LinkedIn No Longer an Asset but Now a Liability
Business leaders use Social Media, too. And LinkedIn is now being used to attack us on an unprecedented scale. But this is different.
Social Media is no longer about tweens, teens, and college students. It’s at the point now where most adults find it hard to imagine life without it.
Increased use == Increased attention == Increased attacks
The rapid increase in user numbers on these platforms makes it an attractive target for running these scams.
In the first three months of 2019, cyberattacks whose roots began on social media are up just shy of 75 percent!
Safety lies in being well-informed and taking precautionary measures.
Reputation and trust are critical elements in business. The status of your business is an external view of trust. No one does business with anyone they don’t trust. If we lose confidence, for any reason, reputation suffers, making establishing new trust impossible.
As a business executive, there are things we need to understand about social media platforms to effectively manage our use of these platforms.
Managing business reputations in this era of expanding digital footprints is daunting. All it takes is a single misunderstanding or misrepresentation of a situation posted on social media to negatively influence the opinions of your entire community of customers and prospective customers.
According to Edelman, people deemed information shared by employees on social media more credible than company shared content (even if shared by the CEO.) The dialogues your employees have are immensely powerful as part of your digital marketing strategy.
Corporate Security – Does Social media present a risk or Threat?
HERE’S WHAT THEY’RE DOING RIGHT NOW...
Cybercriminals use social media to carry out corporate espionage and spear-phishing attacks that often result in risks to your workforce, your operational security, and your business reputation.
One of the predominantly and practical ways that these cybercriminals use is known as profile hacking that includes:
- Phishing (fraudulent attempt to obtain sensitive information)
- The use of stealers (software designed to capture stored passwords),
- Session hijacking (LAN or Wi-Fi)
- HTTP session hijacking (sidejacking)
- Mobile phone hacking
- DNS Spoofing
- USB hacking
- Man in the Middle attacks
LinkedIn — The Business Gateway
LinkedIn, it the largest social media platform for business professionals. It is the preferred platform for executives and decision-makers. That means that it is also a platform that cybercriminals leverage as a one-stop environment to collect data on businesses, their employees, and executives. Never has it been possible to influence or change the perception of trust and reputation as we can today using social media.
Therefore it is crucial for every executive to understand all the risks and dangers associated with social media channels, to protect your business in the long term.
Almost weekly, we hear about another a case of foreign state-backed corporate espionage. Not surprisingly, the social media platform Linkedin is one of the prime tools exploited by these nation-states.
It is a massive threat of data loss for businesses and can compromise the personal details of your employees, opening them up as targets for blackmail.
Fraud and phishing
A common but much older tactic is to trick people into clicking on malicious links and defrauding them through impersonation. However, LinkedIn’s career-focused individuals are ripe for scamming and social engineering. Why? They often are likely to engage and network with each other overlooking the signs of fraud.
- Fake Requests from Spam Profiles lead to dangerous harmful viruses getting installed on your company devices. To avoid these issues, remain alert while using social media websites.
- Phishing – Many individuals end up sharing their bank or credit card details with these cybercriminals. It poses a severe threat to any business by putting them at high risk of losing new as well as existing customers.
Cybercriminals are often lazy. That means that they will look for the easiest way to glean the information they need to carry out their trade. Unfortunately, Linkedin provides the perfect platform. It includes intelligence details about you, your business, your employer, and your associates. Using LinkedIn is a calculated risk for some yet for others, such as company executives the open-exposure of such information is a significant security vulnerability.
For many professionals, LinkedIn has become a hub for networking. There is another group, career philosophers who collect detailed information on ideal workplaces, positions, and the best managers. Often these serve to create unrealistic expectations and grievances.
Reputational risk begins with the way we represent ourselves on these social media platforms. On LinkedIn, more than any other social media platform ties us to current and former employers more than on other forms of social media.
- Brand impersonation – Business social media profiles represent your company. If your profile gets used for malicious activities, your customers may get the wrong message creating severe harm to your brand.
Phishing for You
Cybercriminals understand the necessity of getting to the right person. That means they need to bait their “hook” to attract those with a higher security clearance in the business. Getting the right person to click is like striking a gold mine if they get the right person, with the correct information, to fall for one of their phishing emails.
When the cybercriminals succeed in getting the information they want, they can gain access, not just the immediate victim, but the organization they for whom they work.
When a phishing attack successfully lands someone with business responsibilities and access to protected information, it can lead to damage that harms both the business and its employees.
Not all phishing emails will lead to a click from the reader. Cybercriminals need to create emails that will be accepted to achieve their desired result. Phishing emails that use a familiar subject line or one that has positive connotations liked LinkedIn get better click-through rates. Did you know that messages from LinkedIn have a 50% open-rate? It is why cybercriminals use it because it works.
Users of this platform need to be aware of the risks they face. Companies must accept that from time to time that their employees are going to be the target of cybercriminals.
That is why you will often see emails with the following subject lines:
- Profile Views
- New InMail Message
- Join my network
- Add me to your network
These are precisely the kind of subjects that could lead to an excellent networking opportunity or could be used to advance their careers. That explains why they are used successfully by hackers.
The practice of constructing Social Media Use Policies that work to balance respect for employee privacy and protecting valuable brand assets is essential.
For businesses, these attacks begin on social media and often turn the trust your clients and prospects have against you. When they sever that chain of trust, either rightly or wrongly, it damages your reputation and steals your livelihood because regaining trust is now more difficult.
