Your organization may have the latest and greatest cyber security tools in place, but humans remain a persistently weak link in security programs. And as employee use of social media on the job and off rises, the security risks to your organization grow. A robust social media security policy can help mitigate the risks.
It's critical to understand that for most hackers and attackers, the best and often easiest way to compromise your company and its networks is through social engineering. Social engineering attacks were the second most common type of threat reported in Verizon's 2020 Data Breach Investigations Report, and phishing topped the list of specific threat action varieties among confirmed breaches.
We think of cyber criminals as technically savvy, but their use of persuasion can actually be more dangerous than any technological weapons and their uncanny ability to convince people to give up private information can be just as damaging as a nasty malware attack.
Social media risks
When it comes to social media use, it's not uncommon to believe the most significant risk to the enterprise is lost productivity.
With simple network monitoring tools, any organization can determine which employees are spending too much time (and company resources) on social media. Controlling what users post online is much more difficult. What's more, employees are often unaware of the risks associated with their online posts. Far too often, they are putting data—both personal and corporate—at risk.
In many cases, employees don't realize that even a seemingly innocuous personal post can be used against your company. For example, that team selfie in the boardroom taken after a successful strategic meeting might contain sensitive information in the background. You may be divulging confidential data, financial information or possibly valuable intellectual property.
What cyber criminals are focusing on in your employees' personal social media posts is personally identifiable information (PII). When employees divulge information like their place of birth, where they grew up, their mother's maiden name and even their birthday, attackers will use that information to their advantage.
With all this data in hackers' hands, the risk of hacking passwords or triggering a password reset for your corporate network can increase dramatically. Alternatively, they can use the information to launch other social engineering attacks. The more they know about your employees, the easier it is for them to get what they want.
In extreme cases, hackers can create fake social media profiles to fool employees into divulging confidential or sensitive information. This practice, called profile cloning, is cumbersome but not all that difficult.