember that hackers play into the vulnerabilities and attack where it hurts most. Companies should not disclose financial reports, contracts and other sensitive documents that could be misused. Add more security by enabling multi-factor authentication (MFA) for all social media accounts to avoid this scenario. Use different secure passwords for each social media presence, and think about using a password manager. 

Establish explicit protocols for handling social media demands for sensitive information or financial transactions. On the other hand, implement a verification mechanism before reacting to or acting on requests made through social media channels.

Awareness about social media awareness should be spread so that employees share information wisely. 

Can you share tips on identifying phishing attempts and malicious links that might help to prevent cyberattacks. Additionally, what should be done to maintain a positive reputation?

When hackers pose as legitimate organisations to extort money from innocent and trusting clients, it is called phishing. Your best defence against such traps is awareness. Usually, such messages promise some reward or warning about an emergency. They elicit an urgent response from the reader. Avoiding such statements is in your best interest.

In addition, clicking on questionable or unexpected links, particularly those sent from unknown sources or through unwanted messages, should be avoided. Instead of relying exclusively on provided links, check the credibility of a link by visiting the official website directly. Shortened URLs should be avoided since they can conceal the actual destination. Before clicking on a link, use URL expansion services to discover where it leads.

Social media is used as a marketing tool by MSMEs. Advice to increase the efficiency and security of these tools would be beneficial to many.

It all starts with a solid password. By that I mean a complicated arrangement of text, numbers and symbols. This will stop a hacker from entering your virtual space at the first step itself. Also, personalise your privacy settings as the default ones are very permissive and let malcontents abuse your information. Be aware of every toggle in the privacy settings and update your settings regularly. Lastly, be mindful of what you share and with whom because a good instinct more than anything else, will serve you well.