Check out 7 Tips for Mitigating the Risk of Cyber Attacks on This Company's Social Media!
JAKARTA - Threats to corporate (corporate) social media are growing very fast along with the social engineering skills of cybercriminals.
Sometimes their techniques reach such high levels that even a tech-savvy corporate network administrator cannot tell the difference between fraud and truth.
Since many businesses use social media to promote their products and services, this threat is relevant for a large number of companies. To help keep them safe, Kaspersky experts offer the following advice for mitigating the cyber risks associated with social media in 2023.
Be wary of direct messages and drafts folders, delete old, irrelevant information
Companies should be careful about storing sensitive information in direct messages. If any breach allows cyber criminals to gain unauthorized access to accounts, sensitive data can be leaked or used to launch attacks.
To avoid this risk, make it a habit to delete irrelevant messages when the conversation is over and the information in them is no longer relevant. The same goes for posts. It's a good idea to carefully review what's stored in the drafts folder from time to time.
Review older posts to minimize reputation risk
To stay safe, take the time to review published posts, as they may contain information that does not correspond to current reality, or it could range from inappropriate jokes to controversial advertising campaigns. What was normal yesterday, may generate a negative public reaction today.
SEE ALSO:
Be careful posting your success story
If a potential attacker knows who your supplier or contractor is, through a post made, attacks can appear with various schemes such as impersonating the third party's identity, hacking accounts to act on their behalf.
In addition, the more clearly the company's structure and work methods are depicted on social media, the easier it is for cybercriminals to prepare attacks.
Warn newcomers about the risks associated with posting "new jobs" on social media
After getting a new job, entrants will usually share their experience on social media, but they don't yet understand how the cybersecurity process is built in the company.
To reduce risk, offer information security training to new hires, and tell them to be very careful when posting about new jobs.
Control account access and change passwords when employees leave
If an employee with access to account and authentication data leaves the company, enforcing password change rules is as important as blocking their access to the company network. First of all, change the password for the email account linked to the company's social network; then unlink ex employee mobile number and check other authentication methods like, backup email.
Don't neglect two-factor authentication
Any account on a social network, let alone a company account, must be securely protected. Two-factor authentication (2FA) is an absolutely necessary setting for all account types.
Email addresses linked to accounts should be protected just like the social media accounts themselves. The best way is to register a social media account using a company email address. Because it will be more protected (assuming the company prioritizes cybersecurity). Additionally, internal security specialists can block access to that email along with all access to the corporate network.
Provide your employees with anti-phishing training
To mitigate cyber risks on social media networks, it is not enough to technically protect your company account, it is also important to conduct special training for employees on information security, various types of phishing and other threats.
“The attacker used sophisticated social engineering methods. Even representatives of the most advanced generations like Gen Z can be fooled by them. The human factor cannot be reduced to zero, but it can be minimized as much as possible with the help of special training.” Closes Anna Larkina, web content analysis expert at Kaspersky.