Written by: Steve Nelson
Suppose you have an X (Twitter), Facebook, Pinterest, Instagram, or any other social media account, and you type in #Newbadge and #Newjob in the search bar or look up an organization’s page. In this case, you will certainly come across pictures featuring badges, shirts, or individuals proudly displaying the attire of the organization they recently joined. These posts may also include details, such as the person’s new position, start date, or the skills they bring to the organization. Although sharing this information is common, it does pose potential risks to the organization and individuals involved.
Below, we summarize a few scenarios an attacker could exploit with a newly discovered badge or person:
- Cloning the Badge for Unauthorized Access: If a badge is cloned, an attacker can attempt to walk through security using that person’s identity or posing as a fake employee.
- Social Engineering via Password Manipulation: An attacker can utilize a person’s date of birth (DOB) found on Facebook, call the HelpDesk, and then impersonate the individual to change their password. The only challenge for an attacker is finding the person’s last name and date of birth.
- Exploiting Outdated Software Knowledge: If a person uses old software in their new job, this gives the attacker a new attack vector.
- Phishing Attempts for Credential Gathering: An attacker could email an individual, attempting to gather their credentials.
- Extortion and Insider Threat Scenario: A person could be targeted in an extortion attempt, threatening to disclose personal information found in previous breaches. With this, the person may turn into an insider threat.
Social Media Mitigations & Solutions
To actively manage and mitigate the potential risks associated with employees’ widespread sharing of information on social media, organizations can implement the following:
- Social Media Policies: Establish clear guidelines for employees on what information is safe to share online, encouraging responsible sharing practices prioritizing cybersecurity and privacy.
- Cybersecurity Awareness Training: Conduct regular training sessions to educate employees about the risks associated with oversharing sensitive information.
- Strengthen Access Controls and Monitoring: Enhance access controls to prevent unauthorized physical and digital entry, and implement monitoring systems to track unusual access patterns, immediately flagging and investigating any suspicious activity.
- Incident Response Plans: Develop robust incident response plans outlining swift and effective actions in the event of a security breach. This includes strategies for handling unauthorized access attempts, phishing incidents, and potential insider threats.
- Third-Party Cybersecurity Investigations: Consider engaging third-party cybersecurity experts for periodic investigations or searches on social media platforms to identify potential information leaks. External perspectives can offer insights that may go unnoticed internally.
Conclusion
In summary, the era of social media demands a delicate balance between sharing achievements, and safeguarding organizational and personal security. By proactively managing and mitigating risks through comprehensive policies, training, and cybersecurity measures, organizations can navigate the pitfalls of social media revelations, while fostering a secure and resilient digital environment for both employees and the organization at large.
If you are seeking a dedicated team of cybersecurity professionals to ensure your information is protected as social media and other technologies continue to evolve, reach out to a member of our DenSecure team today!
