5 Social Media Risks That Increase Your Risk for a Security Breach
Chances are, you’ve read about a major information security breach in the past week or two. Most people assume these cyber attacks are incredibly sophisticated, and that government and financial organizations bear the brunt of the risk. The truth is that criminal hacking is a growing challenge that transcends industry and company size. Most security-savvy companies use well-known defenses like unified threat management (UTM) appliances and network segmentation to combat cyberattacks, but it may come as a shock that something as simple as a social media post can result in a breach. While Facebook, Twitter and SnapChat offer an opportunity to connect directly with guests, potential customers and employees, there are certain social media practices that could provoke a cyberattack as well.
Sustaining a cyber attack can throw a serious wrench into hospitality organizations’ operations and productivity, but it can also put customer data at risk and result in significant monetary losses. In this article, Watchguard Technologies describes five social media risks hospitality organizations should share with their employees to help them keep their workplace more secure:
1. Oversharing: Social media accounts are a treasure trove of personal information including birthdays, education history, and family relations. And this same personal information is commonly used as a security check for password recovery forms. An attacker trying to gain access to your online bank account or corporate email account could easily guess password recovery questions simply by visiting your public profile on Facebook or Twitter. Since company accounts are linked directly to the individual accounts of their managers, personal social media accounts can be another entry point for hackers. The more details about your life you leave open to the public, the more at risk you are to leaking information that could be used for account takeover.
2. Careless Clicking: Cyber criminals are increasingly using social media platforms like Facebook to distribute malware via phishing campaigns. Recently, attackers have used Facebook to distribute malicious browser extensions and even distribute ransomware. The more credibility an attacker can provide for a phishing campaign, the more likely it is to succeed. This means if an attacker can hijack a user’s account, they are more likely to successfully spread their campaign to that account’s friend list than they would be from a fake account. Since social media represents yet another attack surface for bad guys, users should always be mindful of web links, regardless of the source, especially when accessing those links from a company computer.
3. Poking the Bear: What you say online could make you a target for malicious hackers. Hacktivist entities like Anonymous are known for specifically targeting individuals and organizations with conflicting social and political views. Drawing attention to yourself on an online forum by posting potentially controversial opinions or ‘edgy’ jokes always comes with the risk of angering a cybercriminal with a personal agenda. As an extreme example, Anonymous took down over 3,800 Pro-ISIS twitter accounts in 2015 in response to the Paris terror attacks.
4. Pitiful Passwords: Simply owning a single social media account with a weak password puts your other online accounts at risk – especially if you don’t use a unique password for each individual account. Social media services are a huge target for data breaches because of the information they contain. In 2012, LinkedIn was the target of a data breach that resulted in over 100 million compromised account credentials. Attackers later used one pair of those credentials to successfully leak 60 million credentials from Dropbox, all because a Dropbox employee didn’t use unique passwords for his accounts. You should always set up complex and varied passwords for your online accounts. In the event that one of your accounts is hacked, unique passwords can protect your other online properties from suffering the same fate.
5. Failing to Mark Your Territory: Not owning a social media account, or at least not claiming your company’s official name for an account, could also set you up for attack. Brandjacking is a simple attack where an attacker creates a web presence (such as a social media account or a blog) designed to look like the official account for some organization, and then posts statements in contrast to the organization’s best interests, or uses the presence as a way to lure unsuspecting customers into giving up personal information. For example, back in 2015, a malicious Facebook user created accounts named “Ask For Help” and “Target Customer Service” to post sarcastic responses to customer comments on the official Target account. Be sure to stake your claim on any social account names that could be related to your company and stay on the lookout for brand impersonators.
Social media accounts are a valuable tool for engaging with your audiences, but they also leave you more susceptible to attack if you aren’t careful. It is important to remain vigilant while using social media so as not to become the next company in the headlines as a data breach victim. Always follow common guidelines like avoiding suspicious web links, using unique passwords, and being mindful of the potentially sensitive information you make public. One thoughtless click could be the difference between business as usual and a cyber security nightmare.
Sustaining a cyber attack can throw a serious wrench into hospitality organizations’ operations and productivity, but it can also put customer data at risk and result in significant monetary losses. In this article, Watchguard Technologies describes five social media risks hospitality organizations should share with their employees to help them keep their workplace more secure:
1. Oversharing: Social media accounts are a treasure trove of personal information including birthdays, education history, and family relations. And this same personal information is commonly used as a security check for password recovery forms. An attacker trying to gain access to your online bank account or corporate email account could easily guess password recovery questions simply by visiting your public profile on Facebook or Twitter. Since company accounts are linked directly to the individual accounts of their managers, personal social media accounts can be another entry point for hackers. The more details about your life you leave open to the public, the more at risk you are to leaking information that could be used for account takeover.
2. Careless Clicking: Cyber criminals are increasingly using social media platforms like Facebook to distribute malware via phishing campaigns. Recently, attackers have used Facebook to distribute malicious browser extensions and even distribute ransomware. The more credibility an attacker can provide for a phishing campaign, the more likely it is to succeed. This means if an attacker can hijack a user’s account, they are more likely to successfully spread their campaign to that account’s friend list than they would be from a fake account. Since social media represents yet another attack surface for bad guys, users should always be mindful of web links, regardless of the source, especially when accessing those links from a company computer.
3. Poking the Bear: What you say online could make you a target for malicious hackers. Hacktivist entities like Anonymous are known for specifically targeting individuals and organizations with conflicting social and political views. Drawing attention to yourself on an online forum by posting potentially controversial opinions or ‘edgy’ jokes always comes with the risk of angering a cybercriminal with a personal agenda. As an extreme example, Anonymous took down over 3,800 Pro-ISIS twitter accounts in 2015 in response to the Paris terror attacks.
4. Pitiful Passwords: Simply owning a single social media account with a weak password puts your other online accounts at risk – especially if you don’t use a unique password for each individual account. Social media services are a huge target for data breaches because of the information they contain. In 2012, LinkedIn was the target of a data breach that resulted in over 100 million compromised account credentials. Attackers later used one pair of those credentials to successfully leak 60 million credentials from Dropbox, all because a Dropbox employee didn’t use unique passwords for his accounts. You should always set up complex and varied passwords for your online accounts. In the event that one of your accounts is hacked, unique passwords can protect your other online properties from suffering the same fate.
5. Failing to Mark Your Territory: Not owning a social media account, or at least not claiming your company’s official name for an account, could also set you up for attack. Brandjacking is a simple attack where an attacker creates a web presence (such as a social media account or a blog) designed to look like the official account for some organization, and then posts statements in contrast to the organization’s best interests, or uses the presence as a way to lure unsuspecting customers into giving up personal information. For example, back in 2015, a malicious Facebook user created accounts named “Ask For Help” and “Target Customer Service” to post sarcastic responses to customer comments on the official Target account. Be sure to stake your claim on any social account names that could be related to your company and stay on the lookout for brand impersonators.
Social media accounts are a valuable tool for engaging with your audiences, but they also leave you more susceptible to attack if you aren’t careful. It is important to remain vigilant while using social media so as not to become the next company in the headlines as a data breach victim. Always follow common guidelines like avoiding suspicious web links, using unique passwords, and being mindful of the potentially sensitive information you make public. One thoughtless click could be the difference between business as usual and a cyber security nightmare.