In the remake of the classic heist film Ocean’s Eleven, a group of thieves creates an intricate plan to rob three Las Vegas casinos simultaneously. Due to advanced security, however, they have to gather an enormous amount of intelligence on the businesses in order to stand a chance of success. By way of comparison, today’s cybercriminals have a far simpler job when it comes to stealing what we value – our confidential data. In fact, we tend to do most of the work for them by putting so much information out there on social networking sites. And like someone flashing his winnings on the street outside the casino, it makes us an easy target for theft.
More than ever before, the bad guys are zeroing in on our information, and they’re using every means at their disposal to make their attacks more likely to succeed. And making matters worse, fewer defenses often means small businesses are increasingly in the crosshairs – 31 percent of the time, according to the most recent Symantec Internet Security Threat Report.
One of the most fruitful resources for cybercriminals honing their attacks is social media, because they have to do very little digging to find information that they can use against us. This allows them to dress up their spear phishing attacks to appear more legitimate. For example, a cybercriminal can look on LinkedIn for announcements of recently hired managers. Or he might search Twitter for posts on “my first day of work.” He can then pose as a coworker from the new organization, making connections and gaining access to more information on the company. He can even pretend he’s someone from IT and ask questions such as, “Did you get your VPN connection working? If not, this link should help you get that taken care of.” The link then installs malware on the user’s machine. Building false relationships over social networks can provide ample opportunities for introducing threats into a business. And new employees who have not yet had training on corporate security policies are more susceptible to some of these tactics.
Unfortunately, the nature of social media means that our information is only as secure as the weakest password among our circle of friends. With one account compromised, cybercriminals can broadcast malware to a whole circle of friends. These come from a legitimate account, and we’re all at risk of clicking on a link from a friend, sent with a message like, “Check out these old vacation pictures!”
In addition to social media itself creating opportunities for cybercrime, the increasing access we have to these services can pose challenges. As more employees take advantage of mobility for work, especially in a BYOD environment, they are also combining business and personal use on a single device, meaning a breach on a personal social media account can put business information in jeopardy as well.
So how can today’s SMBs minimize the risks social media pose to their business information?
- A good starting point is to have policies in place to manage online conduct for employees. Many businesses have different usage policies applying to desktops, mobile devices, email and other specific situations. But as we continue to see the lines in functionality blur between devices, SMBs should consider an overarching policy governing all electronic communications, including the use of social networks.
- With policies established, educate employees on the reason for them, such as the dangers that come from connecting with strangers through social networks. Train them on effective password creation policies, such as using differing passwords for different sites to minimize the effects of one being compromised. Read this post for more user tips.
- You will also need to monitor how well employees are adhering to the policies you establish. To supplement security policies and training, deploy effective, multi-layered security software – antivirus alone is not enough. Today’s solutions do more than just prevent viruses and spam; they scan files regularly for unusual changes in file size, programs that match known malware, suspicious e-mail attachments and other warning signs. It’s the most important step to protect your information.
- A security solution is only as good as the frequency with which it is updated. New viruses, worms, Trojan horses and other malware are born daily, and variations of them can slip by software that is not current. Ensure that you are frequently patching vulnerabilities to keep your website safe. This also serves the purpose of reassuring your customers and large partners that you are serious about security, as cybercriminals are now hijacking the websites of SMBs with the aim of attacking the enterprises that visit those sites.
As far as cybercriminals are concerned, social networks can be the perfect way to collect information they can use to improve the effectiveness of their attacks. SMBs need to make their employees aware of the dangers, and use the right tools to keep their data out of the wrong hands. By deploying effective protection, we can reduce the risk that the bad guys will successfully break into the vault, so to speak, and make off with our valuable information.