In today’s complex security environment, companies have to operate in a variety of ways. Threats are growing on the one hand, but the threat landscape is changing on the other. Due to the availability of new tools (like AI) and services (like hacking-as-a-service), bad actors are becoming more sophisticated. Meanwhile, companies have to deal with a greater amount of sensitive data than ever before. Security practices have been reassessed by consumers and regulators alike as a result of this.
All of this is compounded by the fact that companies are operating in increasingly decentralized digital models. There is no place for firewalls in the modern world. Access to work from anywhere, on any device, and on any network is what employees want. Insider threats have risen as a result, making it more likely for employees to inadvertently (or intentionally) disclose corporate data.
Insider threats are becoming increasingly problematic through social media. We examine how social media can impact data security for organizations in this article, as well as what they can do to mitigate this threat.
The challenge with social media
Users of social media platforms share information about their life and experiences to varying degrees, depending on the platform. Using social media as a channel for discussing work-related topics can be an easy way for employees to express their excitement about a new product feature, post a photo from a company event, or even share sensitive information with their colleagues via private chat. Businesses face several challenges due to this high level of information sharing, both personal and corporate.
To begin with, information can accidentally be shared. It is possible for an employee to post a picture of their desk on Instagram to show off their lunch or the view from the office and forget to blur the sensitive information on the screen. In an alternative scenario, a software developer might seek out peers on a Reddit forum for help having a specific issue with their code, and inadvertently share proprietary code.
Anonymity is also possible on some social media channels. Disgruntled employees may post corporate secrets on Twitter or Reddit and make them available to competitors and regulators.
On the other hand, cybercriminals use social media platforms as a resource for their attacks. As they understand that people share information readily, they access public profiles to gather information that they can use for sophisticated social engineering attacks. LinkedIn enables them, for example, to map an organizational structure, access corporate email addresses, and locate vacation schedules for core employees. The company can also review an employee’s followers or contacts, create a fake account for someone on the company’s list that’s not on the list, and encourage the employee to disclose sensitive information.
Businesses can be vulnerable to sophisticated threats such as phishing and social engineering as a result of all of these challenges. A few examples of these threats include brand impersonation, data theft, and even large-scale data breaches. Despite social media leaks’ potential impact, companies are notoriously difficult to control data egress through these platforms. The following are some proactive mitigation measures that companies can take to mitigate these risks.
Staying ahead of social media threats
Businesses cannot control what their employees say on their personal social media accounts – that’s a given. It is important for them to educate their users about the dangers of disclosing too much information, however. Their employees can also be educated on the most effective ways to protect their data, credentials, and corporate details. In addition to onboarding training, security weeks can be gamified so employees are challenged to identify and use security best practices, and lunch and learn sessions can be dedicated to security.
When companies provide employees with mobile devices, there’s also a chance to set clear expectations regarding what can be posted from these devices. As well as encouraging users to change their phone passwords frequently, they can also point them towards a password manager they can use on their social media accounts.
Technology and services can also be helpful in this area. Identifying fraudulent accounts on social media can be done by companies using social media scanning services. Data loss prevention tools can also assist in quickly identifying sensitive data breaches and initiating immediate action when they are detected.
Evolving with the times
A company’s responsibility when it comes to maintaining robust security measures is to keep up with cultural shifts and the adoption of new platforms. Security practitioners need to maintain awareness of any new threat vectors, incorporate new policies and measures as necessary, and stay up-to-date with best practices. Because of this, you need a comprehensive, iterative, and robust cybersecurity strategy that accounts for both insiders and external threats.
