Don’t expose your organization via social media

There are many precautions that you’ve probably already read about that employees can take to prevent putting their organization at risk of a breach. Precautions such as not clicking on phishing emails or suspicious links, or using weak passwords are frequent topics of discussion in the world of cybersecurity. One topic, however, that doesn’t appear to be get enough attention, is employees’ careless use of social media while at work and the company information they could be handing to cybercriminals on a silver platter. A recent fastcompany.com article discusses how to be more cognizant of your social media activity while sharing work related posts.

The culprits who expose company information on social media tend to be the younger generation who grew up with social media as a part of their everyday lives. They are accustomed to posting pictures, videos, and other updates of their personal life on the social media for everyone to see. Since a new job or internship is usually a big life event for someone, people will often post a picture of themselves with their new coworkers either inside their office or while wearing their badges, or both, with a hashtag such as #newjob. This makes it very easy for cybercriminals to search a hashtag and immediately gain access to confidential information such as badge numbers or even company plans written out on whiteboards in the background. Employees also give criminals access by way of video; for instance, when they record their entire workday and upload it as their Instagram story. Finally, posting complaints on public websites gives cybercriminals great phishing email content. For example, if everyone is complaining about company benefits, a criminal would craft an email announcing a new companywide benefit package with an attachment titled “Description of Benefits,” and more than likely get someone to click, giving the hacker access to the network.

The best way to prevent criminals from accessing company information is through awareness and training. OptfinITy and PerusITy both offer extremely effective cybersecurity training and awareness programs. If you have any questions or would like to learn more, give us a call at 571-370-5777 (PerusITy) or 703-790-0400 (OptfinITy), or visit our websites at www.perusity.com or www.optfinity.com respectively.