To safeguard your organization from social media risk do the following: block all social media use from your network altogether — done. If only it were that easy! Social media is ever-present and unavoidable in today’s enterprise. When used concurrently with security awareness best practices, it can be a valuable tool to help grow your organization. Trouble is when the average user spends nearly two hours on social media a day, how do you keep Facebook-combing lunchtime users from putting your network at risk.
To hackers, the beauty of social media is the comfort and familiarity it gives end users. This false sense of security plays favorably to a hacker by providing an inherent feeling of trust where instead there should be healthy suspicion. The three most common social media cybercrimes:
- Broad-Sweep Scams — Entice users to click links or visit pages that result in drive-by malware downloads and network infiltration
- Public Hunter Hacks — Carelessly and publicly expose valuable personal data giving social engineers everything needed to craft targeted phishing emails
- Insider Breaches — When social media is used to exchange and trade stolen information (Security Policy Management)
The second tier of exposure is the casual nature of social platforms themselves. Social media users are often misguided as to how valuable their data truly is or how it can be used to breach a network. The infamous LinkedIn breach that leaked 117 million passwords brought this laissez-faire attitude to light. Once made public, the passwords used by LinkedIn account holders, in a word — pitiful. Security professionals worldwide cringed as they read the top three used passwords:
- 123456 (1 million+ users)
- linkedin (207K+ users)
- password (150K+ users)
My six-year-old has a more sophisticated password on her tablet. Worse yet, researchers at Preempt, a behavioral firewall company, found that 65% of the leaked passwords can be easily cracked with brute force using standard off-the-shelf cracking hardware. Repercussions of social media user error paired with password sloth can be detrimental to an organization’s security posture.
Mitigate Social Media User Risk in Your Organization
Hackers change their tactics more often than celebrities post selfies on Instagram, so it’s important your staff understand how poor security hygiene, even with social media use, affects your organization. Before implementing a Social Media training course, we recommend our clients begin with a baseline phishing campaign, using the lures of a social media email template. Once the pain-points have been identified you can distinguish the areas of need for your learners and deliver a comprehensive training course to mitigate risk.
SecurityIQ social media training resources teach learners to:
- Examine all content they are about to share on social media
- Examine content (such as links and attachments) they receive via social media
- Follow company policies and guidelines when using social media to communicate with customers OR when sharing information about customers and partners
- Never use personal social media accounts for business communications
- Protect their social media accounts with strong passwords
- Recognize and report phishing emails imitating look and feel of popular social media platform notifications
Build Your Training Course with SecurityIQ — 40+ Social Media Resources Available!
Check out this sampling:
- Social Media Modules
- Password Security
- Network Security
- Security Policy Management
- Reinforcement Tools
SecurityIQ’s 1700+ training resources lend the ability customize based on results, and build and track your program seamlessly. With 90% of breaches caused by phishing attacks, SecurityIQ provides the largest role-based training library in the industry, allowing you to create personalized phishing campaigns and awareness training courses to address areas of vulnerability quickly. Kick off your security awareness program with a free phishing diagnostic test for your organization. Learn more.