What Executives Really Should Know About Social Media

Uploaded on 2016-08-16 in NEWS-Cybersecurity News, FREE TO VIEW, TECHNOLOGY-Key Areas-Social Media

Executive social media accounts are the first places many malicious attackers go when gathering intelligence

According to the Australian Bureau of Statistics, of the 9.2 million short-term resident departures from Australia last year, ‘business’ was the third most frequently cited reason for travel.

In amongst the planning, meetings and the hustle between airports and hotel rooms, executives may find some solace in logging onto Facebook, Twitter, Instagram and LinkedIn to keep their social networks updated. Unfortunately, while your followers are listening, cybercriminals are as well.

Executive social media accounts are the first places many malicious attackers go when gathering intelligence for one of the fastest growing cyber threat vectors – business email compromise (BEC). Simply put, BEC takes place when an attacker pretends to be an executive/person of authority and sends a realistic-looking email to a colleague requesting a large wire transfer or sensitive details like intellectual property (IP) or HR/payroll information.

The FBI recently warned that imposter emails increased by 270% last year and worldwide it jumped a staggering 1,300 per cent since 2015, equaling $3.1B US in identified exposed loss. Top executives have also lost their jobs due to significant financial losses associated with imposter emails.

With that in mind, here are three things you should do when using social media while traveling.

Avoid Checking-in

If you are in a senior executive at your organisation, do not risk checking-in on any social media channels (or enabling location on your posts), whether that be at the airport, a business district or your hotel. You’re essentially letting the public know that you’re out of the office. That absence gives the malicious attacker the opportunity to fraudulently email your team and request a wire transfer. For example, “Hi John – as you know I’m away for a few weeks in Hong Kong and am mostly uncontactable – can you URGENTLY wire $100,000 to the below account by COB today before my important meeting at 4pm.”

Ensure your status updates are private

If you are going to advertise your business travels and movements online (like sharing photos of a delicious meal at an airport or your selfie at an iconic city landmark), ensure to share updates solely with your Facebook Friends and LinkedIn Connections. Do not cast the net wider than family, friends and close business acquaintances. As a general side point here, always be careful about who you accept as connections on your social media accounts. For example, Facebook cloning is a recent trend affecting users as it involves attackers sending friend requests out from convincing fake profile accounts.

Manually approve online tags

There is an option on Facebook, Instagram and Twitter to approve statuses, photos and video tags prior to publishing content on your page and to your network of friends. By turning this option on, you’ll reduce the chance of attackers, who are actively monitoring the movements of you, your colleagues, and your partner, from automatically discovering more information about your business travels.

Following these three rules will help keep your activities sheltered from cybercriminals and reduce the likelihood that your business will fall victim to a BEC attack. In addition, be sure to remind your staff of the proper procedures for authorising wire transfers or sending sensitive content, especially while you are traveling.

Business Insider: http://bit.ly/29S0QfA

« What Makes A Data Scientist?
Ransomware Hackers Are Getting More Advanced »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Site24x7

Site24x7

Site24x7 is an AI-powered observability platform for DevOps and IT operations.

Digital Defense Inc (DDI)

Digital Defense Inc (DDI)

DDI offers vulnerability scanning, penetration testing, web application testing, social engineering and additional security assessments.

Agari

Agari

Agari is the Trusted Email Identity Company™, protecting brands and people from devastating phishing and socially-engineered attacks.

Positive Technologies

Positive Technologies

Positive Technologies is a leading global provider of enterprise security solutions for vulnerability and compliance management, incident and threat analysis, and application protection.

Sentropi

Sentropi

Sentropi is an online protection solution against charge backs, account takeovers, identity thefts and online scams.

Xage Security

Xage Security

Xage is the world’s first blockchain-protected security platform for Industrial IoT.

Joint Accreditation System of Australia and New Zealand (JASANZ)

Joint Accreditation System of Australia and New Zealand (JASANZ)

JASANZ is the joint national accreditation body for Australia and New Zealand. The directory of members provides details of organisations offering certification services for ISO 27001.

ZecOps

ZecOps

ZecOps is a cybersecurity automation company offering solutions for servers, endpoints, mobile devices, and custom devices.

Astaara

Astaara

Astaara is an integrated insurance services and risk management advisory business incorporating cyber risk advisory, underwriting and analytics.

Aeries Technology

Aeries Technology

Aeries is a technology services organization offering capabilities in Technology Services, Digital Transformation, and Business Process Management.

Strobes Security

Strobes Security

Strobes is among the world’s first cybersecurity platforms specifically designed for end-to-end continuous threat exposure management.

RAH Infotech

RAH Infotech

RAH Infotech is India’s leading value added distributor and solutions provider in the Network and Security domain. We are specialists in Enterprise and App Security and Application Delivery.

S4E (Security for Everyone)

S4E (Security for Everyone)

At S4E.io, our mission is to democratize digital security, making it accessible, simple, and effective for individuals and businesses of all sizes.

SysGroup

SysGroup

SysGroup is an award-winning managed IT services, cloud hosting, and IT consultancy provider.

OryxAlign

OryxAlign

OryxAlign offer managed IT and cyber security, cloud and digital transformation, and tailored professional and consulting services.

DeepStrike

DeepStrike

DeepStrike is a leading cybersecurity firm specializing in human-powered, high-quality penetration testing designed to protect businesses from evolving cyber threats.