You might not think of social media as a security risk to your business, but for hackers and phishers social media is a gold mine. Find out the risks, and how to use social media safely.
What’s social media got to do with security?
If you use social media, a huge amount of your life might be accessible online. When it comes to your business, whether you’re an employee or a business owner, this can be a problem. 43% of cyber-attacks target small businesses, and for a phisher, an employee’s or director’s social media site can be a treasure trove of information.
Different social media sites have different privacy options. You can restrict access to your Facebook page to your friends and family - but what if your friends and family don’t apply the same restrictions, and they are hacked? This also goes for social media sites like Instagram. On Twitter, every post is accessible to everyone. And if you have a social media account for your business, that’s likely going to be accessible to everyone, regardless of the website.
Why does it matter if people can see my posts?
The amount of access that people have to your social media pages is important, because when it comes to targeted cyber attacks, phishers and scammers will be looking at your social media accounts too. And they’ll be looking for information they can use to gain access to your systems, or convince you to part with further details.
Sharing a business update?
One way that hackers might try to get access to your systems is by pretending to be someone you’re already familiar with; and finding out who this could be is made far easier using social media.
For example, you might share your new IT support company on Twitter. In a targeted attack, a hacker may be able to find this post and the IT company, and impersonate one of their support engineers over the phone. This makes the hack all the more convincing.
Have you posted your password?
Another technique employed by hackers is using social media to figure out a person’s password. Remembering a password can be tricky, and as such people tend to pick something memorable; either a password they’ve used before (which seriously reduces your security) or a word they won’t forget, like the name of a partner, friend or pet.
If a phisher can find out the name of your dog on social media, and your email address is available, they can then try to login into a number of different accounts with this information.
They can also use Facebook quizzes to acquire personal information. If you’ve answered a quiz that asked where you were born and your mother’s maiden name, you may have openly divulged these answers to common security questions.
Office photo opportunities?
Finally, taking photos of your offices and uploading them to social media can also provide useful information to a phisher. For example, a photo of your office might show the equipment or service that you’re using. A phisher could find this information and then call the office under the pretense that they are a representative of that company.
Remember, someone who tries to scam you will want you to trust them, so they’re looking to provide you with information that proves they are who they say they are. Someone that calls you pretending to be from a bank you have an account with is likely to be more successful than a person that calls you that has chosen a bank at random.
So how can we be safe on social media?
If you want to stay safe on social media, follow these tips:
-
Don’t post information that could answer security questions
-
Don’t use passwords that feature the names of friends, family or pets
-
Think before you publicly share photos and information about your business
Also, make sure that you, your managers and your employees are familiar with phishing scams; it could be the difference between a failed attack and a data breach.
Tweet us @TranscenditUK
Photo from Unsplash