Cybersecurity: Combining Efforts Personally and Professionally
Social media is a terrific venue for sharing, learning, updating, and promoting. While it began as a way of keeping in touch with personal contacts, its function has extended to our professional lives. Social media allows us to share posts about fellow employees or provide updates on events or product launches. It has also proven to be a game-changer in improving SEO and website traffic.
When it comes to representing our place of employment on social media, we need to post cautiously. Cyber thieves are lurking with motive to capitalize on our positive news and good intentions.
The Threats Within Social Media
Cyber-criminal capabilities have evolved tremendously in recent years. Keystrokes, patterns with passwords, pin numbers, and even emails can be discreetly tracked and measured. Cyber breaches on social media aren’t necessarily due to weak points within the media platform itself, but rather lack of awareness by the user.
If you choose to post about your place of work on social media, first check with your Human Resources department to learn the rules around doing so. From there, be diligent about what you post, link to, and click on. One bite on the lure of the cyber-attacker could compromise both your and your employer’s files, accounts, reputation, and revenue, and may result in having to pay regulatory fines. It is a position that neither of you wants to be in.
So Many Phish in the Sea
A brief look into where and how cyber-attackers gain their knowledge includes two sources: phishing attempts on their part and oversharing on yours.
Phishing and spear phishing are cyber-attacks that occur through email. With phishing, the email might contain an official-looking document or a notice for a package delivery. The hope of the sender is that once the recipient reads through the email, they will click on the attachment which launches malware. A delivery notice received via email entices the recipient to input personal information in order to retrieve the item.
Spear phishing is another email-based method of attack that uses an individualized approach. Spear phishing emails are crafted to appear personalized and legitimate. For example, you recently posted on your Facebook profile that you will soon be taking a trip to Dallas. You receive an email that appears to be from a colleague, recommending an art exhibit to visit while there. You click on the link to the exhibit, and while looking it over, malware is being installed on your computer.
In the work environment, new employees are considered by cyber-criminals to be particularly vulnerable targets due to lack of experience with the names of their coworkers and company systems. The probability that a new employee will naively open an email document or respond to questions is much higher.
Too Much of a Good Thing
Over-sharing provides another easy means for attack – simply by getting to know you better. Cyber criminals pick up on your emotions, preferences, routines, and schedules. Posts about being at work, gifts received, or planned vacations open the door for these strangers to learn your patterns and personal information. The name of a pet or alma mater, for instance, are common answers to security questions and may easily be found on your profiles. Check yourself:
- Do you post your personal whereabouts and plans for upcoming trips on your social media?
- If you receive an unfamiliar email or DM, do you check to make sure it’s legitimate before clicking links or replying?
- Do you post regular selfies, updates about who you are with and where you go, gifts you’ve received or items in your home?
- Do you thoroughly check the backgrounds of the photos you post, to be sure private information isn’t included such as an address on a mailbox, a license plate number, or a reflection in a mirror?
The reality is that most of us have made these mistakes. We share information openly to keep friends and family closer to us, because social media is meant to be used in this way. You can still keep in touch with the people you care about while protecting yourself and your company from fraud and malicious activity. You control where, what, and how you post.
A Safe Social Media Distance
We need to be as diligent about protection within social media as we about our posts. Maintain good standing with your employer by using best practices when combining work with social media.
Here are some tips for tightening up your online presence:
- Periodically review (and clean) your list of contacts from your phone and social media accounts.
- Change your passwords often, making them as intricate as possible, and refrain from recycling those you have used previously. Remember to use original passwords – ones that don’t refer to things on your social media site (such as names and birthdates of loved ones or a favorite car or vacation spot).
- Review your privacy settings on each platform you use. You may be surprised to realize how public your information actually is.
- Consider 2-step authentication as an additional safety measure where available.
Proper consideration of cybersecurity on social media is the responsibility of both the platform host and the end user. Although your employer may be supportive of the venue, each person needs to post carefully to keep the group safe.