Disclaimer: The views and opinions expressed in this blog are those of the author(s) and may not reflect the official policy or position of Excelsior College. Excelsior makes no claim regarding the suitability of the content for all audiences.
As the number of publicly documented data breaches continues to grow, business leaders face increasing pressure to shore up their companies’ cybersecurity capabilities. Cyber attackers are constantly becoming more sophisticated and determined, not to mention numerous, and they will often focus their attention on the most vulnerable targets. This means that it is imperative for firms to improve their defenses and develop comprehensive approaches to cyber safety.
All of this makes social media a key focus for any organization’s cybersecurity strategy. If social media behavior is not taken into account, a firm’s employees may inadvertently increase the danger for both themselves and their companies.
The social media risk
Social media’s impact and popularity have increased exponentially in recent years, to the point where it is more common than not for a given employee to have one or more accounts on social networks. While this trend has many positive consequences, it is certainly negative when it comes to corporate cybersecurity.
This is particularly true due to the rise of phishing-based cyber attacks. In these cases, cyber criminals aim to fool an organizations’ employees into believing that a fraudulent email or other message is actually trustworthy, leading the recipient to open a link or download a file which contains malware. This, in turn, infects the company’s network, granting the cyber attacker access.
“Cyber criminals are becoming more sophisticated in their use of phishing attacks.”
As The Boston Globe recently highlighted, cyber criminals are becoming more sophisticated in their use of these tactics. Specifically, they are using information gathered from LinkedIn and other social media sites to create more targeted, unique phishing scams which are more difficult for employees to detect and avoid.
“It’s an increasingly narrow spear,” said Doug Johnson, senior vice president of payments and cybersecurity policy at the American Bankers Association, the news source reported. “It’s much more surgical in effect.”
This danger is further exacerbated by the fact that many employees simply do not recognize the risk that their social media behavior poses for their employers. As Francis O’Haire, director of technology and strategy for Data Solutions, told The Irish Times, this lack of awareness causes individuals to unknowingly increase the chances that their companies will experience a data breach. After all, organizations have so many other cybersecurity challenges to face that they cannot also effectively monitor workers’ risky social media activity.
“Companies are faced with the pressure of being ready for all attacks; hackers just need to find one weak link to make a huge dent in a company’s finances, reputation or data,” said O’Haire, according to the source.
The best way for business leaders to mitigate the risk they face in this area is by focusing on employee awareness and training, along with comprehensive policies and guidelines.
With worker education, businesses can help employees to understand how the information they share on social networks can potentially be used against them, and therefore their organizations, in the form of spear phishing attacks. With this awareness, many personnel will inevitably become more cautious and selective, making life more difficult for cyber criminals.
Additionally, most social networks offer a number of security protection settings that can better protect users’ accounts. However, many people are either unaware of these settings or simply do not take advantage of them. A company’s cybersecurity policy should encourage, or even require, employees to take this step.
Finally, businesses can reduce risk in this area by providing anti-phishing training to workers, helping them to recognize and report suspicious messages.
As these and other cybersecurity concerns continue to gain prominence, careers in this industry have never been more promising. Excelsior College offers both Bachelor’s and Master’s degrees in cybersecurity which will prepare you to be a leader in the field. Click here to learn more.