A social media-triggered cyber attack on your business is a real risk. This is because information accessible on these platforms is a strong catalyst for phishing scams and other social engineering techniques.
Human error is the one vulnerability in cyber security that can’t be patched with tech. That’s why cyber criminals see your staff as an easy and effective route to breaching security.
How social media can trigger a cyber attack on your business
For phishing or social engineering attacks to work, the criminal needs to know personal information about their target. Social media makes this very easy. Here’s how they do it:
Step 1 for cyber criminals: Choosing a target business using social media
Prime targets for cyber attacks used to be large organisations due to the amount of data they hold. But, cyber criminals have become privy to the fact that smaller businesses sometimes cut corners with cyber security. And this makes them easier to breach.
43% of cyber attacks are on small businesses
From corporate social media platforms like LinkedIn, hackers can research businesses and develop an understanding of their size from employment numbers.
Step 1 for businesses: Strengthen your cyber security
No matter the size of your business, we strongly recommend you consider investing in a comprehensive cyber security solution. It will prepare you for the doomsday scenario of a data breach and make the difference between sink and swim.
60% of small businesses that fall victim to a cyber attack go out of business within six months
At Jupiter IT, we specialise in cyber security and offer proactive solutions. These include system monitoring, patch management and regular cyber security audits.
Learn more about our Managed IT Services.
Step 2 for cyber criminals: Getting to know your employees
Once a cyber criminal has chosen their target, they can use social media to research the employees in the business. Using the connected employee list from LinkedIn, they can search for profiles on more personal platforms such as Facebook, Instagram, and Twitter.
From here, hackers can begin to understand a person’s hobbies, and learn about their family members and places or shops they visit regularly. This information not only makes it easier for a cyber criminal to target an individual using relatability but can give them answers to password recovery questions and even make passwords easy to guess from the off.
According to the NCSC, 15% of people in the UK use their pet’s name as their password. Another 14% use the name of a family member.
Step 2 for businesses: Help employees understand the risk of a social media-triggered cyber attack
We’re not suggesting you ask your employees to avoid posting on their personal social media platforms or create an alternative persona! But by educating them on the risks associated with unsecured social media accounts, you can save them from becoming a target. Both professionally and personally.
It is thought that thousands of Facebook users report account hacking daily.
At Jupiter IT, we work to protect our clients in whatever way we can. If you don’t have the knowledge you need to help your employees adjust their social media security settings to protect themselves, feel free to get in touch for some simple, jargon-free advice.
Step 3 for cyber criminals: Plan of attack
With the information the hacker has gathered during stage two, they can begin to target your employees; using them as a weak spot to break through and gain access to your network or distribute ransomware.
One method a cyber criminal may try is sending a phishing email posing as a favoured retail store with a malicious link to reset their password. If the employee opts to use the same password as their work account, the hacker is in.
Alternatively, with the information they have gathered from LinkedIn, the hacker may target their business email address and pose as a customer or supplier. Presented with a malicious link that appears to be a genuine account issue that could hold up supply to the business, it’s difficult for any unknowing employee not to click immediately to fix the problem.
50% of phishing links are clicked within an hour of being sent
Step 3 for businesses: Arm your staff with the knowledge they need to stop a cyber attack attempt
We’d all like to think we’d easily spot a phishing attack attempt but these people are good at what they do, and the sophistication of these attacks is growing.
To protect your staff and your business, you should source expert cyber security training for anyone in your company with an email address. To make this easy, we provide all our clients with free content-rich cyber security staff training. If you’re an existing client and haven’t taken advantage of this opportunity yet, there’s no better time.
“Great training session. Especially concerning the risk that our own personal social media has when cyber criminals wish to infiltrate an organisation. Thanks from all of us here!” – Practice Manager, Mason Baggott & Garton Solicitors
.