Social media has turned into a reconnaissance tool for hackers and is becoming a cyber security risk for businesses. Social networks rank as the number one channel of perceived compliance risk. Poor social media security practices could put your brand, customers, executives, and entire organization at risk. Sharpen your security acumen and ensure your employees are aware of the risks when using social media.
Businesses are rapidly adopting social media as a core communication channel. Organizations are also significantly increasing business investments when building their social presence. Maintaining stakeholder engagement and market opportunity, still require significant security monitoring. However, personal (not so private) social media accounts are also becoming prevalent among employees. Most individuals neglect their privacy settings or publicly post personal notes and photos. Allowing cyber criminals to take that information and launch targeted phishing mail.
Cyber criminals are aware of peoples’ vulnerability online and their openness to posting information about minuscule personal details. In most cases, individuals assume it is not threatening to them or their workplace. It becomes easily accessible for hackers to gain information about multiple employees after retrieving information from one. Social networks are some of the most trusted channels online and where the atmosphere is casual, information tends to slip through the cracks easily.
Facebook, LinkedIn, & Twitter are The Bullseye of Social Networks
Scams on social media have skyrocketed by 150 percent on Facebook, Twitter, Instagram and LinkedIn since 2016 and this number has continued to climb as more cybercriminals see these accounts as an easy target.
This should make you question and evaluate the current information on your personal social networks. Social media accounts are now a treasure trove for cyber criminals. Attackers now have a broad reach and can easily manipulate users and execute a variety of widespread cyber attacks and scams. Including everything from social engineering to exploit distribution to counterfeit sales to brand impersonations, account takeovers, customer fraud, phishing mail and much more.
LinkedIn was a key tool for the scraping of public social data and social engineering tactics for the cybercriminals who executed Anthem Health’s 2015 breach and its 80 million stolen records., On top of this, LinkedIn has also suffered from redirects to a webpage that installs a variant of the ZBot malware known as Zeus. They have openly admitted that they do not have a reliable system for identifying and counting duplicate or fraudulent accounts.
Twitter is an integral component of an innovative malware exploit called “Hammertoss” and has been subject to scams featuring links to free vouchers. Cybercriminals have also leveraged phony Facebook updates and chat messages posted by third parties which contained malware offering free merchandise and promoted phishing applications to steal information by using social engineering techniques.
What Does this Cyber Security Risk Mean for Your Business?
Social networks cannot secure their own environments, let alone someone else’s. As much as they try to mitigate security threats on their platforms, they are not 100% effective. Jolera’s Senior Cyber Security Specialist, Ovett McLarty, states “if it is online, it is no longer your data…… almost all the EULA’s end-user license agreements for all social sites state, the data, once uploaded to their website is the property of the company and they are free to do as they wish with it.”
Understanding effective strategies that fend against the range of cyber techniques used to date is important. As well as understanding the external risk of having information available through personal and corporate accounts. Employees must manage their privacy settings strategically.
Developing a framework and assessing a social risk plan is crucial in advancing capabilities to monitor the accounts for signs of compromise.
Securing personal accounts:
Enforcing bans on social media is ineffective because employees will continue to be a part of these networks. It is important to encourage employees to modify their online behavior. Keep accounts secure by closing accounts that are no longer used. Employees need to understand the major risks of the information they provide online and limit overexposure. Most importantly, employees should use a variation of passwords, keep apps updated and use unique email accounts.
Refrain from posting company emails and avoid employment disclosure on personal accounts.
Securing corporate accounts:
For most companies today, social media is critical to their marketing and customer experience. Creating a company-wide security-aware culture becomes vital. Accounts need to be monitored regularly and should only be accessed by a necessary group of people. The less, the better. Maintaining strong passwords and keeping up with patching and updating is key. Training and policies are the best tools as these platforms become even more of a cyber security risk. Be aware of the latest security solutions for heightened protection.
You can stay ahead of threats by implementing and enforcing a strong social media policy throughout your organization.
Cyber criminals now take advantage of social media sites and data, leading to bigger data breaches each time. Social media risk is not just about brand and reputation damage. It is a cyber security threat that can lead to numerous compliance issues and could result in lost revenue. Social media will always be attractive to hackers, but it is paramount that employees are educated on how much they expose on social media and how to utilize privacy settings.