Features, Insight, Security

Social Media Threat Awareness: Extend Security Awareness Skills to Personal Life

Social media plays an undeniable role in the business world, as it’s the fastest avenue to share content globally with customers and colleagues and solidify company brands.

Emile Abou Saleh, Regional Director, Middle East & Africa at Proofpoint.

The pandemic’s “new normal” of remote work has heightened social media’s use in corporate environments, and it only takes a couple of clicks to connect with or send information to someone across the world. Attackers know that people are constantly “connected,” so they exploit personal information shared to infiltrate accounts, steal information and breach organisations.

Just like tending to a garden regularly leads to a successful bloom, tending to your social media accounts, knowing what to post, and employing security awareness training and best security practices are all essential to keeping the social media “bugs” and “weeds” at bay.

Criminals pose as harmless “friends” on social media to build trust

A good way to build a strong customer base or promote company messaging is by growing your “followers” or “connections” on social media—but attackers can use this as an entryway to build trust.

For users looking to connect with customers for speaking engagements or meetings, LinkedIn is one of the best social media platforms. It provides insight into a person’s role in the company and their potential challenges so employees can have a more productive conversation with their customers.

Unfortunately, LinkedIn is heavily used by attackers who also want to learn about a person’s role so they can determine who has higher privilege to sensitive data and thus makes better “bait.”

Attackers, to exploit human nature, always choose realistic scenarios. They also manipulate emotions to trick or threaten their victims to take actions in favor of the attacker.

For example, a cybercriminal can send a seemingly personalised message to their target with an invitation to connect. The attacker posing as a real person may try to establish a rapport by indicating they work indirectly with the recipient. Because large companies can have hundreds of employees at their offices, users can easily believe that the attacker is an employee from a different department, and they will likely accept the request.

Accepting a stranger’s connection request without checking their profile closely might cause users to accidentally give criminals access to information about the privilege they have in the company, access to other colleague “connections” on their team and details about their experience in their resume or CV. This wealth of data can help cyber criminals identify an ideal victim for their next attack.

Attackers use shared personal information to take over accounts and steal data

It can be tempting to share a lot of information on social media because it’s a powerful communications medium for building genuine and transparent connections. However, cyber criminals are always on the lookout for sensitive data they can use to steal your identity and information.

Many of us spend the greater part of most days at work. And naturally, there are times when we want to share important events with our friends and colleagues on social media platforms while we’re at work. So, it’s critical to know what is appropriate or dangerous to share on your social media accounts so that you don’t accidentally give criminals the key to open the door to stealing accounts and personal information.

For example, a new hire or promoted employee may share a selfie on social media including his badge and workstation. Despite the harmless intention of wanting to share a milestone event on his network, their picture exposes critical information that the employee should never share on social media, such as his employee ID (on the badge), his job title, and an open document with confidential company information.

It only takes one employee’s unsafe behavior to put the organisation at risk. Security teams must educate users on the “do’s” and “don’ts” of what should be shared on social media and what best practices to follow when using social platforms.

Equip users with social media best practices to avoid future breaches

Education is key to stopping social media threats. While individuals can educate themselves,  businesses must conduct training programs for their employees so that they can detect and prevent social engineering and phishing. The first step is educating users about the dangers of disclosing too much information online to the public. Even social media accounts set to private could be used in an attack should the attacker gain access to private feeds. Users should never post private corporate information on their social media accounts or information that could be used in an account takeover.

Some organisations hand out mobile devices and allow users to install social media apps. These companies should provide an acceptable usage policy that determines what users can post using company devices. It’s also critical to protect these devices from malware to avoid company social media accounts from being hacked. Remote wiping software should be installed should an employee lose their device or it gets stolen.

Social media accounts require maintenance to deflect attackers and flourish. Organisations can help their employees make smart choices when sharing content on social platforms so they can keep attackers at bay.

Previous ArticleNext Article


The free newsletter covering the top industry headlines