What Executives Really Should Know About Social Media

Uploaded on 2016-08-16 in NEWS-Cybersecurity News, FREE TO VIEW, TECHNOLOGY-Key Areas-Social Media

Executive social media accounts are the first places many malicious attackers go when gathering intelligence

According to the Australian Bureau of Statistics, of the 9.2 million short-term resident departures from Australia last year, ‘business’ was the third most frequently cited reason for travel.

In amongst the planning, meetings and the hustle between airports and hotel rooms, executives may find some solace in logging onto Facebook, Twitter, Instagram and LinkedIn to keep their social networks updated. Unfortunately, while your followers are listening, cybercriminals are as well.

Executive social media accounts are the first places many malicious attackers go when gathering intelligence for one of the fastest growing cyber threat vectors – business email compromise (BEC). Simply put, BEC takes place when an attacker pretends to be an executive/person of authority and sends a realistic-looking email to a colleague requesting a large wire transfer or sensitive details like intellectual property (IP) or HR/payroll information.

The FBI recently warned that imposter emails increased by 270% last year and worldwide it jumped a staggering 1,300 per cent since 2015, equaling $3.1B US in identified exposed loss. Top executives have also lost their jobs due to significant financial losses associated with imposter emails.

With that in mind, here are three things you should do when using social media while traveling.

Avoid Checking-in

If you are in a senior executive at your organisation, do not risk checking-in on any social media channels (or enabling location on your posts), whether that be at the airport, a business district or your hotel. You’re essentially letting the public know that you’re out of the office. That absence gives the malicious attacker the opportunity to fraudulently email your team and request a wire transfer. For example, “Hi John – as you know I’m away for a few weeks in Hong Kong and am mostly uncontactable – can you URGENTLY wire $100,000 to the below account by COB today before my important meeting at 4pm.”

Ensure your status updates are private

If you are going to advertise your business travels and movements online (like sharing photos of a delicious meal at an airport or your selfie at an iconic city landmark), ensure to share updates solely with your Facebook Friends and LinkedIn Connections. Do not cast the net wider than family, friends and close business acquaintances. As a general side point here, always be careful about who you accept as connections on your social media accounts. For example, Facebook cloning is a recent trend affecting users as it involves attackers sending friend requests out from convincing fake profile accounts.

Manually approve online tags

There is an option on Facebook, Instagram and Twitter to approve statuses, photos and video tags prior to publishing content on your page and to your network of friends. By turning this option on, you’ll reduce the chance of attackers, who are actively monitoring the movements of you, your colleagues, and your partner, from automatically discovering more information about your business travels.

Following these three rules will help keep your activities sheltered from cybercriminals and reduce the likelihood that your business will fall victim to a BEC attack. In addition, be sure to remind your staff of the proper procedures for authorising wire transfers or sending sensitive content, especially while you are traveling.

Business Insider: http://bit.ly/29S0QfA

« What Makes A Data Scientist?
Ransomware Hackers Are Getting More Advanced »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Security Research Labs (SRLabs)

Security Research Labs (SRLabs)

Security Research Labs is a Berlin-based hacking research collective and consulting think tank.

evoila

evoila

evoila GmbH is one of the leading providers in consulting, analysis, implementation and management of cloud infrastructure.

PCI Compliance Guide

PCI Compliance Guide

The PCI Compliance Guide is one of the leading educational websites available focused exclusively on PCI compliance.

SailPoint

SailPoint

SailPoint provides identity governance solutions with on-premises and cloud-based identity management software for the most complex challenges.

Black Hills Information Security (BHIS)

Black Hills Information Security (BHIS)

Black Hills Information Security provide security testing and vulnerability assessment services.

Mindsight

Mindsight

Mindsight is a technology consulting firm with expertise from cybersecurity to cloud, disaster recovery to infrastructure, and collaboration to contact center.

Research Institute in Secure Hardware and Embedded Systems (RISE)

Research Institute in Secure Hardware and Embedded Systems (RISE)

The UK Research Institute in Secure Hardware and Embedded Systems (RISE) seeks to identify and address key issues that underpin our understanding of Hardware Security.

OriginalMy

OriginalMy

OriginalMy is a cybersecurity startup, focussed on digital governance and information authentication. Its mission is to prove authenticity using state-of-the-art cryptography and blockchain technology

Snowflake

Snowflake

Empower your cybersecurity and compliance teams with Snowflake. Gain full visibility into security logs, at massive scale, while reducing costs of Security Information and Event Management systems.

JFrog

JFrog

JFrog is on a mission to enable continuous updates through Liquid Software, empowering developers to code high-quality applications that securely flow to end-users with zero downtime.

Kyndryl

Kyndryl

Kyndryl has a comprehensive portfolio that leverages hybrid cloud solutions, business resiliency, and network services to help optimize your IT workloads and transformations.

Palitronica

Palitronica

Palitronica build cutting-edge hardware and breakthrough software that revolutionizes how we defend critical infrastructure and key resources.

Boston Government Services (BGS)

Boston Government Services (BGS)

Boston Government Services is an engineering, technology, and security firm providing mission-focused solutions for the clean energy, nuclear, and federal programs markets.

PDI Technologies

PDI Technologies

PDI Technologies helps convenience retail and petroleum wholesale businesses around the globe increase efficiency and profitability by securely connecting their data and operations.

HeroDevs

HeroDevs

HeroDevs is the trusted leader in providing secure, long-term support for deprecated open-source software.

VirtualMetric

VirtualMetric

VirtualMetric delivers performance-driven IT monitoring and log management solutions that simplify complex environments.