Trust is what allows your customers to feel comfortable writing out a check for services to be rendered and sharing their information with you.
Cybercriminals and their crack social research partners scour our posts are known as social media hackers. They use the information you post to glean facts and data to weave and concoct their believable and convincing stories. No wonder we fall for their ruses, it goes right to trust.
By establishing a level of trust through the manipulation of facts found on social media, cybercriminals can weasel into our organizations through our employees.
Identify Theft or Data Leakage – taking steps to conserve the confidential and sensitive customer and employee information and keeping it safe from hackers is essential. However, in spite of all these preventive measures, hackers often still manage to attain your data, which is, of course, is a criminal offense.
Risks and dangers in Social Sharing – this proves to be helpful for social media criminals to receive information about the person. Locations are disclosed on the web using exact addresses, and this advanced feature can lead to strangers contacting or finding you.
Unattended or dormant accounts are easy targets for hackers. They use them to post false messages under your profile name. They may contact your friends or colleagues attempting to collect their private information through impersonation.
Pay Close Attention to avoid human errors – Question any file links that appear on social media platforms or in emails.
Never use any unsecured devices – Devices that are unprotected by a firewall provide a straightforward path for hackers to get into your systems. Mobile devices that allow simple access to your social media profiles are highly susceptible to hacking.
Protecting Your Business
1. Establish a clear Social Media Use Policy. Every organization should establish expectations for employee conduct on social media in a written Social Media Use Policy. Employees that actively associate themselves with their employer on social media pages can be a boon or bust for the company’s brand. A common characteristic of these guidelines is a definitive corporate statement of appropriate conduct on social media and often another one which conveys a lack of tolerance for inappropriate posts. Social Media Use Policies can certainly assist employers in trying to discourage social media misconduct in the workplace.
2. Require a disclaimer with any Statement of Association. Every Social Media Use Policy should include a guideline that requires a disclaimer. The disclaimer would state that the personal views expressed in no way represent the views of the company.
3. Prohibit personal use of social media during working hours. It requires having a clear company policy prohibiting individual social media activity during the workday that includes unambiguous language. Employers can also prevent personal use of company internet during the workday, and they can legally monitor employee activity on company devices to enforce the rule.
4. Protect your brand assets
Brand assets, such as company trademarks, logos, language, or even imagery, are representations of your organization and its products and services and must be protected. I recommend that the business employ and enforce a precisely, worded corporate communication and social media use policy. It should explicitly prohibit the inappropriate use of corporate brand assets to represent the company.
5. Prohibit the sharing of confidential company information
Creating and enforcing corporate communication guidelines as well as a Social Media Use Policy hold employees responsible for sharing any sensitive information that pertains to the organization. Just as important, the language used in the guidelines themselves must be clear to the employees preventing any misinterpretation of the intent of the clause prohibiting disclosure of confidential company information.
Social Media — How much sharing is too much?
Social Media provides one of the most effective methods for influencing or changing the perception of trust or reputation of a company than has ever been seen. Employees can help to boost your company’s digital marketing efforts. However, if they share corporate content with their friends and followers that you don’t want to be released, you could have a problem.
Steps to Reduce Your Attractiveness to Hackers
Step 1: Use A Strong Password – Using a strong password will help avoid a hack to your social media account. Use a different password for each of your social media accounts. NEVER accept requests from unknown profiles.
Step 2: Use Security Questions – Choose your own and use different answers for each one — BTW – they should not be actual factual answers. Using a password manager allows you to keep track of the specific answers to the security questions for each site. Most social media sites allow for this option.
Step 3: Set Social Profiles to Private- Using settings provided by social media websites help in securely maintaining personal information.
Step 4: Share sparingly! Be careful about what sensitive personal information you reveal. Oversharing increases the chance of having your identity stolen.
Step 5: Protect all your mobile devices like a smartphone or tablet with strong passwords or PINs. Especially if they are used to connect to social media.
Step 6: Using Two-Factor Authentication – A two-step verification that requires wherein the user of a social media account to provide additional information along with their username and password.
Step 7: Select your friends carefully. If you don’t know the person, don’t accept their invitation. It could be a fake account.
Step 8: Click with caution. Social media accounts hacked daily. Watch out for language or content that does not sound like something your friend would post.
Step 9: Perform Damage control. If your social media platform gets hacked, be sure to contact your friends offline and explain that your profile details were compromised and warn them to stay alert.
Step 10: Customize your privacy settings to control on the social media platforms you use. Also, read and be familiar with the privacy policies on each platform.
Step 11: Invest in security software – By using updated security software helps avoid harm to your social media accounts caused by malicious links, scams, phishing, hacking, etc.
Step 12: Safeguard your computer by installing anti-virus software. Also ensure that your operating system is the most current available and that you patch your browser, and application software regularly.
Step 13: Be Sure To Log off. Log off each platform when you have finished, reading, browsing, or posting on them.
Step 14: Perform frequent audits – conduct a regular inspection of all your company’s social media accounts. As a part of the examination, be sure to update your account settings, modify social media policy of your company, and decide who should get the rights to account access.
Step 15: Data back up – maintain everyday backup schedule and restore all your work files regularly to test those backups. The best back up solution is known as a 3-2-1, which is three backups on two different mediums and one that is off-site.
Step 16: Employee awareness – Conducting regular training sessions and educational programs keep employees well versed in social media and the risks involved in their use.
Step 17: Prohibiting social media use on the company network – Limiting social media access helps avoid security threats and boosts employee productivity.
New Developments and Dangers: