Social Media Issues: Why You Should Secure Your Social Networking?

In recent times, it was reported by Facebook that 83 million of its accounts were spurious, which, in practical terms, could be the entire population of Germany. So, who owns these fake accounts? As of now, no one knows, though it's clear that these bogus accounts are not used for charities or for promoting a good cause - it's most likely the other way around. Therefore, it should be common sense to take precautions while socializing on social media.

Furthermore, since the invention of the internet, it has enabled us to do lots of things - including chatting on social media website with friends, family and perhaps strangers. More than often, you'll receive a friend request from a complete stranger, and it's likely that - without thinking twice - you'll accept that stranger's friend request - especially if you find that unfamiliar person interesting or attractive. Conversely - once they have earned our trust - many of us often reveal our personal information to strangers without truly knowing the consequences of this naïve, yet critical blunder. Without having any second thoughts- we have a tendency to divulge small, but important pieces of personal information - which may not seem important to you - but can reveal key details about your identity. To make matters worse, imagine if there was a hacker on the other end? It wouldn't take long for this cyber-criminal to put the pieces of your identity's puzzle together, and before you know it, all or most of your critical accounts could possibly be hacked.

Additionally, once this e-crook has access to your account, he or she would easily be able to gain trust from your friends and hack most their accounts using Phishing - fake websites developed to retrieve user account and passwords. Other than phishing, there are plenty of other methods which can be employed by hackers to gain access to victims' accounts, such as malware and brute force.

Nonetheless, you can protect yourself by utilizing the following privacy protection tips:

If you don't know them, don't add them:

The title is self-explanatory for this tip. If you get a friend request from an unknown person, simply don't accept their friend request.

Make use of the privacy restriction options and features:

Most social media websites let you customize your privacy. It's recommended that you limit your profile visibility, this way you can minimize your chances of becoming a victim of e-crime.

Prevent hackers from breaching your personal computer:

Install and update your antivirus software religiously, as this can prevent sophisticated malware from entering your personal computer. Finally, add a second layer of protection by encrypting your important and sensitive data.

Malsubjects and Malware: The Malicious Combination

"Malsubject" (Malicious Subject) is an unauthorized individual or subject whose activities are intended to break into an Information System (IS) with malicious intent to compromise the information's confidentiality, integrity, or availability of organizations and individuals. Malsubjects include hackers, cyber-thieves, spammers, hacktivist, and nation states among many others.

It is easier to identify these individuals in the cyber security space by one common name instead of several, such as bad actors, threat actors, bad guys, cybercriminals, and others. The term malsubject defines these individuals regardless of their intended actions. After all, their intentions are always malicious in nature, no matter who they are or what we label them.

The term "malware", or Malicious Software, is defined by the National Institute of Standards and Technology's (NIST) Glossary of Key Information Security Terms as "a program that is inserted into a system, usually covertly, with the intent of compromising the confidentiality, integrity, or availability of the victim's data, applications, or operating system or of otherwise annoying or disrupting the victim." Malware by this definition include viruses, worms, trojan horses, or other code-based malicious entity that successfully infects a computer system.

Because "malsubject" provides an opportunity to identify all types of "cyber bad guys" with a single term, the term "malware" ought to include, in addition to malicious programs, malicious hardware (e.g. ATM and gas pump skimmers) or malicious techniques (e.g. social engineering). Malicious hardware gets inserted into a system (physically and covertly) with the intent of compromising the victim's data. Malicious techniques are also used on individuals with the purpose of tricking them into performing actions or divulging information in order to gain access to information system's data. As a result, I use "malware" in general terms to identify malicious software, hardware, and techniques used to perform cyber-attacks.

In the world of cybercrime and cyber warfare, the fight is always aimed to prevent malsubjects and malware from penetrating information systems of public and private organizations as well as individual systems. It is clear that malsubjects using selected malware can identify, target, and attack all types of IS infrastructure. Once an attack is successful, the results and consequences of these malicious actions become a series of unfortunate events played against individuals and organizations.

The latest Verizon's 2013 Data Breach Investigations Report (DBIR) stated that the 2012 combined dataset of security incidents analyzed for the report represented the largest they have ever covered in any single year, spanning more than 47,000 reported security incidents; 621 confirmed data disclosures; and at least 44 million compromised records. Unfortunately, these security incidents will continue to become regular news as malsubjects intensify their efforts using more and more sophisticated malware. For example, the recent malsubject attack on the Target Corporation produced a breach that exposed personal information on millions of its customers.

