SG Govt Needs to Secure Its Social Media Accounts

As social media becomes more integral to our daily lives, it is reasonable that government organizations and departments would want to reach their constituents through the various channels we consume regularly. Along with the connections governments can make with the communities it serves, there are also huge cybersecurity risks that need to be considered. These risks have allowed people to make a strong case for regulating social channels that are used for official purposes – thereby making it part of a country’s critical infrastructure like energy, water and ports.

In Singapore, social media is also being seen as an important conduit for official and emergency government communications with the public. In 2016, the government committed to enhancing its connection to the population through a focus on content, platforms and languages. Due to this embracing of social media to help people stay informed and the general explosion in internet usage across the region, government bodies need to take these channels more seriously to protect it from hackers who may want to steal identities, perpetrate fraud or engage in cyberterrorism.  

According to AT Kearny, the ASEAN region including Singapore is a prime target for attacks that could pose a threat to its digital innovation plans. Although Singapore is leading ASEAN countries in its investment of GDP in cybersecurity (and ranked third globally), should there be additional thought of adding social media to its critical infrastructure and introducing legislation to protect its citizens?

Top-grade Cybersecurity Practices Essential

Until Singapore includes social media accounts used for timely or sensitive communication among its critical infrastructure sectors, stringent cyber practices are essential. Government personnel operating social media for official or emergency purposes should begin to undertake a review of how these accounts are managed. Strengthening the security of communication platforms should include stepping up password management practices. It will help eliminate the chance of delays to the delivery of critical information or the exploitation of accounts for nefarious purposes, such as issuing false or misleading information. Disgruntled employees aren’t the only risk either, as hackers can use one of many social engineering techniques, such as phishing, to gain access to passwords for social media.

Government personnel within specific departments or offices also commonly share access to social media accounts for various reasons. This means that dozens of people throughout an agency could potentially have access to these accounts. Additionally, these shared passwords are rarely changed, and often re-used across several accounts – making them easy targets for a hacker or corrupt insider. Further, these nefarious characters can remain untraceable since there is often no record of who is publishing each post. To strengthen these platforms against both external and internal attacks by unauthorized personnel, government departments should treat their social media accounts as privileged. In this way, simple acts of forgetting, sharing or re-using passwords won’t cause delays.

Governments the world over are reviewing their critical infrastructure safeguards and national security precautions. Now that social media has grown into a credible and dependable medium for official communications, it is vital for Singapore to re-think how any medium used for official and emergency communications is treated and secured.

Teck Wee Lim, regional director, ASEAN at CyberArk authored this article.

The views and opinions expressed in this article are those of the author and do not necessarily reflect those of CDOTrends.