How Hackers Use Social Media to Target Your Employees
Jolera
June 10, 2019

Social media is a gold mine for data because so many people use it. About 94% of Canadian internet users have at least one social media account, according to research from the Social Media Lab at Ryerson University. This means your employees are most likely on social networking sites. By simply looking up a company on LinkedIn, hackers can find out who their employees are. From there, they can do more research and find other social media accounts they have. Hackers can use information gleamed from social networking sites to engage in social media profiling and find ways to target your employees with attacks.

Source: Weber Shandwick

What is Social Media Profiling?

People share a lot on social media, from their interests the company they work for and even where they currently are. All this data is blueprint of who you are and can be used to create a profile. Social media profiling is commonly used in marketing. Marketers often build profiles of potential clients and use them to refine their marketing strategies. But just as marketers look through data to see how to get consumers to buy items, hackers can use social media data to see what will entice someone to click on a phishing link and spread malware.

How Social Media Can Be Exploited

Sharing on social media is so ingrained in our culture that we often don’t think about the impacts our posts can have. In fact, these platforms consistently encourage us to share ideas, videos and photos with others. Unfortunately, this can lead people to take social media data and use it maliciously. Here are three ways hackers can target you based on your social media posts.

1. Social engineering: Social media makes it easier for hackers to manipulate potential victims by impersonating friends, family, brands, or celebrities. It can be hard to determine a fake account because hackers can steal photos of real people and use them to seem legitimate.

2. Passwords: Hackers can guess your passwords or the answers to your security questions based on information from your social media accounts. People often use pop culture characters or sports teams as part of their passwords. If you constantly tweet about a sports team or like a Star Wars page on Facebook, hackers can use this information and engage in password spray attacks. If you happen to use an insecure password, this can give hackers access to your accounts.

3. Phishing: Social media makes it easier for hackers to craft phishing emails that you will most likely click on. For example, if you tweet about a Netflix show, chances are you have an account. Hackers can look at this and use this information to send a phishing email related to your Netflix account.

Using Social Media Safely

Social media is a fun tool for your employees to collaborate and unwind. It’s important that your employees use social media safely to help protect their data and your company. Here are three tips for using social media safely.

1. Train employees: Employees should undergo mandatory security training every year so that they are aware of the ever changing cyber risks they can experience while online. Cyber crime is a threat that can impact them in both their personal and professional lives. Enrolling employees in a cyber awareness training course like Secure IT – Training will help them understand the threat landscape and encourage them to build good cybersecurity habits that will protect them from these threats.

2. Be cautious: It’s important to use social media with caution when posting on your accounts and when deciding who to allow into your networks. Tweeting that your boss is away may seem innocent but a hacker can use this information to commit CEO fraud. It’s also important to use caution when accepting random friend requests or connections on LinkedIn. By letting strangers into your network, you open yourself up to the risk of your information being used for malicious purposes. Be wary when responding to messages and don’t click on links or download any attachments.

3. Protect your endpoints: It’s important to have endpoint security to protect your laptops, desktops and mobile devices. Some people use social media as part of their job but even those who don’t may be on social networking sites while at work. Using an endpoint solution like Secure IT – Endpoint will help prevent threats and improve your security posture.