An effective cyber defense against attacks from malsubjects requires technologies, people, and processes capable of preventing or mitigating the damage caused by their malicious activities. Effective security controls and security awareness training are the best weapons against their intrusions.

According to NIST, "using the risk management tools and techniques that are available to organizations is essential in developing, implementing, and maintaining the safeguards and countermeasures with the necessary and sufficient strength of mechanism to address the current threats to organizational operations and assets, individuals, other organizations, and the Nation".

Well implemented security controls based on appropriate risk management tools and techniques increase the odds of preventing many of the cyber-attacks currently affecting information systems and infrastructures all over the world.

In today's cyber space malsubjects span from one individual to organized crime groups and nation states capable of conducting sophisticated cyber-attacks from the most remote places in the world. All they need is a communication line to the public internet or private networks and the use of well-crafted malware to reach their targets. We might not be able to prevent them from reaching the system boundaries, but with good implementation of security controls; appropriate risk management tools and techniques; and constant security awareness training for organizational staff and the general public, we can slow down and someday we might be able to stop their advances.

Understanding How Anti-Virus Software Works

A computer virus is a self-replicating program which installs itself on your computer without your consent. It does so by inserting itself into other programs, data files, or the boot sector of your hard drive. Once this happens, the affected areas are said to be 'infected'.

The vast majority of viruses perform some sort of harmful activity on their hosts. A virus may access your confidential information (such as your banking details), corrupt data or steal hard disk space or processing power, log your key-strokes and spam your contacts. If you are extra lucky, however, it might only display humorous, scatological or political messages on your screen.

Anti-virus software is used to detect and remove computer viruses. It consists of two basic types: signature scanners and heuristic detectors. Signature scanning is used to identify known threats, while heuristics are used to find unknown viruses.

Infected files

In the old days... less than a decade ago... most viruses were contained in executable (or program) files, ie files with extensions such as .exe or .com, so anti-virus software only had to check these kinds of files. Nowadays anti-virus software has to check a greater variety of files, including Microsoft Word documents and other non-executable (and seemingly harmless) files.

In MS Word, a macro is a set of instructions you record and associate with a shortcut or name. You can use a macro, for example, to save the text of a legal disclaimer. You can then add the text to any document you are writing (without having to retype the disclaimer) by just pressing the particular shortcut key combination or clicking the macro name.

Despite the time they can save, macros present a risk. Rogue programmers can use them to hide viruses within documents which they send as email attachments to unsuspecting victims. Once they open the attachments, the victim's computer is infected.

Nasty little programs can also be embedded in other non-executable files, so that opening these files can result in infections.

Some email programs, such as MS Outlook Express and Outlook in particular, are vulnerable to viruses embedded in the body of an email. You can infect your computer just by opening or previewing a message.

Identifying viruses

There are several methods which antivirus software can use to identify files containing viruses: signature scanning, heuristic detection, and file emulation.

Signature scanners

Signature-based detection is the most common method of identifying viruses. It involves searching the contents of a computer's boot record, programs, and macros for known patterns of code that match known viruses. Because viruses can embed themselves anywhere in existing files, the files have to be searched in their entirety.

The creators of the anti-virus software maintain the characteristics of known viruses in tables called dictionaries of virus signatures. Because thousands of new viruses are being created every day, the tables of virus signatures have to be updated regularly if the anti-virus software is to be effective when it checks files against these lists.

To avoid detection, rogue programmers can create viruses that encrypt parts of themselves or that modify themselves so that they do not match the virus signatures in the dictionary.

In practice, the signature-based approach has proved very effective against most viruses. However it cannot be used to find unknown viruses, or viruses that have been modified. To counter these threats, heuristics need to be used.

Heuristic detectors

Heuristic-based detection involves trial-and-error guided by past experience. Heuristic detectors will, for example, look for sections of code that are characteristic of viruses, such as being programmed to launch on a particular date.

The use of generic signatures is a type of heuristic approach that can identify variants of known viruses by looking for slight variations of known malicious code in files. This makes it possible to detect known viruses that have been modified.

File emulation

File emulation is another heuristic approach. It involves running a file in a sandbox, an isolated part of a computer in which untrusted programs can be run safely, to see what it does.

The actions the program performs are logged and if any of these are deemed to be malicious, the anti-virus software can carry out appropriate actions to disinfect the computer.

