Are Hackers Reading Your Social Media?
More than 70 percent of adults are on social media, according to the Pew Research Center, but almost three-quarters of companies lack a social media policy.
Offensive behavior and images are among the most common problems that surface when employees mix business with personal use of social media websites. However, social media has also become an invaluable tool for hackers to identify sensitive data in pictures, create highly effective spear-phishing emails and conduct other forms of attack. Many hackers use social media as a data mining and reconnaissance tool for cyber attacks.
Let's take a look at how hackers are using social media to conduct cyberattacks and how businesses can stop them.
How Hackers Use Social Media
Social media may seem innocuous on the surface, but it's becoming a popular tool for data mining for sensitive information and reconnaissance for social engineering. As antimalware, antivirus and firewall software becomes better, social engineering has become a preferred attack vector for gaining entry into a company’s network and compromising data.
Suppose that an employee posts on Facebook that they're going to a work conference. Hackers can use that information to create a highly effective spear-phishing email that contains a malicious link. The email could look like it's coming from a conference organizer or hotel, but in reality, it is designed to install malware or steal sensitive information.
Hackers can also scrape work email addresses from LinkedIn to create a corporate organizational chart with titles and contact information. Using this information, they can create spear-phishing emails that look like they are coming from legitimate colleagues. These emails could contain malicious attachments or even request wire transfers to the attacker's bank accounts.
Download our free Social Media Policy Template as a guideline for building your own policies.
Data Mining & Other Attacks
Suppose that a product manager posts an office photo on Facebook. The background of the photo contains a Post-It note containing network passwords or a computer screen with sensitive customer information pulled up. Using artificial intelligence, hackers can scan these public images to identify sensitive data and use it for nefarious purposes.
Many small businesses also have their business social media accounts attached to their personal accounts. If their personal account is compromised, attackers could gain access to the business social media accounts, which can cause even greater concern. A business account that's sending malicious links immediately causes trust issues with clients and customers.
Do You Have a Social Media Policy?
Social media policies can help prevent these problems by letting people in your organization know how to act and protect themselves. In addition to avoiding security risks, these policies should ensure that employees don't cause any brand reputation or introduce any legal risk. Even a simple policy with the right training can help avoid a lot of headaches down the road.
Social Media Policy Goals
Social media policies are designed to meet several goals:
Security: Social media policies should provide employees with guidance on avoiding security and legal risks. For instance, they should avoid sharing information that could support a cyber attack or divulge sensitive customer data.
Empowerment: Social media policies should promote employee advocacy without putting the brand at risk. For example, they should know how they can talk about the brand without making any claims that could lead to legal or reputation damage.
Protection: Social media policies should ensure that customers and clients receive a consistent experience from any online interaction. For example, employees using company social media accounts should have canned responses ready and know where to find helpful information.
Social Media Policy Components
Don't forget to download our free Social Media Policy Template as a guideline for building your own policies.
Some common components include provisions for:
- Sharing proprietary or confidential information
- Posting defamatory, derogatory or inflammatory content
- Posting information or pictures that imply illegal conduct
- Disclosing affiliations with the company
- Stating that any opinions expressed are the employee's own
- Creating secure passwords with two-factor authentication
- Keeping software up-to-date
- Responding to a security breach if it takes place
Some industries also have more specific regulations regarding social media use. For example, finance companies may not be allowed to make investment recommendations on social media without running afoul of securities laws. And, healthcare organizations may not be able to make claims about the efficacy of medical treatments without a disclaimer.
It's equally important to ensure that a social media policy is more than paperwork that needs to be signed. Regular training programs, social media audits and monitoring tools should all be put in place to reinforce the policy and ensure that everyone is complying with the guidelines. After all, it only takes one weak link to compromise the entire system.
The Bottom Line
Social media has improved communication between businesses and their customers over the past few years, but it has also introduced many new risk factors. The rise of artificial intelligence and social engineering attacks means that social media will continue to play an important role in modern cybersecurity that's deserving of special attention.
While social media is an important attack vector for hackers, it's not the only way that they can gain access to a network and compromise data. It's important for businesses to have a comprehensive cybersecurity plan in place covering everything from network hardware to password management in order to prevent data breaches and minimize damage from attacks.
Jungle Disk provides a comprehensive cybersecurity suite that's designed for small businesses with under 250 employees. From active network protection to secure data backup, we ensure that your network is protected from the most common cybersecurity attacks and make it easier to get back on your feet if a data breach does occur.
Sign up for Jungle Disk's cybersecurity suite that's designed specifically for small businesses with less than 250 employees — and protect your business and employees today!