For many companies, social media is an amazing marketing tool. You can get your name out in front of established customers and potential customers without spending a lot of dollars. A lot of organizations turn to interns to create Facebook posts or to send out regular tweets on Twitter, or they will hire a freelance social media expert who can keep the company\u2019s name in the public eye for a fraction of the cost of a full-time employee.\nAt the same time, social media can be an organization\u2019s worst security nightmare, especially when using outside vendors or short-term interns to do social-media-related outreach.\n\u201cThe risk with this medium of communication is that there is minimal control, and a bad post, a hack, or an incorrect statement can make the organization look inexperienced and offensive at worst,\u201d said Carlos Pelaez, Director and National Practice Leader with Coalfire. \u201cFurthermore, social media provide more information about the employees and their functions, which can be useful information for someone who is trying to socially engineer a hack.\u201d\nMost people understand that negative comments about their employers can create a backlash, but even innocent commentary can be risky. Attackers take note of what is being said about a company, both good and bad, as well as who is providing the commentary, and they begin to develop a profile that results in targeted spear phishing campaigns. Thanks to what is posted on social media, the hackers are often able to identify very specific details about the company\u2019s decision makers and other key personnel, and the end result is a very sophisticated socially engineered attack.\nThrough social media, the hackers will know things such as people's preferences that can make the illegal request seem more plausible, Pelaez pointed out. \u201cFor example, if someone posts or tweets that William Smith is the VP of IT Technical Support, I could call on one of their employees and say that \u2018Bill asked me to confirm your password was reset, so please give me your current password so that I can validate it.\u2019 You would know William went by \u2018Bill\u2019 because of his social media account and how references were given to him on LinkedIn, as well as how friends tweeted to him. This kind of personalized communication is lethal when combined with social engineering. Hackers know this and will exploit this.\u201d\nAnd you better believe that hackers are also taking advantage of the public perception of a company as presented on social media, said Devin Redmond, Vice President and General Manager of Social Media Security and Compliance with Proofpoint. After all, cybercriminals want to get as much information as they can to find a way to spoof your customers.\n\u201cSocial media has an immediacy that can affect the public at large and shift markets in an instant, and it carries a legitimacy that encourages people to click on links,\u201d Redmond stated. \u201cYou might have time to think about a website, or an email from an anonymous source. But if a news source or brand you trust (or what appears to be a brand you trust) posts a notice of an emergency or of a limited-time offer in your social feed, your instinct is to act or click without thinking \u2013 and that tendency is even worse when another news source or colleague reposts that link.\u201d\nWhen it comes to security for enterprise social media sites, there needs to be a dual focus. Companies need to take a closer look at what they are posting in order to prevent socially engineered attacks on employees, while at the same time making sure that all information posted about the company is legitimate and not the source of malicious activity. This means ensuring that the person or persons responsible for handling the social media accounts is well trained in the company\u2019s security policies.\n\u201cCompanies that have a security policy in place and talk about it are better off because they acknowledge the risk,\u201d said Pelaez. \u201cEmployees are aware of the risk and that awareness translates into better security. Smart users will use technology more securely and better understand the ramifications if they do not apply best practice in social media outlets.\u201d\nHowever, it takes more than just good security policies, Redmond added. Social media security also requires good security tools. \u201cThe volume and complexity of regulations, policies, and posts is such that the only way to approach social media security and compliance is through the use of technology augmentation: computerized systems that can scan and process information faster and more consistently than any department or outsourced service full of people. Only people and process combined with technology guardrails can safely and effectively scale to address this security challenge.\u201d\nIn the end, the best security practice is awareness \u2013 awareness of what the risks are based on what is being posted, and how anything you put on social media can be manipulated. Social media is a great marketing tool, but at the same time, companies need to remember that it is also an area of great risk. If you don\u2019t want social media to become your worst nightmare tomorrow, be sure to put security policies and education in place today.\nThis article was previously posted on Forbes.