Memory-resident anti-virus software

Memory-resident anti-virus software installs programs in RAM that continue to operate in the background while other applications are running.

A computer's hard disk is where computer programs and files are stored, while RAM (random access memory) is the memory that programs use when they are running. When starting, a program is first loaded into RAM. Once programs have finished running they exit RAM. In addition, RAM is volatile, ie when the power is turned off everything in RAM is wiped out. By contrast, the programs and files on your hard disk remain when your computer is powered off.

Memory-resident anti-virus programs monitor a computer's operations for any action associated with viruses, such as downloading files, running programs directly from an internet site, copying or unzipping files, or attempting to modify program code. It will also be on the look out for programs that try to remain in memory after they've been executed.

When they detect suspicious activity, memory-resident programs halt operations, display a warning message, and wait for the user's OK before allowing operations to resume.

Drawbacks

Despite its undoubted benefits, antivirus software has a few drawbacks. Because it uses computer resources, it may slow your computer down a bit, though this is not usually very significant.

No anti-virus software can provide full protection against all viruses, known and unknown. Once installed, however, it can lull you into a false sense of security. You may also find it difficult to comprehend the prompts and decisions the software throws up on your screen now and then. An incorrect decision may result in an infection.

Most anti-virus software uses heuristic detection. This must be fine-tuned in order to minimise false positives, ie the misidentification of non-malicious files as a viruses.

False positives can cause serious problems. If an antivirus program is configured to immediately delete or quarantine infected files, a false positive on an essential file can render the operating system or some applications unusable. This has happened several times in recent years, even with major anti-virus service providers such as Symantec, Norton AntiVirus, McAfee, AVG and Microsoft.

Anti-virus software can also pose its own threat, because it usually runs at the highly trusted kernel level of the operating system, thus creating a potential avenue of attack. It needs to do this in order to have access to all potential malicious process and files. There have been cases where anti-virus software has itself been infected with a virus.

Finally, it's best to remember that not all heuristic methods can detect new viruses. This is because the rogue programmers, before booting their new viruses into cyberspace, will test them on the major anti-virus applications to make sure that they are not detectable!

Rootkit Infections

A rootkit is a software program designed to provide an intruder with administrator access to a computer without being detected. Its purpose is almost always malicious.

A rootkit provides the intruder with administrative privileges, the highest level of permission that a user can have. The administrator has total freedom within the computer system, which means that he or she can install and uninstall programs, delete files, and change configuration settings, among other activities.

How you get infected by a rootkit

There are several ways in which your computer can become infected with a rootkit. They can come wrapped in email attachments or bundled with programs you download. You can become infected just by visiting a malicious site. Rootkits can also be loaded from a disk or USB drive by a malefactor who obtains access to your computer for just a few minutes.

Once a rootkit has been installed, it will create a backdoor, a hidden method for obtaining access, so that the intruder can re-enter your computer at will. This is usually done with a daemon, a type of program that runs unobtrusively in the background waiting to be activated by the occurrence of a specific event such as a particular intruder attempting entry through a specific port.

To break into a computer that follows good security practices and successfully install a rootkit takes skill and patience. Doing so however can be rewarding for malefactors as they can collect sensitive data, such as financial information, user names and passwords, and so on. Rootkits can also be used to send spam messages.

How rootkits are hidden

The success of a malicious rootkit depends on its ability to remove any traces of its existence and activities.

For example, a rootkit can modify system logs so as that all references to its insertion, to log-ins by the intruder and to the running of programs by the rootkit are either not recorded or are deleted.

A rootkit can hide by replacing standard system utilities, such as find, ls, netstat, passwd, ps and who, with modified versions.

For example, a modified version of ls, which is used to list files, might not display the files that the intruder wants to keep hidden. A modified version of ps, which shows the processes currently being run, might be not display processes launched by the rootkit.

Types of rootkits

Rootkits can be classified into three different types, depending on the level at which they operate: application level, kernel or BIOS.

In application level rootkits, genuine executable files that form part of an application are replaced with modified executable files.

The kernel is the core of the operating system. With kernel level rootkits, a portion of the kernel code is replaced with modified code. When this happens, systems calls, ie requests made by the software that's running for a service performed by the kernel, can be replaced by modified requests.

BIOS stands for 'basic input output system'. BIOS is a small program that controls a PC's hardware from the moment the computer's power is turned on until the main operating system takes over. A BIOS level rootkit is installed within the BIOS. It is much more difficult to detect and remove than rootkits at the other two levels.

