Social media and surfing the web have become part of our daily lives. In fact, it’s hard to remember a time before posting a selfie or googling your latest question! But let’s look at things from a different perspective – security.
Every company has a different policy about social media. Some allow and even encourage their employees to use it during work hours. Others don’t. But really, how safe are you when you’re scrolling or surfing? Tech guru and CEO of Stickley on Security Jim Stickley shares more.
Let’s say you’re at work and doing what so many of us do and eating your lunch at your desk. You decide to do a little bit of browsing or peruse your social media accounts. What you are doing is putting your company at risk of malware attack.
Cybercriminals actively use social media and social networking sites for phishing and to distribute malware. Passwords for accounts are regularly stolen and reused. Personal blogs, entertainment sites, and file sharing services are all potential entry points for various types of malware onto a company’s network. Drive-by malware downloads are a popular tool for cybercriminals and these can happen without anyone knowing and can be completed in a mere fraction of a second.
In 2009, some major software companies, including Google and Yahoo fell victim to an attack called Operation Aurora. This took advantage of a vulnerability in Microsoft’s Internet Explorer Browser on Windows XP. It was serious enough that the German and French governments recommended that users stop using Internet Explorer until the issue was resolved.
The perpetrators gathered information from social media about users including interests, birthplaces and dates, schools attended, etc. The attackers then created Facebook pages and befriended the victims’ friends before requesting friendship from the targets. All of this was in effort to gain trust. When the victims used their lunch break (or other time while at the office) to catch up on all the social news of the day, it was only a matter of time before the attacker was able to get that victim to click something malicious allowing entry into the corporate network.
Even if your company has a plethora of perimeter security tools implemented, they are not foolproof. The cybercriminals are generally one or more steps ahead of these tools. Therefore, it’s up to us to be on guard for these attacks at all times.
- Always be 100% certain that any links or attachments clicked in email or on social media are safe. If you cannot be sure, don’t click them.
- Consider the information you share on social media and business networking sites. Spear-phishing is a way that attackers target victims by using information found on social media or by social engineering. They use that information to perform attacks such as business email compromise (BEC) or W2 Fraud.
- Always keep all devices and computers updated with the latest operating system versions and software. In the office, the IT department might do this. However, if you bring your own device to work and connect to the WiFi for example, you are adding risk to your company if your devices are not kept up-to-date.
- When multifactor authentication (MFA) is offered for an account, take advantage of it. Facebook offers it, as does Twitter, iCloud, Google, and many others. It will prevent someone from gaining access to your account merely with a password.
- Always pay attention to awareness training and to any information you receive about potential threats. This information is provided to help you supplement those security tools that protect the perimeter of the office network. While they can detect key words and phrases to filter out potentially threatening email, for example, they will never be 100% accurate. It is difficult to imagine a time that human interaction will not be necessary to prevent cyber-attacks.
How DuGood Can Help
At DuGood, we’re on a mission to keep your personal and financial information safe. Interested in more articles like this one? Be sure to check out our Security Center.
Also, we encourage you take a look at our ID Theft Protection Plans. For just a few bucks a month, we can cover all your financial accounts – not just those at DuGood!