It shouldn't come as a surprise that employees are often the weakest piece of an organization's cybersecurity posture. This isn't always intentional. Often, cybercriminals coax victim's into revealing information in seemingly innocuous ways.
In fact, in 2019 about half of the attacks reported by Trustwave analysts were caused by phishing or other social engineering methods. With social media a staple in many people's lives, it's not a surprise that attackers are exploiting it.
What Is Social Engineering?
Social engineering is used to describe a variety of malicious activities that aim to trick users into making security mistakes or giving away information.
In the age of social media, cybercriminals are taking to the platforms to coax information from victims.
The Danger of Social Media
You've probably seen those posts asking to post a picture with your first car or your wedding day. This information may not seem dangerous to put out into the world, but cybercriminals can use that information to hack accounts. First cars, pet names, wedding anniversaries—these are all pieces that make up a majority of passwords.
Just because your employees use safe passwords at work does not always mean they follow the same rules at home. Hackers can use the information gleaned from oversharing to compromise social accounts and impersonate a person to build relationships and establish trust in order to gain access or further information.
Other social media phishing examples might not be as obvious. For example, LinkedIn is a popular place to post successes and announcements for job roles. This may not seem like a dangerous thing to do, but the more information cybercriminals can obtain about their targets, the easier it is to use that information against your organization.
How to Avoid Social Engineering Attacks
There are a few things that employees need to avoid sharing on social media:
- location
- job role
- work email address
- credentials
- screenshot of conversations
- phone numbers and addresses
It may be hard to keep up with this information, especially as platforms such as LinkedIn are becoming integral in the hiring process, but there are other proactive measures employees can take:
- Think twice before posting anything.
- don't reveal your location when traveling.
- customize who can see your posts
- Don't click on links on social media
- Use multifactor authentication.
Some of this may seem like common sense, but the best way to make sure information is retained is to repeat it and repeat it often. Employee training is an important part of cybersecurity posture. Employees need to understand how their actions can impact their role and the organization as a whole, and training is the perfect way to get them involved in cybersecurity.
How Anteris Can Help
At Anteris, we make security a top priority. As cybersecurity professionals, our security services support your business and protect your data from outside threats.
We pride ourselves on being lifelong learners. Being a security expert doesn't mean that someone has learned everything they need to know about cybersecurity. That's impossible. It's always changing. We know that and recognize that cybersecurity is an ever-evolving process to assess, align, and act, and keep moving forward as cybersecurity changes.
While there is no guaranteed protection against threat, we also have best practices for recovery in the event of a security breach.
Let us make your technology freeing, not frustrating.