Currently, almost all rootkit infects are at the first two levels. BIOS rootkits are not very prevalent yet but they are expected to become more common in the future as BIOSs become more complex and are redesigned for easy updating.

How rootkits are detected

Rootkits, by their very nature, can be very difficult to detect, and you can never be sure that any rootkits present in your system have been detected or that suspected rootkits have been wholly eliminated.

The basic problem with trying to detect rootkit infections is that, where the operating system may have been affected (as with a kernel level rootkit) it cannot be trusted to find illegitimate modifications of its own components.

Detection can take a number of approaches. Anti-virus software can search for behavioural signatures that indicate the presence of a rootkit. In difference-based detection, the expected results of a test operation are compared with the actual results. In integrity checking, original program code can be compared with the latest code to see if unexplained changes have been made.

Most of these techniques only detect application level rootkits. Extracting a copy of the contents of the kernel and performing a forensic analysis offline can detect kernel level rootkits because, being offline, the rootkit cannot take any measures to cloak itself.

How to remove a rootkit

A number of security-software vendors offer tools, usually as part of a suite of anti-virus software programs, to automatically detect and remove rootkits. Examples include Windows Malicious Software Removal Tools.

But most of these tools can only detect and remove some rootkits, and will fail against well-written kernel-level rootkits.

Thus, many experts believe that the only reliable way to remove rootkits is by re-installing your operating system and applications. Doing so is considered safer, simpler and quicker.

However, this too is not a 100% sure thing. Because BIOS level rootkits are stored on a memory chip rather than on a hard drive, they can survive the complete reformatting of your hard disk that occurs when you re-install your operating system. The only real solution to a BIOS level infection is to replace the hardware.

If you are a typical computer user, you will probably find that detecting and removing rootkits is very difficult and presents a daunting task. And indeed it can be.

Expert help - your best bet, if you suspect that you have been infected by a rootkit, is to use an online computer maintenance and repair company who can (with your permission) enter your system and run a series of checks to determine whether you have a rootkit and, if so, remove it. The cost should not exceed €25 for both detection and removal.

Multifunction Printer: Hidden Security Threats People Should Know

Although it took businesses and individuals some time to protect their networks and computers from malware and viruses adequately (and there are still breaches), it seems that many companies are now taking their sweet time when it comes to protecting their multifunctional printers. According to security experts, these commonly used printers found in offices and homes worldwide, pose a serious risk to networks simply because most people don't yet regard them as security threats.

Assessing the Threat

Networked multifunctional printers can provide access to business networks if they are not adequately secured. Many experts have been warning about the importance of shoring up these security gaps, but businesses and their employees have been slow to do that. Experts point out that the printers render the network just as vulnerable to the threats of hackers as PCs and other devices do. Yet even many IT professionals overlook their network printers and do not protect them as they should.

The Cost of a Breach

According to a report by Forbes, the average cost of a security breach lies in the neighborhood of $5.5 million for a company (Source: "The Hidden IT Security Threat: Multifunction Printers", Forbes). Yet that's just the financial damage. Companies suffer a blow to their reputations as well. A company that cannot adequately protect its data from hackers loses credibility among its clients, customers, or potential customers. In that sense, the cost is enormous. Even though companies spend large sums on managing their security risks, they are often missing some essential gaps like the printers.

How Bad Is the Risk?

Most people believe that the greatest security threat for IT networks comes from computers. Yet experts have stated that hackers can launch their full-scale attacks through multifunctional printers if the devices' access points aren't protected. Think of these printers as a back door. Once the hackers are inside, they certainly don't care how they got in; the point is they got in. The risk is even more complicated as many employees have admitted that they don't know about multifunctional printer risks or haven't taken the risks seriously. Does your business know that employees are following security protocols regarding all IT devices?

Securing Multifunctional Printers

Many companies are now purchasing their multifunctional printers that are already loaded with the necessary security software. Other businesses are working with vendors that specialize in secure printing solutions. These providers understand the inherent security needs of printers far better than most companies do. Their expertise can help businesses find the solutions they need for reliable security 24/7.

While there is no need to be fearful about purchasing multifunction printers, it is important to understand that they can compromise security when not effectively secured. These essential office items simply need to be securely protected along with all other network devices. Be sure to discuss implementing security procedures with your IT staff too. Everyone in the company needs to be aware of the risks that the printers and other devices pose for security. It's important to eliminate these risks for the good of the company and its clients.

