Social networking has become an integral part of everyday business and life. It’s how we communicate and where we get our news. Marketing utilizes social media to promote products and services. The NFL even live broadcasts games and fan interaction on Twitter. The majority of Americans are active on social media, and most of us are sharing just about everything there.
Cybercriminals are active on social media, too, taking advantage of all of that information sharing and swapping. It’s why a growing number of security experts are warning of social media’s security pitfalls and social media mistakes.
Now, social media in and of itself is not necessarily a security risk. However, says Stephen Gates, chief research intelligence analyst from NSFOCUS, everyone knows that if a hacker can get their victim to click, oftentimes their attack is successfully completed.
“Hackers want to get their unsuspecting victims to click on a link, or open/download a malicious file, etc., and social media is an easy way to get their victim to take action,” he adds. “Hackers understand the least path of resistance and take advantage of our humanity, curiosity and social nature.”
What adds to social media’s popularity is how it promotes the idea of sharing information casually, through the use of surveys, memes, quizzes, posting pictures and graphics, or sharing someone else’s posting. We’re falling prey to social media pitfalls in the following ways:
The same risks for giving up personal information can apply to businesses as well. Social media blunders by employees are very common.
“Employees may share internal information that they consider to be casual, such as office locations that may not be public, or they may share other information inadvertently that could be used to compromise the security of the business,” says Nathan Wenzler, principal security architect at AsTech Consulting.
“And, if an employee is using social media from a work computer and clicks on a malicious link, they could just as easily infect that system with malware or viruses, which could be used to compromise the company's network like any other attack.”
Cybercriminals use the information gathered from social media accounts to target employees, and use social engineering tactics to get them to take an action or provide information that then gives the attacker an initial entry point into the organization’s network. Similarly, says Josh Feinblum, vice president of information security at Rapid7, people often share information in social media that can give attackers a leg up on guessing passwords or answers to security questions, enabling them to potentially get access to a business’s systems.
“One of the more recent impactful attacks targets the financial teams within an organization,” Feinblum adds. “With social media providing a clear window of titles and reporting structures within your organization, it's been easy for criminals to trick finance teams into wiring money to illegitimate bank accounts.”
Social media security means instituting a strong social media policy that should include:
When it comes to social media, users should treat it as they would any other internet source or connection. They should be vigilant and institute the same best security practices as they would elsewhere. Most of all, avoid falling for social media pitfalls of sharing and trusting too much. This is a time when a little skepticism and being wary can go a long way toward protecting your personal and organizational information.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba