The risk of getting breached doesn’t just stem from professional communications. In fact, having social media accounts can make you vulnerable for a variety of reasons.
Your company’s security risk assessment might disregard something as innocuous as your team’s personal Facebook accounts, but this should not always be ignored. In this article, we show the four ways how social media can open your firm up to risk:
1. Personal accounts hacked with your profile linked
Social media has boomed to the point that it’s not just for personal use anymore. In fact, companies use it to establish their brand or to connect with their consumers. Often team members have access to company pages from their private profiles.
Now imagine if a team member’s personal social media credentials were hacked. If they were connected to your firm’s social media pages, a hacker could post whatever they want on an account that bears your firm’s name.
As a trusted custodian of information, this public display of vulnerability could be very harmful to your reputation.
2. The risk of daisy chain
Daisy-chaining is having the same password for multiple accounts. This is a risk if your team member’s social media credentials are the same as the ones for your company-related communications. People do what’s easy for them and often daisy chain their passwords rather than remembering individual secure ones.
Do you want your client data to be secured by David or Sarah’s Instagram password?
In any event, if a hacker gains access to your social media which uses the same credentials as your office ones, it’s an easy access point for them.
3. Spam and phishing exist in the social media
Social media is rife with spam, phishing posts and messages, much like email. It’s not uncommon to see a seemingly innocent post from someone you know, asking you to ‘click here,’ only for it to turn out to be malware or a phishing site.
Malware, or malicious software, is any program or file that could harm a device. This could be by deleting files, disrupting processes, or even gaining unauthorised access. Phishing is tricking a target to give away personal information.
It only takes a link for you to be led to a phishing site or a malware download, and these social media sites could have these phishing links posted on them.
Being privy to all sorts of sensitive information, it’s easy to see how these malicious software or links could harm your firm. For example, a phishing link could open your firm up to risk just by the amount of client information that you’re safeguarding. In the same way, malware could create an avenue for hackers to breach your firm.
4. Oversharing and Social Engineering
In the digital age, many of us are guilty of oversharing.
For example, if your team members were to disclose information about their workplaces—like the technology they use or the infrastructure provided by your firm, it’s a hole in your security.
Furthermore, employees in high positions sometimes have too much information on their social media channels like LinkedIn. This could give attackers information they could use to their advantage.
This ties in to targeted social engineering. Hackers can send targeted emails to your firm using the information that team members share all too freely on social media. Hackers check profiles to view activity, contacts even spelling grammar and writing style to gather us much data as they can to then target individuals.
Hackers then use these pieces of information to pretend that they come from legitimate sources. After all, your team members are more than likely to open a link that says it’s from a client than one that’s coming from someone they don’t know.
In the end, it all boils down to being careful about what you share on social media channels. Above all, understanding how you can be vulnerable on social media is key to minimising your risk. Protecting yourself is the first step to protecting your practice.
Want more tips and tricks on how to protect your client data? We offer free 30-minute consultations designed to address your specific concerns around cyber security. Click here to schedule a consultation with us!