Technology Sales: 96% of Companies Need IT Security Services

I regularly ask people: what is the purpose of sales people in society? Why does the role exist in the first place? The most frequent answer I receive is that their purpose is to achieve company revenue goals. Wrong Answer! So, I then ask what would happen if we had a society of bad sales people, who might achieve their sales goals, but were selling their customers the wrong thing... people generally realise that it would cause us all to be wearing the wrong shoes, ill-fitting clothes, driving the wrong cars, buying the wrong wine, etc. In short - society would be in CHAOS. This then leads to the realisation that the purpose of a sales person is to resolve the customer's needs. This can of course be phrased in many different ways, but essentially means that the sales person should understand the needs of the customer, and then educate the customer appropriately regarding the best buying options.

Why am I writing about this? Because this is the time for sales people in IT Security companies to step up and fulfil their purpose. The business community needs IT security providers to do what it takes to protect vulnerable companies. I am troubled, but not surprised, by recent reports that I've come across. For example, according to a UK EY study, 96% of companies believe their IT security functions are insufficient, and only 4% of companies in the UK believe they are equipped with security systems that meet their needs. Therefore, 96% of companies in the UK acknowledge that they need better IT security. This is an absolutely FANTASTIC SELLING OPPORTUNITY for IT security providers- and the business community is clearly crying out for suitable companies to help them resolve their vulnerabilities.

Small businesses are vulnerable too, with 63% of them in the UK suffering a cyber-attack in the past year - a jump of 22% compared to the previous year (according to UK's Department for Business, Innovation & Skills). That's a SCARY number - especially if companies don't do anything about it. But companies often lack knowledge on what a sufficient solution is - thinking that having an up to date anti-virus on each device is enough. IT ISN'T. This is where they need the help of their IT services provider.

And it's not just about cyber-attacks - there is human error too creating vulnerabilities for companies. Despite strong media coverage and education regarding BYOD, its benefits and dangers - many companies still don't have ANY BYOD policy in place (e.g. more than 50% of mobile devices in Ireland have no anti-virus protection according to ESET). Data leakage prevention also remains a blind spot for most companies, with 66% of companies admitting that they don't have adequate data protection in place. IT services providers should therefore not just be installing software to protect, but also advising their clients regarding policies and protocols to protect against data leakage and security breaches caused by human error.

We can all think of examples of casualties of cyber-attacks (the recent Adobe and Loyalty build breaches spring to mind) and data leakage (Edward Snowden at the National Security Agency).

The concern is that as 96% of companies still don't believe they have adequate security solutions in place, a tsunami of breaches (and shut downs) is just around the corner, which would lead to CHAOS.

This all adds up to a powerful need in society for IT security companies, including IT service providers, to ensure that their customers are doing the right things, using the right solutions and being provided with the best options when purchasing IT security services and solutions.

Many IT service providers have the technical know-how regarding how to implement such solutions, but lack the capability to engage with prospects at the right level, with the right messaging, to ensure that the right discussions occur. Maven TM can assist with this. We can engage IT services providers with companies that need to improve their security systems. These companies are easy to find after all... it is 96% of companies

Social Media Security

As well as individuals, companies large and small can be the victims of lax social media security. Accounts have been hacked, changed and used to spread political and scatological messages. Brands have been besmirched, and customers and prospects lost.

While large international corporations and other major players may be able to recover from these kinds of attacks easily enough, for the small business they can (and have) proved fatal.

So how can you counter these threats?

Getting out of social media is not a solution. More and more people are using this kind of media to follow companies and brands, to talk about them, and to decide whether to buy their products or services. The role of social media in marketing is expanding continuously and is set to stay. In fact it looks set to eventually overtake more traditional sales tools.

The reality of the threats is that most of the breaches of security that have happened so far were due to the business owner or an employee falling for simple scams... by opening suspicious emails or clicking through to rogue websites without a moment's hesitation.

Here are a few simple things you can do to protect yourself and your business.

Education and training

You or your staff may lack the caution needed to use networks securely. The only solution in these circumstances is education and training.

Structured social media educational programmes that deliver training on the use of special tools and how you can do so securely are available. These come in a variety of formats, from brief how-to manuals to webinars.

You can find programmes that fit for your business and financial resources through Google.

Malicious links are a common way in which accounts are compromised. Caution is best, especially if links lead to pages that ask for usernames and passwords.

