What Executives Really Should Know About Social Media

Uploaded on 2016-08-16 in NEWS-Cybersecurity News, FREE TO VIEW, TECHNOLOGY-Key Areas-Social Media

Executive social media accounts are the first places many malicious attackers go when gathering intelligence

According to the Australian Bureau of Statistics, of the 9.2 million short-term resident departures from Australia last year, ‘business’ was the third most frequently cited reason for travel.

In amongst the planning, meetings and the hustle between airports and hotel rooms, executives may find some solace in logging onto Facebook, Twitter, Instagram and LinkedIn to keep their social networks updated. Unfortunately, while your followers are listening, cybercriminals are as well.

Executive social media accounts are the first places many malicious attackers go when gathering intelligence for one of the fastest growing cyber threat vectors – business email compromise (BEC). Simply put, BEC takes place when an attacker pretends to be an executive/person of authority and sends a realistic-looking email to a colleague requesting a large wire transfer or sensitive details like intellectual property (IP) or HR/payroll information.

The FBI recently warned that imposter emails increased by 270% last year and worldwide it jumped a staggering 1,300 per cent since 2015, equaling $3.1B US in identified exposed loss. Top executives have also lost their jobs due to significant financial losses associated with imposter emails.

With that in mind, here are three things you should do when using social media while traveling.

Avoid Checking-in

If you are in a senior executive at your organisation, do not risk checking-in on any social media channels (or enabling location on your posts), whether that be at the airport, a business district or your hotel. You’re essentially letting the public know that you’re out of the office. That absence gives the malicious attacker the opportunity to fraudulently email your team and request a wire transfer. For example, “Hi John – as you know I’m away for a few weeks in Hong Kong and am mostly uncontactable – can you URGENTLY wire $100,000 to the below account by COB today before my important meeting at 4pm.”

Ensure your status updates are private

If you are going to advertise your business travels and movements online (like sharing photos of a delicious meal at an airport or your selfie at an iconic city landmark), ensure to share updates solely with your Facebook Friends and LinkedIn Connections. Do not cast the net wider than family, friends and close business acquaintances. As a general side point here, always be careful about who you accept as connections on your social media accounts. For example, Facebook cloning is a recent trend affecting users as it involves attackers sending friend requests out from convincing fake profile accounts.

Manually approve online tags

There is an option on Facebook, Instagram and Twitter to approve statuses, photos and video tags prior to publishing content on your page and to your network of friends. By turning this option on, you’ll reduce the chance of attackers, who are actively monitoring the movements of you, your colleagues, and your partner, from automatically discovering more information about your business travels.

Following these three rules will help keep your activities sheltered from cybercriminals and reduce the likelihood that your business will fall victim to a BEC attack. In addition, be sure to remind your staff of the proper procedures for authorising wire transfers or sending sensitive content, especially while you are traveling.

Business Insider: http://bit.ly/29S0QfA

« What Makes A Data Scientist?
Ransomware Hackers Are Getting More Advanced »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

ThreatConnect

ThreatConnect

ThreatConnect is an enterprise threat intelligence platform by Cyber Squared bridging incident response, defense, and threat analysis for InfoSec & DFIR teams.

Lumeta

Lumeta

Lumeta’s cyber situational awareness platform is the unmatched source for enterprise network infrastructure analytics and security monitoring for breach detection.

NUS-Singtel Cyber Security R&D Lab

NUS-Singtel Cyber Security R&D Lab

NUS-Singtel Cyber Security R&D Lab conducts research into predictive security analytics.

Latvian Information & Communications Technology Association (LIKTA)

Latvian Information & Communications Technology Association (LIKTA)

LIKTA brings together leading Latvian companies, organizations and professionals in the field of Information & Communications Technology

DomainTools

DomainTools

DomainTools is the global leader for internet intelligence and the first place security practitioners go when they need to know.

Mako Networks

Mako Networks

The Mako System is an award winning networking and security service designed specifically for SMEs and branch offices of larger organisations.

Syskode Technologies

Syskode Technologies

Sykode Technologies is a next-generation global technology company offering an integrated portfolio of advisory services, products and solutions in areas including AI, IoT and Cyber Security.

Netgo

Netgo

Netgo group meet the requirements of a complex, digitized world with IT consulting, IT solutions & services, managed & cloud services and software products & development.

Anjuna Security

Anjuna Security

Software from Anjuna Security effortlessly enables enterprises to safely run even their most sensitive workloads in the public cloud.

DruvStar

DruvStar

DruvStar provides B2B cybersecurity around threat management to strengthen businesses across attack vectors.

Cybit

Cybit

Cybit is the one-stop-shop for digital transformation that scales in line with your growth.

Forward Networks

Forward Networks

Forward Networks - transforming networks to be more reliable, agile, and secure.

AuthenticID

AuthenticID

Our mission at AuthenticID is to combat fraud worldwide and help businesses protect their enterprise and valuable data assets.

Screwloose IT

Screwloose IT

Screwloose IT are a national provider of information technology services. We specialise in managed IT, cloud services, cyber security, website design and digital marketing for businesses of all sizes.

Cyber Brain Academy

Cyber Brain Academy

At Cyber Brain Academy, our mission is to provide high-quality IT certification training for the cyber security workforce.

CyberNINES

CyberNINES

CyberNINES is a business specializing in helping US Department of Defense contractors become compliant and attest to federal cybersecurity regulation requirements.