The Fertile Garden of Social Media is ripe for attracting Cybercriminals to your Business
Are you or your employees giving away the keys to your kingdom?
The magnetism of Social Media
If you have teens and you will understand the magnetism that social media seems to have over them. However, it is not only teens, but almost our entire society is connected online to one type of social network or another. It seems that we share everything. However, that wide-open society has led to an increase in the number and sophistication of security breaches based on our private (or what we thought was private) information.
The effects of social media postings can be both positive and negative. We often bring them upon ourselves by posting things that are embarrassing to our employer, or about an event that might have extended or long-lasting effects on our careers.
Who can see what I post?
When posting on social media, it is critical to think about who might see the post. As we know, once that information shows up online, it can always be brought back.
Worse than that is what an unsavory character might do with the information we post. When we are continually posting information online, how much of our privacy are we giving away?
Cybercriminals are like seasoned quilters – they can stitch together a portfolio of facts for use in a phishing attempt or to authenticate your identity. Often this information is gleaned directly from your social media posts. Social media has made our lives an open book.
Who creates computer threats?
Surprise it’s people, not computers.
How many of your employees share with abandon on social media? Do you even know what they are saying?
Think about every employee, every selfie they send, every office group photo, every hashtag. It is how hackers find out about you.
Cybercriminals victimize others for their gain. Give them access to the Internet — and to your PC — and the threat they pose to your security increases exponentially. For these cybercriminals, these social networks are the primary tool they use to carry out their fraudulent and criminal schemes.
Hackers often spend their days lurking around social media sites and gleaning every piece of information they can from the posts. Then they create a complex portfolio they can use to launch an attack against you or your company.
Social media networks have provided attackers with the information they can use to persuade, expand, and advance their criminal exploits faster than ever before.
Assuming a false identity, they use the phone and texting applications to trick your employees into sharing sensitive personal, corporate, or financial information and add that to their portfolio.
Social networking is part of our daily lives. Social media is where cybercriminals mine for their best details. Social networks have positive benefits. They allow us to connect and retain relationships anywhere in the world. More often, however, they are having an overall negative societal effect resulting in harassment, trolling, and cybercrime.
The ability to connect socially on these networks is now being used against us by cybercriminals allowing them to launch exploits at will. Why? Trust. They are abusing our trusted connections to spread tailored attacks across multiple social platforms.
Consider what details could be gleaned from the background of a simple photo of employees? What is on the whiteboard behind them? Or how about that post-it on the monitor or the desktop screen in their cubicle? Are the employees in the picture wearing badges?
And those hashtags…those can be instant clues for the hacker who has taken an interest in your business. #firstday, #promotion #raise #celebrate #greatjob #intern + [#companyname].
Is your workforce young? For them, sharing details of their lives on social media is second nature.
How often do you conduct security briefings with your employees? How about new hires and interns? Do you have a social media policy? Do you take time to explain it to them and require them to read and sign it? Do you enforce it?
Your employees may be unknowingly in cahoots with cyber attackers because they lack proper training and awareness.
Do you allow…
Employee or Office Pictures?
It makes no difference if it’s a lunch break, team meeting, or company social activity. These pictures often reveal more than may ever have thought.
Pictures of your employee access badges?
If a criminal knows what your company employee badge looks like, they can recreate one for themselves in minutes. It may not grant access to secure areas, but they can flash it to gain general access to your cube farm. Then they can scope out anything left on desks, open computers, attach keyloggers. Once within the four walls of an office, they have the keys to your kingdom for gaining trust and access.
“My Day at Work” Blogs?
Employees love to share and blog about what they do at work. However, these are a dream come true for a hacker. Why? It provides an intimate look at business operations, identifying layouts, corporate plans, and operational specifics.
Online Reviews or Complaints?
Today’s employees love to leave reviews. Do you know what they post about you on Glassdoor, job boards, or social media? Hackers often use employee complaints and desires to craft their phishing emails that deliver their dangerous malware to your network and compromise your network security.
As you connect with your friends on social media, you need to think what information you share and who can see it. Even the most unsophisticated hacker can locate personal information by going through your posts on your accounts, including:
- Full name (and nicknames)
- Address or current town
- Current employer and job title
- Phone number
- Email address
- Past places lived and worked
- Who you know
- Your hobbies and interests
- Additionally, if they look at your status updates, they can find out where you are or plans you have
Why do they use prefer to use social media?
It’s all about the money. By using social networks, cybercriminals are now netting up to three billion a year in illegal profits.
They are not only using phishing messages and the posting of malicious links as attack vectors on social networks. They have now turned to
malvertising, plugins, and the sharing of malicious content increase their earnings. Malvertisments, plugins, and malicious applications on social media account for much of the cybercrime.
Make cybersecurity planning as crucial as any other aspect of your business planning process. Failing to do so could mean that your business may one day face a preventable existential threat.
As much as you may want to completely ban the use of social media platforms in the workplace, you need to think about not only the risks but the benefits of these platforms. Many companies have found ways to manage their social media presences.
Removing social media may negatively impact communication channels between consumers and vendors and even reduce the range of sales and promotional channels available. Additionally, you may find yourself unable to meet consumer expectations of social communication with you.
Tips for business owners:
Tip 1: Assume you are the target. Then take the time to look at both the culture and the mindset in your business.
Tip 2: Train your Employees. Only through proper training can you keep employees aware and vigilant to the risks and threats that exist.
Tip 3: Conduct a full risk assessment. If you don’t know where your vulnerabilities lie, you cannot remediate or protect against them.
Tip 4: Develop an incident response plan.
Exploiting Other Vulnerabilities
Hackers have an entire quiver full of unique tactics. These may include bribing an authorized user, taking a temporary job with a janitorial services firm, or dumpster diving, exploiting weak passwords or accessing an open, unattended computer.
Although you can not stop every attack, you can make your business a harder target. Protecting against attacks in your business takes time and requires a detailed and layered approach.
First, make sure you have all the latest patches for your operating system and applications–these patches generally fix exploitable vulnerabilities. Require strong and long passwords that can be easily remembered. You can use letters, numbers, and symbolic characters. Employing the use of a password manager is helpful and allows you to create a different secure password for every site and application.
Second: Install a hardware firewall, and that will limit the flow of data to and from the Internet to only a few select ports you need, such as email and Web traffic.
Third: Update your antivirus and anti-malware software and frequently check to see if there are new virus definitions available. (you may need to update these every day if you are using Windows)
Fourth: Back up your data and test the backups. Having a verified backup can assure that you can recover the important data required to run your business.
By adopting a layered defense system that includes the ability to isolate and contain malware, businesses can reduce the impact of social media-enabled attacks. A robust system of this type can prevent social media pages with undetected malicious exploits embedded in them to get isolated, preventing their malware infections from infecting your network. It means that employees who click links or access an untrusted social-media site are much less likely to infect your network accidentally.