In a matter of minutes, a complete stranger with no formal training can use Facebook, Instagram, Snapchat, and countless other platforms to learn personal information about your employees, snoop on business activities, and sneak malware into your network.
If that sounds far fetched, just look at a 2015 report where Cisco claimed social media was the #1 web-based attack against organizations. As the hardware and software used to recognize and prevent cyber attacks become more sophisticated, criminals are focusing their efforts toward capitalizing on human error rather than defeating technology.
Could any of the following scenarios take place at your small businesses?
We’ve already written about the dangers of lazy passwords, but nowhere is this more prevalent than in social media. These platforms come and go almost daily, and every time one of your employees joins a new one, he or she will be asked to create a password. Based on current research, there’s at least a 40% chance employees will reuse a password from an existing account.
Logins for MySpace, LinkedIn, Tumblr, HBO Go, and a long list of other social media sites have been hacked in recent years and cybercriminals are now using them to access thousands of unbreached accounts that share the same credentials.
Several websites still rely on the outdated practice of asking security questions to grant users access to an account if they’ve forgotten their passwords. But in the age of Timehop, #throwbackthursdays, and other nostalgic social media posts, anyone can easily learn about someone’s past to answers to questions like, “What was the model of your first car?” Or “What is your mother’s maiden name?”
Of course, hackers don’t need to go through all the trouble of identifying reused passwords and unearthing personal information if your employees write their passwords on post-it notes and take careless workplace selfies. Even worse, people are becoming even more irresponsible as video broadcasting becomes more common. Are you certain everyone in your office would think twice before entering a PIN code or password while a friend was filming nearby?
Overly trusting friends
Can you name someone in your office who would accept a friend request from a supposed former classmate, even if your employee didn’t actually remember that person? Although it may seem harmless, such an act may potentially grant unauthorized access to a malware-ridden application or website to someone in your office.
Social media friends also get a privileged glimpse into company operations. All it takes is one person to post, “Can’t wait for the company trip to Lake Norman tomorrow!” and thousands of “former classmates” will know exactly when your office will be under minimal supervision.
When you’re the “bad guy”
Even if it doesn’t sound as costly, you or your company may not be a hacker’s final target. With a little research and impersonation, a con artist can use a fake profile to wreak havoc.
For example, employees probably wouldn’t hesitate to confirm the identity of their CEO before handing over sensitive information. Likewise, a fake company profile could trick social media followers into visiting a dangerous URL disguised as your company’s “new site.” In either case, all the information necessary to carry out these scams can be easily discovered on social media.
Low-tech solutions you can set up today
There’s no cookie-cutter solution for protecting your business from social media scammers, but there are a few quick things you can do before calling one of the IT guys at Spectrumwise:
- Force everyone to change company passwords: Go to each department and walk employees through the process of updating their logins. Force them to use the password criteria in this article.
- Turn off security questions for company accounts: Go through everything: online bank accounts, utilities, cloud storage — everything. Check the account settings and delete or disable account recovery with security questions.
- Forbid post-it passwords, office selfies, and company updates: Anyone caught writing their password down, taking photos/videos, or posting about workplace activities on social media should be punished.
- Audit company and leadership profiles: Spend half an hour searching for yourself and your company on various social media platforms to ensure no one is already pretending to impersonate you.
The best solution is to ask a Spectrumwise technician to block all forms of social media on your network. It’s dangerous and rarely has a place at the office. Our team can also provide high-end content filtering and employee training — just give us a call!