What Executives Really Should Know About Social Media

Uploaded on 2016-08-16 in NEWS-Cybersecurity News, FREE TO VIEW, TECHNOLOGY-Key Areas-Social Media

Executive social media accounts are the first places many malicious attackers go when gathering intelligence

According to the Australian Bureau of Statistics, of the 9.2 million short-term resident departures from Australia last year, ‘business’ was the third most frequently cited reason for travel.

In amongst the planning, meetings and the hustle between airports and hotel rooms, executives may find some solace in logging onto Facebook, Twitter, Instagram and LinkedIn to keep their social networks updated. Unfortunately, while your followers are listening, cybercriminals are as well.

Executive social media accounts are the first places many malicious attackers go when gathering intelligence for one of the fastest growing cyber threat vectors – business email compromise (BEC). Simply put, BEC takes place when an attacker pretends to be an executive/person of authority and sends a realistic-looking email to a colleague requesting a large wire transfer or sensitive details like intellectual property (IP) or HR/payroll information.

The FBI recently warned that imposter emails increased by 270% last year and worldwide it jumped a staggering 1,300 per cent since 2015, equaling $3.1B US in identified exposed loss. Top executives have also lost their jobs due to significant financial losses associated with imposter emails.

With that in mind, here are three things you should do when using social media while traveling.

Avoid Checking-in

If you are in a senior executive at your organisation, do not risk checking-in on any social media channels (or enabling location on your posts), whether that be at the airport, a business district or your hotel. You’re essentially letting the public know that you’re out of the office. That absence gives the malicious attacker the opportunity to fraudulently email your team and request a wire transfer. For example, “Hi John – as you know I’m away for a few weeks in Hong Kong and am mostly uncontactable – can you URGENTLY wire $100,000 to the below account by COB today before my important meeting at 4pm.”

Ensure your status updates are private

If you are going to advertise your business travels and movements online (like sharing photos of a delicious meal at an airport or your selfie at an iconic city landmark), ensure to share updates solely with your Facebook Friends and LinkedIn Connections. Do not cast the net wider than family, friends and close business acquaintances. As a general side point here, always be careful about who you accept as connections on your social media accounts. For example, Facebook cloning is a recent trend affecting users as it involves attackers sending friend requests out from convincing fake profile accounts.

Manually approve online tags

There is an option on Facebook, Instagram and Twitter to approve statuses, photos and video tags prior to publishing content on your page and to your network of friends. By turning this option on, you’ll reduce the chance of attackers, who are actively monitoring the movements of you, your colleagues, and your partner, from automatically discovering more information about your business travels.

Following these three rules will help keep your activities sheltered from cybercriminals and reduce the likelihood that your business will fall victim to a BEC attack. In addition, be sure to remind your staff of the proper procedures for authorising wire transfers or sending sensitive content, especially while you are traveling.

Business Insider: http://bit.ly/29S0QfA

« What Makes A Data Scientist?
Ransomware Hackers Are Getting More Advanced »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Chubb

Chubb

Chubb is the world’s largest publicly traded property and casualty insurer. Commercial services include Cyber Risk insurance.

CISPA Helmholtz Center for Information Security

CISPA Helmholtz Center for Information Security

The CISPA Helmholtz Center for Information Security is a German national Big Science Institution within the Helmholtz Association. Our research encompasses all aspects of Information Security.

Accolade Technology

Accolade Technology

Accolade provides the most technologically advanced host cpu offload, 100% packet capture FPGA-based PCIe adapters and 1U platforms available in the network monitoring and cyber security markets.

CyberArrow

CyberArrow

CyberArrow (formerly EBDAA) is a consultancy company providing high quality consultancy services in Risk & Compliance and Awareness & Education.

Inavate Consulting

Inavate Consulting

Inavate Consulting are experts in defining and implementing information assurance solutions and governance frameworks. Our ISO27001 consultants are the most experienced in the industry.

EUROCONTROL

EUROCONTROL

EUROCONTROL is a pan-European, civil-military organisation dedicated to supporting European aviation. We help our stakeholders protect themselves against cyber threats.

Abion

Abion

At Abion (formerly BRANDIT), we empower your business by providing comprehensive brand protection and web security services.

AuthLite

AuthLite

With AuthLite, you can keep using all your existing software, with added two-factor authentication security placed exactly where you need it.

Seknox

Seknox

Seknox TRASA™ protects your business from insider threats.

Industrial Control System Information Sharing and Analysis Center (ICS-ISAC)

Industrial Control System Information Sharing and Analysis Center (ICS-ISAC)

ICS-ISAC is a non-profit, public/private Knowledge Sharing Center established to help facilities develop situational awareness in support of local, national and international security.

Xscale Accelerator

Xscale Accelerator

Xscale's vision is to create world-class startups out of India by transforming sales and providing access to global markets.

Com Olho

Com Olho

Com Olho provides the measurement, analytics, quality assurance, and fraud protection technologies brands need for their business and customers.

Pionen

Pionen

Pionen are a specialist information security consultancy with excellent people and proven security delivery methodologies at its core.

Crypto Legal

Crypto Legal

Crypto Legal is a leading UK-based law firm specialising in blockchain forensics and legal services.

Cybercentry

Cybercentry

Cybercentry is a specialist information security, data protection and cyber security consultancy.

AI Safety Institute (AISI)

AI Safety Institute (AISI)

The AI Safety Institute’s mission is to minimise surprise to the UK and humanity from rapid and unexpected advances in AI.