The risk of getting breached doesn’t just stem from professional communications. In fact, having social media accounts also makes you vulnerable for a variety of reasons.
Your company’s security risk assessment might disregard something as innocuous as your team’s personal Facebook accounts. In this article, we show the four ways how social media can open your firm up to risk:
1. The reputation risk
Social media has boomed to the point that it’s not just for personal use anymore. In fact, companies use it to establish their brand or to connect with their consumers. Some of your team members could have access to company pages from their private profiles.
Now imagine if a team member’s personal social media credentials were hacked. If they were connected to your firm’s social media pages, a hacker could post whatever they want on an account that bears your firm’s name.
As a trusted custodian of information, this public display of vulnerability could be very harmful to your reputation.
2. The risk of daisy chain
Daisy-chaining is having the same password for multiple accounts. This is a risk if your team member’s social media credentials are the same as the ones for your company-related communications. Generally, they might do this because it’s easier to remember passwords when they’re the same across all their accounts.
In any event, if a hacker gains access to your social media which uses the same credentials as your office ones, it’s an easy access point for them.
3. Spam and phishing exist in the social media
Social media is rife with spam, phishing posts and messages, much like email. It’s not uncommon to see a seemingly innocent post from someone you know, asking you to ‘click here,’ only for it to turn out to be malware or a phishing site.
Malware, or malicious software, is any program or file that could harm a device. This could be by deleting files, disrupting processes, or even gaining unauthorised access. Phishing is tricking a target to give away personal information.
It only takes a link for you to be led to a phishing site or a malware download, and these social media sites could have these phishing links posted on them.
Being privy to all sorts of sensitive information, it’s easy to see how these malicious software or links could harm your firm. For example, a phishing link could open your firm up to risk just by the amount of client information that you’re safeguarding. In the same way, malware could create an avenue for hackers to breach your firm.
4. Information, information, information
In the digital age, many of us are guilty of oversharing.
For example, if your team members were to disclose information about their workplaces—like the technology they use or the infrastructure provided by your firm, it’s a hole in your security.
Furthermore, employees in high positions sometimes have too much information on their social media channels like LinkedIn. This could give attackers information they could use to their advantage.
This ties in to phishing. Phishing emails could target you easily when your team members share too much information. Information on their social media, like their cellphone carrier, or where your kids are going to school, is a cause for concern.
Phishing emails could use these pieces of information to pretend that they come from these legitimate sources. After all, your team members are more than likely to open a link that says it’s from a client than one that’s coming from someone they don’t know.
In the end, it all boils down to being careful about what you share on social media channels. Above all, understanding how you can be vulnerable on social media is key to minimising your risk. Protecting yourself is the first step to protecting your practice.
Want more tips and tricks on how to protect your client data? We offer free 30-minute consultations designed to address your specific concerns around cyber security. Click here to schedule a consultation with us!