The frequent rise in social phishing campaigns at the workplace is drawing attention to vulnerability of management and staff as well as a need for security best practices.
With the corporate sector turning into a ‘social’ village, cyber criminals are certain to follow with tactics that trick users into revealing sensitive company information – customer account information, social login details or data that forms part of business identity.
Using social networks for reaching customers and generating leads, employees and social media managers behave more socially and are less discriminating with messages received on company profiles.
But with the number of consumers interacting with businesses on social networks soaring every year, phishers are getting to target a very wide net; even when a single company account is compromised, it can effectively target a large amount of people, compromising the entire network with less effort on the fraudster’s part.
Another reason why social networks have become a highly attractive target for hackers is that they have the core component of successful phishing attacks already built-in – Trust. Communications most of the times look good enough for the employees to download malicious files or click links that redirect phishing sites. In cases where URLs are shortened, differentiating a suspicious hyperlink from a legit one is very difficult.
According to the social media spam study by Mashable, which analyzed 60 million content pieces gathered from social media sites including Facebook, Twitter, Linkedin and YouTube, there was a 355 percent increase in social spam in the first half of 2013. When employees post company information on social networking sites, they are providing hackers with more knowledge of internal vulnerabilities of company systems and critical infrastructure.
Best practices against social media phishing
Social media continues to improve every day when it comes to providing businesses with customer preferences and leveraging those details for making more targeted marketing. However, organizations need to know how to prevent management and employees from falling to social phishing at workplace. Following these best practices can help:
Enhance system security
Social phishing usually causes damage by installing malicious files on the computer and injecting malicious code into social and other online activities. Installing an antivirus fraud protection system that provides comprehensive protection for activities performed online at the workplace – socializing, emailing, and browsing – can prevent malicious codes from infiltrating company systems and web browsers.
Such software should be updated regularly to ensure protection against sophisticated attacks. Employees and management can also be educated on how to activate phishing filters in web browsers.
Be mindful of information posted on social networks
To prevent phishing attacks form stealing company information, it is important to limit the amount of details posted on social sites. It can be a good idea for the staff to avoid mentioning names of colleagues or the past companies they have worked with.
Even though social networks have privacy restrictions, it is still possible for hackers to gather private information for aggregation sites. And the more information is available about a company and its staff, the easier it could be for hackers to connect the dots and take advantage of its online presence.
Establish posting permissions
Trusting entry-level staff at workplace with posting information on social sites can pose risks. Companies can use programs like HootSuite to establish permissions for new staff to draft marketing messages, and then transfer them to a queue for higher management’s approval.
Limiting posting permissions will ensure all activity stays in line with posting standards and no illicit information skims through. Companies can also leverage password access restriction through a centralized management system; accounts can be revoked quickly in case of a phishing attack.