The Dangers of Social Media

Social media has become an integral part of everyone’s daily lives. With the benefits of communication, meeting new people, forming friendships, and sharing our lives, come the dangers and risks of using such public platforms. Not only does social media create real-world problems, but it increases the risk of an organisation being subjected to specific types of cyber attacks. In light of World Social Media Day this year (30th June 2022), we are taking a deeper look into the dangers of social media and the risks it can pose to both us as individuals and wider organisations.

Oversharing Creates Risks

So many people share large parts of their lives on social media, although many believe this is harmless and is equal to having a conversation with friends and family, it’s not. Giving away details of your life on social media, such as information that could link to security verification or even vacation plans, could place you at risk. As a result of oversharing online, many people have fallen victim to phishing attacks, whether it is the original person or a colleague who is targeted.

Threats for Businesses

When considering how social media use could impact the security of a business, in most cases, social network accounts of businesses and their staff are used to gather information, which is usually the first step in a sophisticated cyber attack.

Once the attacker has the information they need, there are a number of ways they may choose to target an organisation, for example:

1. Spear Phishing: This attack relies on quality over quantity unlike typical phishing attempts. Social engineering and spoofed content (e.g. social media accounts, calls or emails) are used to target specific groups or individuals in an organisation. Social media accounts are used to gather key information that can be used within these attacks.
2. Whaling: This type of phishing prioritises C-level executives or key employees within important departments. Similar tactics are used as spear phishing campaigns, but it is expected to be more valuable to the actor as they are more likely to get access to finances and more classified information.
3. Brand Impersonation: A threat actor impersonates/spoofs a trusted brand or company to exploit users into disclosing their personal details. This has been the case with social media platforms where users believe they are logging into their account but their information is being stolen instead.
4. Social Media Phishing: LinkedIn is a common social media phishing target. Known for business networking, the platform is used by many colleagues and employees at similar organisations. LinkedIn has therefore, unfortunately, become a useful tool for hackers to attack companies. With so much company information available on this platform, such as an organisation’s emails, management structure, and employee job titles, an attacker can use this to target the right people with access to important information e.g. financial information or customer data.

Human Error

Each year low-security awareness among company employees is listed as one of the top reasons for a business’ security concerns. With little understanding of the risks they may face, employees often do not see the warning signs of an attack until it is too late. Placing both themselves and the company at risk.

As a result of this, organisations are now very much determined to change their approach, ensuring that employees are educated on the risks of cyber attacks. However, out-of-hours use of social media, particularly when using  BYOD for both work and personal purposes, is still overlooked.

Addressing the Dangers of Social Media

Some of the solutions you can implement across your organisation to address these issues and prevent dangerous cyber attacks from occurring include:

1. Enforce Multi-factor Authentication (MFA)
2. Train employees about the risks on different platforms
3. Implement a social media usage policy
4. Have a strict password policy in place.
5. Have a strategy for managing BYOD

At Data Connect, we can offer the support you need with our cyber security-focused consultancy and managed services. By conducting a cyber security assessment we can review your current IT infrastructure and associated services, while identifying opportunities for improvement. By utilising our managed service, vSOC Aware, you can feel confident that you’re reducing risks linking to human behaviour. Our SOC Team will create a bespoke awareness training programme, including access to the world’s largest library of training content and continuous phishing simulation testing. Get in touch today for more information about our services.