A barrage of serious brand threats now run rampant across social networks: account takeovers, brand impersonations, promotion scams, malvertising events, counterfeit sales, trademark violations, phishing, hashtag hijacking, and more. Each issue can negatively impacts brands and inflict real financial damage. If just one promotion scam with a brand goes viral on social media, like the fake Delta Air Lines Facebook page offering discount promotions last summer, it can result in massive spikes in customer service volume and force public apologies and compensation offerings to appease irate customers – all for something that wasn’t even the brand’s fault.
The problem is that major social networks can’t keep up with the proliferating brand threats pervading their ecosystems. The high volume of visible social media fraud activity led security experts at RSA to go so far as to call the issue a “global epidemic.” Social networks struggle now more than ever to keep brands safe because:
- False accounts inundate every social platform. False accounts are a gold mine for cybercriminals, and social networks can’t stop them. Despite Facebook’s best efforts, up to 2% of its 1.59 billion monthly average users (MAUs) are false accounts – which means more than 31 million false accounts remain active on Facebook’s platform today, on a rolling basis. Similarly, 5% of Twitter’s MAUs are false, while recent research estimates that 8% of Instagram accounts are false. These are just the numbers that social networks willingly admit exist. Meanwhile, cybercriminal account creation gets more sophisticated, meaning that scores of additional accounts are likely active beyond officially reported numbers.
- Detection and resolution processes remain highly manual and obscure. Despite the rapid growth of digital brand risks, social networks have done little to advance threat detection and reporting. For example, LinkedIn even stated that it “doesn’t have a reliable system for identifying and counting duplicate or fraudulent accounts.” For issues that do get reported, social networks are far from transparent in their resolution processes, offering little, if any, context about expected timeframes, status updates, or details about final decisions. In fact, brands report incredibly wide discrepancies for social networks to resolve takedowns, taking anywhere from a couple hours to several weeks.
- Other security and privacy issues take precedence. Public scrutiny over a myriad of security and privacy issues continues to intensify for social networks. In just the past year alone, social networks have dealt with accusations of holding an innate political bias, of fostering hate speech, of doing too little to combat terrorism, and of just the opposite, assisting security agencies too much. With all of this on their plates, improving individual brand security issues remains lower on social networks’ priority lists.
Here’s how brands can take control
Brands can’t rely on social networks to stay safe. Brands have to take matters into their own hands to ensure a consistent, reliable experience at every customer touchpoint. To take back control and better protect the digital brand, businesses should:
- Continuously monitor for threats. Receiving media requests, customer complaints, or social activist messages means it’s already too late. You have to detect risk events before anybody else. Target learned this the hard way when it was caught off guard by a fake customer service Facebook account that antagonized already upset customers on a day of a particularly contentious corporate announcement – for 16 hours! Avoid this by proactively monitoring not just for upticks in negative customer sentiment, but for a variety of brand threats and risk events that could otherwise become a major crisis and result in serious reputational damage.
- Tighten personal relationships with social networks. If a fake account imitating your brand appears, do you know who to contact at Facebook, LinkedIn, or Twitter to get it taken down? You can submit the standard request online, but there’s no telling how long it will take. If the matter’s urgent, knowing the right employees at the social network can be instrumental, potentially expediting issues by hours or even days. If you’re a brand with a big social ad budget, your dedicated account reps can be highly effective in these situations since they have a vested interest in keeping your brand happy and the ad spend growing.
- Seek out your counterparts in security and risk. Far too often, security and risk teams avoid the brand, believing it falls out of their realm of responsibilities. But they are the internal stakeholders brands desperately need. Already well-versed in tools and techniques to identify, mitigate, and prevent cyber-risk, security and risk pros can apply their acumen and protect an increasingly critical, but vulnerable corporate asset, the digital brand.
In ironic fashion, find me on Twitter @nickhayes10 to keep this conversation going.
Nick Hayes is an analyst at Forrester.