When Social Tools Attack: Employees, Internet, and Cybersecurity

Table of Contents

To the average user, social media is a fun way to stay connected with friends, make business contacts, share exciting life updates, and spread funny cat videos. Not everyone takes social media so lightheartedly though. In fact, two groups are especially serious about it: commercial businesses, who rely on social media to establish and spread their brands, and criminal hackers.

The latter group is particularly troubling. Usually under an “acceptable use” policy, most companies allow their employees to access the internet at work. However, there are unfortunate consequences to work-time internet use. Permitting employees to visit different websites means that the inevitable will happen: someone will visit a phishing site and provide access to company resources, get tricked into a scam, or download malware. With social media steadily on the rise, these risks have not been diminished.

Security Risks on Social Networks

Hackers have developed numerous methods to leverage social networks to spread ransomware, gain access to sensitive data, or cause damage to computers and data. Though each social network has its vulnerabilities, companies should be especially mindful of LinkedIn, considering its frequent business application. Some of the methods used to exploit social media users include:

Screen Shot 2018-08-24 at 11.32.45 AM

  • Malicious apps spread by social networks: The infamous Locky app embedded malicious code in image files that were spread on LinkedIn, Facebook Messenger, and other platforms that encourage users to send images to their friends. In this type of scam, a message that appears to come from a friend contains an infected image. When the recipient clicks on the image, the hidden code activates and locks the recipient’s computer; this is followed by a ransom note demanding money to unlock the computer. An attack like this could bring a company’s IT infrastructure to its knees.
  • Phishing: Phishing scams are on the rise, meaning that all social networks are potential candidates for a business’ next security breach. A well-done phishing scam can go unnoticed, making these scams popular amongst criminal hackers. An incautious employee can receive an authentic-looking email from Facebook or Twitter and click on a link or an attachment that downloads malware to steal credentials or locate security vulnerabilities on the local network, opening a “back door” for later exploitation.
  • Exploitation of weak privacy settings: Hackers know that corporate social network accounts, which are typically shared by multiple employees, often have weak privacy settings or easy-to-guess passwords. A compromised corporate account can be used to humiliate a company and seriously damage its brand.

Actions to Take

How can a company protect itself? Because of its legitimate business uses, it’s impractical to completely prohibit employee internet access, but there are some actions a company can take:

  • Publish and enforce a solid “acceptable use” policy: The policy should clearly state that employees’ internet access is provided primarily for business use, while allowing for some incidental personal use. Make it clear that internet use can and will be monitored, and that spending an unreasonable amount of time on websites that are not work-related, such as social networks and personal email, will have consequences, up to and including termination.
  • Implement web filtering: With a web filtering system, you can blacklist specific websites, such as social media sites, and allow exceptions for users who require access to certain websites for business purposes. One consequence to this approach is that someone has to manage the blacklist, and a formal request mechanism for exceptions should be implemented. However, the extra step is worthwhile if you can keep employees away from wasted time and/or dangerous websites.
  • Optimize corporate social media accounts for security: For example, Facebook business pages can have assigned “admins” who have authorized access and the ability to update the page. Rather than using a shared account with a weak password, admins log in to the brand page through their own personal accounts. Regardless of the social media that a company uses, appropriate levels of security should be set up on each account, and there should be an assigned “owner” who is accountable for ensuring those settings are maintained. This will prevent your Facebook, Twitter, Pinterest, and other accounts from becoming easy targets for hackers.

Social media is an important business tool, but for companies who do not use precautionary measures, social media can be troublesome. Don’t be the next victim of a social media hack! Download this free eBook now and arm yourself with the knowledge you need to keep your business safe.

 New Call-to-action

Categories: Security, Social Media

blogs related to this

How to Conduct a Cyber Security Assessment

How to Conduct a Cyber Security Assessment

Just about every company today is a technology company. Digitally transformed organizations operate on a solid technological foundation and...

How to Develop a Cybersecurity Strategy

How to Develop a Cybersecurity Strategy

Cybersecurity is perhaps the highest priority for most businesses around the world. And if it isn’t, it should be. That’s primarily because more and...

How to Implement a Cybersecurity Program

How to Implement a Cybersecurity Program

There are a few steps that businesses have to perfect before starting a cybersecurity implementation plan. First, they must conduct a thorough...

Everything You Need To Know About Windows 10 EOL

Everything You Need To Know About Windows 10 EOL

Since its release in July 2015, Microsoft’s Windows 10 has been one of the most widely used and popular operating systems worldwide. For many years,...

Artificial Intelligence Can Help Everyone - Including Scammers. What to Look For.

Artificial Intelligence Can Help Everyone - Including Scammers. What to Look For.

We all knew that artificial intelligence (AI) would be a great disruptor. However, now that the era of AI is upon us, its potential dangers and...

How to Protect Your Business From a Brute Force Attack

How to Protect Your Business From a Brute Force Attack

Data breaches are every business’s worst nightmare. With every passing year, hackers find new ways to gain unauthorized access to enterprises’ IT...

Minimize Risk and Maximize Security with Cybersecurity Insurance

Minimize Risk and Maximize Security with Cybersecurity Insurance

Cybersecurity insurance, also known as cyber insurance or cyber liability insurance, provides comprehensive coverage to businesses. It helps them...