small businesses have had their social media accounts hacked in the last three years, a new study has found.
One in five (20 per cent) have fallen victim to cyber attacks on sites such as Facebook and Twitter, with more than half (54 per cent) admitting it had caused ‘significant’ damage to their business as a result.
Almost two thirds (64 per cent) of social media hackers also demanded cash ransoms in return for handing back control.
But although the threat still persists, more than a third (38 per cent) of all owners and managers had no processes in place for dealing with hacks and less than half (42 per cent) of those hit had reviewed their processes since.
The research carried out by business law specialists, Slater and Gordon, revealed worrying levels of vulnerability at 500 UK SMEs.
Sixteen per cent of bosses didn’t know how to access their company’s social media accounts and one in four (25 per cent) had been locked out on at least one occasion because whoever had the login details had left the company or gone on holiday.
Just 40 per cent of businesses had a dedicated social media manager, with one in four (25 per cent) leaving it to younger or junior members of staff – or even those on work experience (six per cent).
Steve Kuncewicz, business advisory lawyer at Slater and Gordon, said: “Increasingly, a business’ greatest asset can be its digital and social media presence. But it can also be its greatest vulnerability.
“It can take years to build up a following, but a few seconds to destroy it with a careless tweet or post or not being able to respond quickly enough to negative comments and feedback or a hack.
“It is concerning that so many business leaders don’t know the login details to their firm’s accounts to prevent this from happening.”
“Senior managers and owners can be inclined to leave managing social media to younger or more junior staff because of a lack of knowledge about the digital world and an assumption that they know better.
“This is a serious mistake. Implementing a process to sign off content, manage who has access to accounts and react if you suffer a social media incident is vital in this day and age.”
One in four managers (25 per cent) said they checked rarely, if at all, to see what their firm was saying on social media – or what people were saying about them. Sixty per cent showed the same disregard for popular review sites such as Trip Advisor and Glassdoor.
More than a third of businesses (36 per cent) did not have a social media policy and 40 per cent offered no training to staff about posting comments on personal accounts that could bring the firm into disrepute.
Steve said many companies still underestimate the power of platforms like Facebook, Twitter, YouTube and LinkedIn, despite spending on social media advertising expected to hit £28billion worldwide this year.
Almost two thirds of SME managers (65 per cent) were not familiar with the Advertising Standards Authority’s CAP code of conduct and one in 10 (10 per cent) had fallen foul of it already.
Steve said: “We have seen countless examples of how incidents can be amplified by social media which can cause major long-term damage to a company’s reputation and bottom line. Also the speed with which potentially damaging events can develop or go viral in the digital age highlights how important it is to be prepared and have robust processes in place.
“Five hundred million people are using LinkedIn now including 23 million in the UK alone, which shows how fast-growing and far reaching just one platform can be. Social media can be a very powerful tool for those who know how to use it, but failure to recognise that and take it seriously could have potentially damaging consequences for a business.”
He added: “We see all too often that SMEs only identify the risk once it’s too late, after they’ve suffered a hack or some sort of serious reputational damage because of a careless or malicious post.
“Almost no one is immune from these risks. Even the biggest and most secure organisations in the world have at one point suffered serious damage due to failures to safeguard and control their digital or social media assets.”