Does Your Corporate Social Media Give Cybercriminals Information Gold?

Your corporate social media feed (and personal one, in fact) gives clues to hackers who are looking for bits of information that they can use to breach your organization’s cyber defenses. What may seem like innocent photos and videos of an employee’s first day on the job, or a group photo or in-office presentation could reveal just the clues hackers need for an effective cyberattack.

Social posting

New Hires and Interns Invite New Risks

An article in Fast Company by an ethical hacker, who is paid to try and break into company’s systems, revealed that 75% of the time, the revealing information this ethical hacker finds is being shared by interns or new hires. And, since cybersecurity training might not take place in the early days of their onboarding, they could create risks.

Taking an Office Pic? Check Some Details First

Check your background and surroundings for information that could be used in a phishing attack. For example, are you hosting a charity event and there is a poster hanging in the background of the photo? It’s not difficult to use that information to send a phishing email that appears to be about the event.

Look for visual materials on the walls or surfaces that could reveal useful intel if someone zooms closer. Whiteboards, papers on desks, and sticky notes in cubicles just might have some clues that a hacker can manipulate.

Don’t Wear Your Badge

Seems pretty obvious, huh? The ethical hacker cited that this is a problem when it’s easy to copy a design, grab a logo and paste a photo. These fake badges won’t give building access, but human-to-human manipulation can be relatively easy with the right friendly attitude.

Using Job Recruitment Against You

Job boards, recruitment web sites, and your own career section can reveal usable information. Details like recruitment events, former employee critiques and complaints, as well as issues that the company needs to address, are fodder for click-able phishing emails. Imagine if complaints about parking are posted online and you receive an email touting lots of new parking options that are free. That’s click-bait gold.

Stronger Social Media Protection Should Extend to Employees

If you want to make your corporate cybersecurity measures more robust, raise your employees’ general awareness of how hackers and criminals use any social media – personal or professional — content to their advantage.

Tips to Strengthen Personal Privacy on Social Media

A credit firm conducted research and found startling social media habits that give burglars just what they need:

  • 74% of robbers check Twitter, Facebook, Google Street View when targeting your home
  • 35% of Americans age 18-34 use the check-in feature or share their physical location
  • According to an Experian survey, Americans have, on average, posted 3.4 pieces of sensitive information
  • Only 44% of Americans consistently take advantage of all privacy settings in social media accounts

Some simple measures can help make your employees’ social media accounts more secure, as well as raise awareness that could help the organization:

  • Be sure your privacy settings only let Friends see your posts, particularly those about a vacation or travel plans
  • Restrict your privacy settings at Facebook, Twitter, and Instagram
  • Keep automatic location/people tagging off
  • Turn off geotagging features on your phone so photos don’t include an automatic location
  • Don’t share photos that reveal expensive items that you own
  • Check photos for key privacy details you’d rather not share – home address, license plate, or landmarks that could make it easier to find your home
  • Confirm the identity of “Friends” who invite to connect online
  • Selling something online? Be sure their interest isn’t just a ploy to meet or get your address
  • Be careful that your LinkedIn profile doesn’t reveal too much personal information that might be found in an attached resume

Most importantly, employees should assume that they can never completely control who can see their posts.

Review Your Social Feed with a New Privacy Perspective

Ask yourself these questions and share them with employees to encourage a new privacy perspective in relation to social media activity:

  1. What personal things have I revealed in my posts, pictures, and privacy settings over the past 1-3 months?
  2. Do I want to share my birthday online? Have I ever referred to my place of birth?
  3. When I look at my photos or profile, is there anything that would be useful for identity theft or burglary?
  4. Am I over-sharing or revealing details about myself or my children/family that could be used against me?
  5. Do I tend to post “in the moment” or in anticipation of something that would reveal my schedule or location?
  6. Have you checked with your children/family to be sure they are ok with what you share about them that would affect their privacy?

Creating a Cybersecurity Culture of Social Media Awareness  

Your security approach to corporate social media, as well as the measures that your employees take in their personal lives, can go a long way to building a culture of cybersecurity awareness and protection. Learn more about building a cyber secure, mature, and resilient organization.
Contact Us