Did you know that social media accounts are one of the favorite targets for cybercriminals? You may think cybercriminals would prefer to hack online banking accounts or shopping accounts, but that doesn’t seem to be the case. Here’s why. Social media accounts hold A LOT of personal information including name, email ID, date of birth, place of birth, place of work (your business!), high school attended, names of family, friends and pets, anniversaries, and more…which means, they are basically gold mines of Personally Identifiable Information (PII). Plus, if users play games and have credit card details saved, there’s more information and better the chances for the cybercriminal to commit fraud. Given that many have the habit of using all the aforementioned personal information to create passwords and answer “secret” questions on accounts, cybercriminals have a trove of information to manipulate at their disposal and this data can then be used to hack into other accounts, including work accounts used in your business! More succinctly: hacking into someone’s social media account can help cybercriminals gain entry into other, more ‘useful’ and secure accounts.
So, let’s look at some possible impacts on your business.
- If the employee whose social media account is hacked is the administrator of your company’s official social media handles, you are in big trouble as hackers will gain access to your company account and consequently to customer information, because you may have clients who follow your business account on social media. Cybercriminals can harvest info for communication through other channels or impersonate your business on the compromised account. The whole situation can result in a lot of damage to your business and brand reputation and might also result in penalties and possible lawsuits.
- Even if your employee doesn’t handle your company’s social handles, the hackers may have enough of their PII to try and pry open a small entryway into your IT network.
Ways you can avoid such mishaps:
- Training your staff on social media and cybersecurity best practices including advanced privacy and permission settings for social media accounts.
- Ensuring your employees are able to identify and steer clear of phishing and social media frauds.
- Helping your employees understand the importance of practicing good password hygiene across all their online accounts–social, work or personal.
- Ensuring they realize that their Facebook or LinkedIn account is not ‘just another online socializing platform’, but an actual gold mine of information and only those who they really trust should be able to access them.
- Sharing regular Day Zero Alerts and relevant news articles with your staff that keeps them updated on the latest modus operandi and happenings related to cybercrime
Your managed IT services provider will be able to help you in organizing and conducting these kinds of training and awareness sessions at regular intervals for your staff.