Office1 Blog

When Social Tools Attack: Employees, Internet, and Cybersecurity

December 6, 2017 | by Curtis Buhrkuhl

To average users, social media is a fun way to stay connected with friends, make business contacts, share pictures of their meals, and spread funny cat videos. There are at least two classes of users, however, who take social media more seriously. Commercial businesses, who rely on social media to establish and spread their brands, and criminal hackers.

Featured Image | When Social Tools Attack Employees, Internet, and Cybersecurity - Featured Image

 

That last group is particularly troubling. Most companies allow employee internet access at work, usually under an “acceptable use” policy. The tradeoff, of course, is that allowing employees to visit any site they want means that inevitably, someone will visit a phishing site and be fooled into providing access to company resources, or download malware of some kind. That risk has not diminished with the rise of social media.

Security Risks on Social Networks

Hackers have found numerous ways to leverage social networks to spread ransomware, gain access to sensitive data, or simply cause damage to computers and data. Though each social network has vulnerabilities, companies should especially be mindful of LinkedIn considering its frequent business application. Some of the methods used to exploit social media user include:

Malicous apps, phising, and exploitation of weak privacy settings are some of the tools hackers leverage to breach your social accounts.

  • Malicious apps spread by social networks: The infamous Locky app embedded malicious code in image files that were spread on LinkedIn, Facebook Messenger, and other platforms that encourage users to send images to their friends. In this scam, a message that appears to come from a friend contains an infected image. When the recipient clicks on the image, the hidden code runs and locks the recipient’s computer; this is followed by a ransom note demanding money to unlock the computer. This could bring a company’s IT infrastructure to its knees.
  • Phishing: All social networks are candidates for phishing scams. An unwary employee receives an authentic-looking email from Facebook or Twitter, and clicks on a link or an attachment that downloads malware to steal credentials or locate security vulnerabilities on the local network, opening a “back door” for later exploitation.
  • Exploitation of weak privacy settings: Hackers know that corporate social network accounts, which are typically shared by multiple employees, often have weak privacy settings or easy-to-guess passwords. A compromised corporate account can be used to embarrass a company and seriously damage its brand.

Actions to Take

How can a company protect itself? Because of its legitimate business uses, it’s not practical to completely prohibit employee internet access, but there are some actions a company can take:

  • Publish and enforce a solid “acceptable use” policy: The policy should clearly state that employees’ internet access is provided primarily for business use, while allowing for some incidental personal use. Make it clear that internet use can and will be monitored, and that spending an unreasonable amount of time on websites that are not work related, such as social networks and personal email, will have consequences, up to and including termination.
  • Implement web filtering: With a web filtering system you can “blacklist” specific websites, such as social media sites, and allow exceptions for certain users or groups who have an actual business need. This approach involves has pros and cons: On the “con” side, someone has to manage the blacklist, and a formal request mechanism for exceptions should be implemented. However, the benefits are substantial if you can keep people away from time-wasting and/or dangerous websites.
  • Optimize your corporate social media accounts for security: For example, Facebook fan pages and business pages can have “admins” assigned who are authorized to log in and update the page; these users log in to the brand page as themselves, rather than using a shared generic account whose password is widely known and easily guessed or stolen. Regardless of the social media sites your company uses, ensure appropriate levels of security are set up on each account, and assign an “owner” who is accountable for ensuring those settings are maintained. This will keep your Facebook, Twitter, Pinterest, and other accounts from being targets for hackers seeking weak protections.

Social media is an important business tool, but it can be a source of trouble for companies who aren’t careful. Don’t be the next victim of a social media hack—protect yourself today.

 

Pitfalls and Solutions eBook | Office 1

 

Categories: Security, Social Media

Curtis Buhrkuhl

About Curtis Buhrkuhl

Curtis was born and raised in Americas finest city San Diego and has been with Office1 since 2015. Curtis has been intrigued by computers and tech since he was a kid and it all started by building computers in middle school and now he is currently providing consultation to our clients to organize and build their networks. Helping to bring companies both startups and established businesses into the cloud. By partnering with Amazon Web Services we have been able to successfully introduce them to a new innovative desktop experience.