October is National Cybersecurity Awareness Month (NCSAM), and this year’s theme is “Own IT. Secure IT. Protect IT.” We discussed NCSAM’s overall goals at the beginning of the month, and in the next three weeks, we’ll dive into key parts of the theme as they relate to Small Business and the cybersecurity providers they rely on.
Part 1 of 3 in our NSCAM-focused series spotlights a component of Owning IT: Never Click and Tell: staying safe on social media. Social media is a great opportunity for you and your customers, but it’s important to be mindful of business-specific security concerns. Here are a few tips:
Avoid Social Media Phishing
Phishing isn’t just for email—attacks can also come through social media posts and private messages. Social media phishing has grown in popularity, and as with email phishing, attacks can spread malware or steal information. (Dislike!)
To minimize the risk of a social media phishing attack, customers should be familiar with common social media scams and avoid clicking suspicious-looking messages and posts. Even trusted contacts may have been hacked, so in the case of a vague, urgent, or uncharacteristic message, it’s always best to verify before responding.
Additionally, encourage customers to build a policy around social media use at work. Consider disallowing personal social media on work devices, and train employees who use social media for work purposes on social media safety basics.
Share with Care
Social media is built for sharing, but seemingly innocent information found on social media can be used by a cyberattacker to craft a convincing spear phishing attack. (Need proof? Check out this article by a real-life hacker!)
Here are a few tips for employees to help keep them—and the business—safe:
- Minimize what you share about work on social media.
- Update your privacy settings and be cautious with personal information.
- Don’t connect with people you don’t know in real life, even on LinkedIn.
Handling with care also applies to business accounts. Advise your customers to be cautious of what they post to the company account—for example, pictures of the facility could betray the layout or security systems. A regular audit of social media contact information, administrators, and security settings helps keep accounts locked down.
Protect Business Accounts
You already know how important it is to protect company accounts, and social media is no exception. Sensitive data contained in your customers’ social media accounts can include:
- Private messages with customers
- Company social media administrators (with a link to their personal profile)
- Hidden contact or other company information
- Billing and credit card information (from advertising or other paid engagements)
Additionally, if your customer’s social media accounts are breached, attackers could post damaging content or target followers with a social media phishing or other scam attempt—not a great look for the company brand.
The good news is that most major social media platforms take security seriously. Using strong, unique passwords and two-factor authentication (2FA), watching for suspicious activity, and regularly auditing security settings and administrators goes a long way towards protecting company accounts.
It’s great for your customers to get social—you can help them do so safely.
Your Friends @ Defendify