Jim Zuffoletti, CEO and co-founder of SafeGuard Cyber, talks about the ways in which employers can help protect its employees from cyber attacks on social media
It wasn’t a surprise to learn recently that some 10,000 UK nationals have been targeted on LinkedIn by fake profiles tied to hostile nation-state threat actors. This intelligence shared by the MI5 security service is similar to what we’ve seen in previous foreign intelligence operations emanating from Russia, China, and North Korea. And given the vast number of people using social media today without any security applications, attacks like these are not likely to abate any time soon.
Consider, when many social media users receive a connection request, link, or attachment from somebody who looks like a trusted source on a messaging app or through LinkedIn InMail, they often don’t hesitate to click. And in those scenarios when the connection request or message is sent by a bad actor, unsuspecting people, and their organizations, can instantaneously be put at risk – often without even knowing.
Threats abound on social media. From fake accounts seeking to gain your trust, to nefarious message content that can detonate phishing attacks or malware, users of LinkedIn and other social media networks are often at risk and can be baited into leaking out personal information or sensitive company data.
In the current work-from-anywhere climate of modern business, corporate executives and their employees are all using social media, mobile chat, and collaboration apps to communicate with their teams and interact with customers. While some of these applications are owned by their enterprises, others are not.
For many years, organizations have protected their corporate email with enterprise-grade security to safeguard employees against phishing attacks and other threats targeting employees.We all understand that IT owns email and manages it.
And typically, collaboration applications set up in Slack, Zoom, and MS Teams are also overseen by network administrators. But social media channels and mobile chat apps used by individual employees such as LinkedIn, Facebook, and WhatsApp, are not owned by enterprises. Organizations possess no security or compliance governance over them.
As a result, many social apps that are being used for business purposes are not protected against threats. Essentially, humans using these third-party tools have essentially become the new endpoints that fall outside of traditional network security boundaries.
So, where does this leave security and compliance teams looking to protect their employees who are using cloud-based communication tools for business purposes that are unsanctioned by the enterprise?
For starters, educating employees on how to safely use social media is a good start. Never accepting any social media connection requests or clicking on links that they feel uncomfortable about is most advisable. For example, the “Think Before You Link” program advocated by the UK’s Centre for the National Protection of Infrastructure (CPNI) is commendable for encouraging individuals to report suspicious profiles and remove them from their network.
Unfortunately, such steps could be a case of too little, too late, especially if somebody’s social media account has already been compromised and bad actors have already infiltrated their personal or professional networks. Protecting your employees who use social media can’t solely rely on best intuitions or guesswork for determining which accounts are safe for them to engage with.
Today’s innovative security and compliance teams are partnering with their employees and directing them to a layer of security that can help them avoid falling prey to unsafe connections, social engineering attacks, malware, and other social media threats. The best way to protect employees in their use of social media is to adopt a technology that can do the following:
- Identify bad actors the moment they attempt to connect or follow an account;
- Detect and remediate malicious links and files in posts and DMs;
- Secure employees from account impersonations and takeovers;
- Respond to risks without exposing private message contents.
The volume and velocity of communications taking place on LinkedIn and other social media, mobile chat, and collaboration apps happening today often far eclipse the daily communication going through company email. Brands now owe it to themselves to ensure that they are protecting their employees on cloud-based apps just as they do inside their networks. This requires providing them with an additional layer of security for all communication channels that fall outside of the network security perimeter.
For more such updates and perspectives around Digital Innovation, IoT, Data Infrastructure, AI & Cybsercurity, go to AI-Techpark.com.