Cybersecurity Insight

How Social Media Could Endanger Your Company’s Cyber Security

28 Oct

Perhaps the biggest change to the common workplace in the last decade has been the rise in use of social media. Almost every employee of any company uses a computer with Internet access on a daily basis. Many of whom log in to social media accounts while on the job.

While companies fear a small downtick in productivity due to social media, most don’t think of it as a major threat to their daily security. However, with an increase in phishing scams and cyber threats on social media, it’s time companies paid more attention to keep the “social butterflies” from tearing down the walls one piece of data at a time.

When it comes to cyber security, most think social media is fairly harmless. If you’re careful, that can certainly be the case. If you’re nonchalant about your social media usage, divulge too much information, or haphazardly accept “friend” or “connection” requests, you could be putting your company at risk. This goes for the top dog all the way down the employee chain.

How can social media harm a company, you ask? By using tried and true methods of the past, hackers and attackers can wreak havoc on a company’s network in a single click.

One such example is using the popular professional network LinkedIn. Hackers will create phony profiles to target employees at a specific company. They use the profile to gain a “connection” allowing them to gain access to information about the employer such as job titles and email addresses.

They use this information to form phishing attacks. For instance, a hacker may send an email to an employee at a company. Attached to that email is an executable file disguised as a PDF attachment. It could read something like “Please review this document”, or something of the sort. When the file is “opened” it executes a malicious file on the network that could be used to target sensitive company data.

LinkedIn isn’t the only social network where people post information about their jobs or workplaces though. Facebook, the most widely used social network, also asks for users to input information about their jobs including job title and company. Many companies have a Facebook page that may include information such as a contact email address or a list of employees. This is another way a hacker could gain access to fairly innocuous information and use it to proliferate an attack.

So, how do you defend against such an attack? The best way is to educate employees on the methods of hackers, and to be aware of suspicious looking emails and other communication. The more an employee knows about their vulnerability the more likely they are to scrutinize communications that may look phony.

Another way many companies defend against this possibility is by denying employees access to social media altogether. However, with many companies managing social media pages on Facebook, Twitter, LinkedIn, Google +, and others it can be difficult to block access for every individual. In this case it would be a good idea to educate those who do have continuing access to these platforms about the “do’s and don’ts” of social media.

It takes more than just one or two diligent people in the workplace to keep hackers at bay, but with a little education and some attention to detail many of these attacks can be thwarted before they wreak havoc on your network.