- Get link
- X
- Other Apps
At the moment, more pictures and videos from the workplace are shown online than usual - the home office and numerous video conferences invite you to share photos of these situations with friends or colleagues, but also in public networks. However, it can inadvertently reveal confidential information that cybercriminals can use for targeted phishing attacks.
Use of Social Media in a Corporate Context
In many companies, social networks are now part of the corporate communication standard. Facebook, Twitter, and Co, but also especially professional networks such as LinkedIn or Xing - almost every company is present on at least one of these platforms these days. The most popular platforms for companies worldwide are Facebook and the business portal LinkedIn, which is used by 98 percent of the top 500 companies worldwide.
The more appearances a company has to look after on social media, the more complex information management becomes. The communication of content and the handling of data and information extends over several channels and can therefore be controlled and monitored less and less centrally. Several employees handle information across several communication channels. It is important to develop and implement clear guidelines to ensure the security of sensitive data and information.
Social Media: Private and Professional Use Are Becoming Increasingly Blurred
In addition to the company's own user profiles, the “private” profiles of employees must also be taken into account from the perspective of information security. Because employees who communicate online always also represent the company - especially if they can be identified as employees of the company. What and how is communicated always speaks for the company.
In addition, the private and professional areas are becoming increasingly blurred. Especially in the current time, in which many companies were forced to make work from home possible at short notice. At the moment, private devices and accesses are used for the job in many places - or professional resources are used privately. This intermingling can inadvertently become a threat to the employer's network.
If the device from which you click on an infected link “privately” allows access to the company network, cybercriminals can “comfortably” gain valuable access. This is dangerous because many people tend to be more careless with data and information in their private lives. For example, the same access data is often used for different user profiles. If an unauthorized person gains access here, the damage can hardly be assessed.
Information Security When Dealing With Social Media
Apart from the dangerous mixing of private and professional use from an information security perspective, the home office can increasingly lead to further security risks. Screenshots or excerpts from video conferences, which on the one hand create personality and are often shared for entertainment, can inadvertently reveal data - through visible information in the background of the people or in the context of the screenshot.
Cybercriminals are always on the lookout for such information in order to develop targeted attacks on companies. People are still identified as the weakest link in the security chain, and manipulative social engineering techniques are used to gain access to sensitive data and then to the company network. Social networks in particular are a popular source of information and opportunity for cybercriminals.
How Cybercriminals Act on Social Media
There are basically two ways in which cybercriminals act on social media. One approach is the gathering of information for a tailored attack, the other the clever distribution of infected links via social media in order to gain access to systems.
1) Gather information for a targeted attack
The first-mentioned process works in such a way that cybercriminals look specifically for photos of employees of a company on which notes on whiteboards, open documents, or even passwords can be recognized. The more information about a company can be researched on social media, the more vulnerable the company is to a targeted cyber attack. Because this information can be used to write very real-looking phishing emails.
The seemingly harmless click on a link or attachment can then quickly become a gateway for malware. The dangerous thing about this approach is that the attacks can hardly be recognized as such and the company-specific information makes them look extremely real. Trojans that work very authentically anyway, such as Emotet, can be additionally fueled with such easy-to-obtain additional information from social media.
2) Spread of infected links
The second way cybercriminals use social media is through the direct distribution of infected links. Social media thrives on the interaction of users and interesting or sensational news is shared rapidly and in large numbers. Before someone realizes that the link is infected and has the post blocked, it is already too late for many users.
This aspect is currently developing again in the corona crisis, as the need for information is so great that supposed news is shared even faster. Users in an unfamiliar situation like the current one are easier to fool. We have already examined this aspect in detail in our article " How cybercriminals exploit the fear of the coronavirus ".
Guidelines and Basic Mindfulness in Dealing With Social Media
Information security in social media therefore always affects two sides: On the one hand, it is about preventing the dissemination of confidential information. On the other hand, employees should be protected and trained accordingly so that they do not, for example, load malware onto the device through their own actions.
These two measures should be laid down in clear guidelines in addition to classic security measures such as firewalls, e-mail filters, or antivirus systems and supplemented with training. This is because these technical measures offer a basic level of security, but do not take responsibility for the actions of the individual employees. In the social media environment, in particular, new malware quickly gets into circulation that systems do not necessarily recognize as such. Here it is important that the individual is sensitized to the risks and the typical approaches of cybercriminals.
5 Tips for Dealing With Social Media in Companies
The security guidelines for dealing with social media should always be embedded in the overall security strategy of the company. However, there are a few things that need to be considered in the guidelines for using social media. Here are five specific tips that help you use social media safely in your company.
1) Regularly train and sensitize employees
Regular training of employees is one of the most important aspects of good information security in the company. In this way, the people who are supposed to implement the guidelines at the end of the day are trained directly and made aware of the potential risks. Basic awareness training is available for this purpose, along with additional training specifically for dealing with social media.
2) Clearly delimit private and professional use
A general ban on the use of social media is rarely expedient, as networks are becoming more and more part of corporate communication. For many companies, it can be very valuable to specifically involve your own employees in external communication. Therefore, clear guidelines should set out to what extent social media may be used during working hours, for example, and who or which groups of employees speak for the company in social media.
3) Define direct contact persons
There should be permanent contact persons such as an information security officer for general and specific questions in dealing with social media. When there is someone to ask when in doubt, many potential risks are eliminated. Using short communication channels with a clear contact person, uncertainties, e.g. about the publication of certain information, can be quickly removed. Such processes can prevent information from being carelessly shared.
4) Promote trust and openness
In addition to the necessary and sensible regulations, it is particularly important with regard to social media to encourage employees to act independently. An exaggerated regulatory and control construct can slow down the natural and beneficial use of social media for corporate success. In a company culture characterized by honesty and trust, however, social media can be used successfully and authentically.
5) Know communication channels and keep an overview
Social media is very fast-moving. It is therefore important to check that the guidelines are up-to-date at regular intervals and to adjust them if necessary. In addition, it makes sense to check the information that can be found on the Internet about your own company yourself from time to time. With this “perspective from the outside”, further measures can be better assessed and put into context.
Comments
Post a Comment