CarefreeIT Cybersecurity Blog Series: Social Media

There’s no question that social media platforms have transformed how we share information about ourselves and our businesses. It is estimated that 2 billion people worldwide have at least one social media account, with the average web user spending two hours per day browsing networking websites such as Facebook, Twitter, Instagram, and LinkedIn. In addition to helping us connect with family and friends from all over the world, establishing a brand presence on these websites has become an integral part of consumer outreach, business networking, and marketing operations for industry professionals across all sectors. In fact, it is expected that chief marketing officers (CMOs) will be spending over 20 percent of their budgets on social media marketing in the next five years.

While social media platforms provide endless opportunities for forging valuable personal and professional connections, the sheer breadth of data available on these websites raises just as many concerns about privacy and security. Individuals and organizations alike have become increasingly comfortable with posting information such as full names, birthdays, e-mail addresses, and employment histories online. Unfortunately, many people don’t realize that this information can be used by cybercriminals to execute social engineering attacks.

This ultimately raises concerns for business owners who utilize social media platforms to expand and engage with their customer base. For instance, LinkedIn provides a trove of information for cybercriminals, with account holders in marketing and public relations at the highest risk of being victimized due to the expansive size of their social networks. Similarly, businesses may not realize that their own corporate websites can make them vulnerable to attacks, especially if employee contact information is listed along with job description details.

For instance, this information could allow a cybercriminal to launch a successful Business E-mail Compromise (BEC) attack, an increasingly common social engineering tactic that has conned businesses out of millions of dollars. By hijacking the e-mail credentials of a co-worker or supervisor, an attacker can target a specific employee by asking them to share passwords and account numbers, or requesting that they wire money. Simply put, the greatest cybersecurity risk to businesses in our age of online oversharing is an employee mistakenly providing the wrong information to the wrong person.

In many ways, social media platforms are a necessary evil for today's businesses. By not establishing an online presence, companies are missing out on vital opportunities to raise brand awareness and expand their customer base. It can also leave them vulnerable to brand jacking, where unauthorized persons impersonate an organization online. At the same time, the more information that cybercriminals have about a business and the people who work there, the more vulnerable they are to attacks—and this is only aided by the mistaken belief held by most Canadian companies that social media use does not pose a cybersecurity risk.

This is why the CarefreeIT Cybersecurity Centre works in partnership with small and medium-sized businesses (SMBs) to protect them from common social engineering tactics. In addition to educating employees about how to recognize and respond to cybersecurity threats, our Security Awareness Training specifically addresses best practices for using social media safely and responsibly. Our comprehensive cybersecurity service also provides a virtual CISO (vCISO) to develop clear policies for data classification, thus ensuring that employees understand the proper procedures for storing and sharing private, sensitive, and confidential information. Each day we enact our “total care” philosophy by helping businesses reap the benefits of social media platforms, while mitigating the security risks that are inherent in online information sharing.