Thus a fundamental part of these educational programmes is training in how to recognise a suspicious messages, emails or links that could act as a gateway into your systems for a hacker.

In addition to improving basic security, these programmes can also help improve the overall performance of social media campaigns. Indeed, many of them deliver training in the more advanced aspects of social media such as attracting new clients.

Protecting passwords

If you and a member of your staff are sharing social media activities, you are likely to be sharing accounts and passwords. The more accounts you have, the more the passwords that will be shared.

How can you keep these passwords secure?

The answer is... with great difficulty. Here's what you need to do:

First, you should create strong (complex) passwords, rather than relying on simple, very common passwords such as 12345etc or password. Password generating tools are available.

Secondly, you must make sure that passwords are never stored on shared computers, on mobile phones or in emails, nor on post-it notes or other scraps of paper.

Complex passwords can be hard to remember, especially where several are in use. You can reduce the number of passwords your staff uses by ensuring that they sign into your firm's accounts using the same username and password as they use for their company email account.

This has the additional advantage that, should an employee leave, their access to all company media can be disabled in an instant. A disgruntled employee can wreak havoc through your social media accounts if he or she still has access.

Centralising control over social media

Most people and businesses, even the very smallest firms, will have multiple accounts on many different networks, eg, Linked In, Twitter, Facebook, and so on.

Maintaining control over several accounts can be difficult and time-consuming, especially if you company includes several people who are involved in creating tweets and posting updates.

The first think you need to do is to undertake an audit of all your accounts, noting who manages them and who has access to them. Then you can close-down any accounts you don't need and remove permissions for the remaining account from any employees who don't need them.

Once that is done, you can consolidate these accounts within a social media management system. An SMMS will allow you:

• write messages and publish them to several accounts on several social networks from a single interface or dashboard
• monitor all social activities from one place (thus simplifying a time-consuming task).

Several well-known SMMS are available. Most operate on a freemium basis, ie basic services are free to users but additional services are delivered on a paid basis.

A good SMMS will have built-in malware tools to notify users when a suspect link is clicked. A secure system will also notify you if suspicious activity is taking place on your accounts, giving you a chance to shut-down a possible security threat.

Paid social media, such as Facebook's Promoted Posts, has made the need to bring all social media under central control using an SMMS all the more urgent. Imagine a situation in which you invest tens of thousands of Euro or dollars into Promoted Tweets on Twitter and some-one who hacked your account ruins the whole campaign with an offensive tweet.

The malware tools built into an SMMS should be able to prevent scenarios like this happening. In addition, such an SMMS should also be able to monitor the outcomes of paid social media without requiring the additional passwords usually associated with paid media platforms.

Message approval

A mistweet or other mistake on social media can happen easily. The only way to avoid these kinds of errors, which can seriously damage your reputation, is to set up an approval process that must be followed before a social message can be posted.

Of course, a formal approval process is only applicable if more than one person is undertaking social media activities. In these circumstances the process will probably be vital in order to ensure that the standards you expect in your social messages are achieved.

The simplest approval process is just to allow another person to review a tweet, message or update before it is posted. Good social media management systems should include an approval process for all social media messages.

As well as allowing the content of posts to be checked, an approval process means that typos and spelling errors can be corrected and links checked. The process also gives you and your employees a chance to learn from each other as suggestions and corrections are made.

An approval process will dramatically reduce the likelihood of a major social media crisis. However, it will not guarantee that nothing goes wrong.

Disaster recovery

Mistakes happen. No matter how many security measures you undertake, there is always a chance that something will go wrong and an inappropriate message will be sent, either because something was missed by accident during the approval process or a hacker gained access.

So, what can you do if the worst happens?

The only answer is the boy scouts' motto: be prepared.

'Being prepared' means that you and your employees must have a specific plan on how to respond quickly and effectively when a crisis erupts. As crises tend to be unpredictable, this plan must be flexible.

You should test and evaluate your plan to ensure that it will actually work in emergency. You also need to practise the plan so your and your people know instinctively what to do.

Social media happens in real-time so you need to respond in real-time. Social media, in fact, can help you respond appropriately. This is best doing using a tried and tested social media management system.

A good SMMS will enable you to monitor how your customers, prospects and the public at large are reacting to the issue so that you can respond with appropriate messages.

Social media allows you to reach a massive number of people quickly so you can tell them about the problem and how you are working to resolve it. This can increase your credibility with customers and prospects and the public at large... which is what social media for business is all about.