Five ways social media threatens your IT security

Social network security and privacy concept. Hacker is spying on user account.

Major information security breaches have become depressingly regular events around the world. They range from widespread ransomware infections to targeted attacks focused on particular businesses. It’s easy to assume all such cyber attacks are highly sophisticated and that large businesses and government departments bear the brunt of the risk. The reality, however, is that criminal hacking is a growing challenge transcending both industry and company size. And social media is adding to the rise in the incidence of such attacks.

While many businesses use well-known defences such as unified threat management (UTM) appliances and network segmentation to combat cyber attacks, they can still strike problems that stem from nothing more than a social media post.

While Facebook, Twitter and SnapChat offer the opportunity to connect directly with customers and employees, they can also become channels for cyber attacks. As well as causing serious problems for your operations, such breaches can place customer data at risk and result in significant financial losses.

The five social media risks you should be aware of are:

  1. Oversharing: Social media accounts are treasure troves of personal information including birthdays, education history, and family relationships – and this is the type of information commonly used as security checks for password recovery services. An attacker trying to gain access to an online bank account or corporate email account could easily guess password recovery questions simply by visiting a user’s public profile on Facebook or Twitter. The more details about someone’s life left open to the public, the more they are at risk of leaking information that could be used for an account takeover.
  2. Careless clicking: Cyber criminals are increasingly using social media platforms such as Facebook to distribute malware via phishing campaigns. The more credibility an attacker can provide for a campaign, the more likely it is to succeed. So, if an attacker can hijack a user’s account, they are more likely to successfully spread their campaign to that account’s friend list than they would be from a fake account.
  3. Poking the bear: What you post online could make yourself a target for malicious hackers. Hacktivist entities, like Anonymous, are known for specifically targeting individuals and organisations with conflicting social and political views. Drawing attention to yourself on an online forum by posting potentially controversial opinions comes with the risk of angering a cybercriminal with a personal agenda.
  4. Weak passwords: Having one social media account with a weak password can put your other accounts at risk, especially if you don’t use a unique password for each individual account. Social media services are a huge target for data breaches because of the information they contain, so it’s important to always set up complex and varied passwords for each of your online accounts
  5. Failing to mark your territory: Not owning a social media account, or at least not claiming your company’s official name for an account, can also set you up for attack. Brandjacking is a simple attack where a cyber criminal creates a web presence designed to look like the official account for an organisation. The criminal can then use that presence as a way to lure unsuspecting customers into giving up personal information.

Social media accounts are certainly valuable tools for engaging with customers, staff and business partners, but they can also leave you more susceptible to cyber attacks. Remain vigilant when using social media so you don’t become a more attractive target for cyber criminals.

By following common guidelines such as avoiding suspicious web links, using unique passwords, and being mindful of the potentially sensitive information you make public, you can reduce the risk of your business being the next victim to be reported in the news.

David Higgins, ANZ Regional Director, WatchGuard Technologies