Cybersecurity is a topic that, even in 2023, far too few individuals, influencers and companies are addressing. Often, the problem is that the added value of the expenditure is not seen and thus budget flows into something that is considered “not mandatory” in the first instance. Looking at a study conducted by KPMG in 2022, this approach is simply wrong. 67% of the Austrian companies surveyed were victims of a cyberattack in the last 12 months. This led to financial damage for some, which can also be existentially threatening. Influencers are unfortunately not protected from this and are equally affected as companies. But why are social media personalities at risk and how can they effectively be protected?
Consider influencers as a normal business
Influencers, or public figures in general, shouldn’t be viewed any differently than a company. Because although it often seems like only one person is acting, that’s usually only the case with nano and micro influencers. All other groups usually have support in pretty much all areas, as they simply have a too large follower base. If you compare a company and their size with the amount of followers of an influencer, you can very quickly see a correlation when it comes to the attack surface. The more users follow, the more staff is needed and the risk increases. In addition to this, there is also the generated interest. While a classic company, individually considered, is not in the public eye, they are more likely to be selected by hackers based on sales/profit or by accident. While this is also true for public figures, individual individuals might additionally have a personal interest. This poses great dangers, because it is still possible to infiltrate any system. The only question is how great the interest is and how much time it takes.
What happens in a cyber attack on a traditional company is seen every day. But you can also find enough information about influencers, streamers and general social media personalities. For example, in April 2022, the Youtuber Julien Bam was successfully hacked and his YouTube and Instagram channels were taken over. The consequences in this case? The sustained loss of followers, a significant loss of trust and financial damage. None of this would have been necessary, considering the attack path. At that time, it seems that a classic phishing email was responsible for the infection of a single PC. Any password or authentication with MFA, no matter how strong, is irrelevant here because the user was already logged on to the PC. But a simple EDR solution with monitoring, for around 150€ a year, could have prevented this. To expand this, we would also suggest phishing tests with suitable software to sufficiently sensibilize the employees.
Lack of knowledge
In this case, it turned out well and his team fixed the problem, but here too lie the pitfalls. As a rule, many MSPs or IT-savvy employees believe that a simple scan of the PC with a free anti-virus program would be sufficient. Unfortunately, this is often not the case, as can be seen in this incident. If you look at the clip linked above, you need to pay close attention to the approach. “172 Trojans found, half of them mining, i.e. crypto-mining!”, is claimed. This statement is simply incorrect, because 172 Trojans being on one PC is almost impossible. We rather suspect that one Trojan and 172 artifacts were found by the scanner. All with a different purpose. The description and measures taken indicate that no specialists were involved. Thus, there is a lot of room for improvement in the remediation, and it is questionable whether all the attackers’ files were really removed.
Strengthening cybersecurity for influencers
How quickly a company comes to a standstill or an influencer no longer has a job can be seen very clearly in the example above. That is why it is even more important to strengthen cybersecurity. This starts with trivial things like proper email address management and ends with security software and awareness training. Choosing a secure password and activating MFA is a good step, but no longer sufficient. Attackers come in many different ways, which is why a wide variety of steps must be taken.
Strong password and MFA
Let’s begin with the simplest and cheapest methods to effectively protect yourself from cyber attacks. Use a password with a minimum length of 20 characters for each account and have no personal relation to the content. Additionally, the password should be different for each site. Enable multifactor authentication on all channels to implement another securitylayer. Additionally, follow the best practices of each platform. These are updated on an ongoing basis and can often be found in the Help Center.
The correct email management
One of our most popular tips for our cybersecurity concept for influencers is to use an email relay. This involves creating a dedicated alias email address for every social media account, every registration on a third party site and simply any other account. The service forwards the received data 1:1 to your main mailbox. With the help of this, you can see which provider is disclosing your data, you can change it within seconds for just one account in case of a leak, and you don’t run the risk of giving away your real email address (if the provider should ever lose data). We currently recommend the Firefox Relay service, which costs around 12€ per year.
Images and video footage
The main task for people in public life is and remains the production of content. Problems can often arise when documents, images, locations or other unique features are seen on this content. Therefore, pay attention to what is shown on the Internet at all times and check all images and videos sufficiently often to avoid such mistakes.
VPN and password vault
After the above steps have been taken, it is necessary to increase the protection of the accounts a bit. For this, a VPN and password safe come into question, as they are easy to integrate into the daily working routine. In order to really be able to fulfill a password length of 20 letters and also share/manage them among your own employees, a password safe is a good tool. We use Nordpass for this and support our customers in the administration. Please note the difference between consumer password safes and business password safes.
A VPN is another good method to improve the security. However, you have to clearly distinguish between classic consumer VPNs like NordVPN, ExpressVPN, Surfshark and others. Unfortunately, not every use case can be covered with such products and the protection of the data falls short at some points, which is why we recommend a business VPN. This way, all employees can be protected in one instance and functions such as split tunneling enable latency-free streaming. For this we use Nordlayer at Zettasecure.
Protect your local devices
The PC or that of the employees is one of the central locations for streamers, content creators or influencers. That’s why it needs to be protected and monitored accordingly. Classic, or as we call them, leagacy anti-virus solutions are no longer sufficient today and are often the main problem. They convey a certain protective effect and drive people to act more carelessly on the Internet. As a result, most protection mechanisms are useless once the PC is infected and all existing accounts are taken over. Therefore, protect all devices with an effective endpoint security software. We use Sophos or SentinelOne for this, depending on the deployment scenario. But don’t forget about monitoring! Security is a living process and must be permanently adapted or changed. After all, it’s no use if a threat is detected but nothing is done about it.
Most companies send their employees to annual awareness training sessions. These trainings explain the current attack paths and teach the correct behavior. Do the same and explain the dangers and risks that can come from just one email. Alternatively, you can do an initial assessment and check how vulnerable your company is. For this we use a phishing email simulator.
Open Source Intelligence
In the course of private life, a lot of information is collected. Whether shared by yourself or by friends, associates or partners. All of this information is important to attackers and at some point gives insight into the thoughts, behaviors, and habits of everyone. While this is usually not so critical for individual persons, it is a completely different matter for influencers. It is essential to know at all times what data is on the Internet and what can be done with it. That is why it is important to make a so-called OSINT assessment of one’s own person in order to proactively plan measures against it. As an example:
Is the picture of my cat on the Internet? Then in any case you must not have a cat reference in the password or in the security questions on some sites.
Cybersecurity for influencers is an important topic and since these companies are 100% dependent on the accounts, adequate security concepts are absolutely necessary. After all, a successful attack can bring the company to a standstill within seconds and result in serious consequences. Simple password rules and multifactor authentication are only a good start. However, more is needed to achieve a fully comprehensive protection.
With our concepts, analyses and support, we help customers every day to prevent a successful hacker attack. Get a free consultation and let us explain how we can help you grow more securely. You can find more information on the following website.