By itself, social\u00a0media\u00a0might not constitute a\u00a0cyberthreat\u00a0but once\u00a0again,\u00a0 employees\u00a0who\u00a0ignore\u00a0best practices around security are making it easy for\u00a0scammers.\u00a0It\u2019s\u00a0even been described\u00a0as the\u00a0perfect hunting ground\u00a0for illegal activity.Social\u00a0media\u00a0has also turned into\u00a0a dandy reconnaissance tool\u00a0that cybercriminals use\u00a0to socially engineer\u00a0their victims. When someone neglects their privacy settings or publicly posts personal notes and\u00a0photos, they\u00a0can leave cybercriminals free to use their information to launch targeted phishing emails containing malware links.In the past, cybercriminals have used\u00a0phony Facebook updates\u00a0posted by third parties, which contained malware offering free merchandise to anyone participating in\u00a0\u2014\u00a0and then forwarding\u00a0\u2014\u00a0a survey. Attackers have also used Facebook Chat to spread\u00a0malware, promote phishing applications, and steal information by using social engineering techniques. Twitter has been subject to\u00a0scams\u00a0featuring\u00a0links to free vouchers,\u00a0while LinkedIn has suffered redirects to a webpage that installs a variant of the\u00a0ZBot\u00a0malware (known as Zeus).\u00a0No surprise, then, to learn that\u00a0more than one in eight\u00a0enterprises\u00a0have\u00a0suffered security breaches related to a social media-related cyberattack.\u00a0Social also ranks as\u00a0the number one channel of perceived compliance risk.\u00a0What can your organization do to protect itself?\u00a0First, recognize that\u00a0there\u2019s\u00a0no turning back the clock. We live in an era where the sharing of information is the new normal. About 91\u00a0percent\u00a0of\u00a0Generation Y students and employees say that the age of privacy is over, and a full third say they are unconcerned\u00a0at the possibility that an interloper might capture their data.\u00a0\u00a0If you\u00a0can\u2019t\u00a0beat `em...\u00a0While social media sites exist outside the organization\u2019s network perimeter, treating social like any other external security challenge misses the point. In this instance, the reality is that no single piece of hardware or software is going to do the trick.\u00a0When it comes to social, big investments in tools or countermeasures are a waste of money if organizations fail to take steps to get employees to modify their online behavior.\u00a0And\u00a0forget about enforcing company-wide bans on social media. Like it or not, employees are going to continue to connect to the Facebooks,\u00a0LinkedIns\u00a0and Twitters of the social media world as long as they have a breath left.\u00a0Organizations should instead try\u00a0to\u00a0foster a security-aware culture, one in which employees understand the potential risks involved using social media. There are basic steps they can suggest employees take, such as limiting what outsiders are able to find out about them. They might also try\u00a0to\u00a0make it a point of practice to refuse friend requests from people they\u00a0don\u2019t\u00a0know and, above all, resist the urge to click on suspicious links.\u00a0The bottom line is that anything that anyone posts on social these days is fair game for the bad\u00a0guys. If only that message gets through to enough employees, the company\u2019s security leadership can walk away claiming a well-earned victory in a battle\u00a0that\u2019s\u00a0fated to last a long time.Charles Cooper has covered technology and business for the past three decades. All opinions expressed are his own. AT&T has sponsored this blog post.