5 Employee Social Media Habits Putting Your Company At Risk
4 August 2017 13:41
Every 60 seconds on Facebook: 510,000 comments are posted, 293,000 statuses are updated, and 136,000 photos are uploaded... there's no wondering why social media can be a cyber criminals favourite hunting ground. Here are 5 employee habits that are putting your company at risk.
Social media has changed the way we interact with everyone around us. While Facebook continues on its quest for world domination (or as Mark Zuckerburg puts it, "connecting the world"), social platforms play a major part in many of our day-to-day activities.
It was only this year that Zuckerburg announced Facebook's incredible 2 billion monthly users. But while many of those users want nothing more than to interact with friends and family, others are wanting to interact with us for much more sinister reasons -- meaning that today's businesses face a whole new type of threat. In fact, 83 million Facebook profiles are believed to be fake.
Of course, social networks can benefit communication in the workplace (not to mention showcasing your brand for the world to see). But unfortunately, we're faced with many risks that we don't even know exist.
So we've put together 5 of the most common social media habits your users commit in the workplace, and how they're putting your organisation at risk of a breach.
#1 Posting controversial views
It's very easy to come across opinionated forums and social media posts in this day in age, especially from a political stance. But regardless of political views, posting controversial content at work can potentially cause you to become a hacker's target. Anonymous is a good example of hackers that are well known for targeting specific individuals and companies that show conflicting political and social views.
As an employee, if you post or tweet a controversial opinion through your organisation's IP address, or even from your company's social media account, you risk making your employer a target. Drawing attention this way can ultimately provoke a cyber criminal through their personal agenda. It is worth remembering that everything you post on the internet can be stored somewhere, meaning that nothing is truly private.
#2 Sharing sensitive information can come back to bite you
Most people's social media accounts offer a wealth of their personal data. Think of the dates of birth, education and work history, and even family relations and direct phone numbers. All of this information is commonly used in security checks when recovering forgotten passwords, meaning that your answers are significantly less secure. We recently saw the Cambridge Analytica Facebook Scandal that shared over 50 million users data.
An attacker trying to access an employee email account could easily guess the password recovery questions. "What was the name of your first pet?" and "What school did you attend?" are common examples, and both are pieces of information that are regularly shared on social media.
Executives, administrators and privileged users, who have access to sensitive information on clients and partners, are at high risk of being targeted. While these users are often the most security-minded employees, they also possess the greatest risk of being targeted as potential gateways into an organisation.
Oversharing can also lead to physical security risks, especially to senior company officials. Criminals can easily find someone's location from a Facebook post or tweet. If you're the executive of a big company, that's opening yourself up to an incredible amount of risk.
#3 Misusing your organisation's social apps
Internal communication tools are more and more prevalent these days. Whether it be Slack, Google Hangouts or so on, These business-oriented social media apps offer the same level of security concerns as Facebook and Twitter. The greatest risk is potentially sharing company-sensitive information to third parties.
The whole purpose of these tools is to offer easier and more efficient collaboration - but this often means inviting external individuals into your businesses channels when working on projects. This means that third parties are potentially gaining an insight into your organisation's dealings, making your employers liable. Employers treat these social enterprise tools such as Slack differently to emails and often post riskier content.
#4 Clicking suspicious looking links
Awareness of social media security is a lot lower than that of email, causing an open engagement risk for many users. People are more likely to click on links they would normally avoid when receiving an email. 'Fake news' is also a growing problem. There is a trend of users who don't read articles but simply click 'share', which automatically sends unverified links. This can affect millions of people and rapidly spread malware and ransomware.
Think of it this way, if your friend creates a social media post saying 'good website, check it out,' your chances of visiting are a lot higher than that of an unsolicited email. For example, users may get a notification stating a friend has tagged them in a comment. When they click the notification, their PC downloads malware. Cyber criminals are increasingly utilising social media platforms like Facebook to distribute malware via phishing campaigns, as well as hijacking accounts to spread ransomware and malicious browser extensions. If a cyber criminal can obtain access your account, they can use it to spread their campaign through your friend list.
#5 Not having an account can put you even more at risk
When reading blogs or articles that explain the security risks around social media, it's easy to think that just deleting social media altogether could be a good idea in the workplace. I mean, do the benefits of using Facebook, Twitter and other social tools really outweigh their risks?
Well not having a social media account at all can also produce some cyber risks. 'Brandjacking' has been a problem amongst some modern businesses. This is where an attacker creates a fake social account that pretends to be the legitimate page of a specific business. This means that cybercriminals can post and share content which conflicts your company's values and opinions, resulting in damage reputation.