What Executives Really Should Know About Social Media

Executive social media accounts are the first places many malicious attackers go when gathering intelligence

According to the Australian Bureau of Statistics, of the 9.2 million short-term resident departures from Australia last year, ‘business’ was the third most frequently cited reason for travel.

In amongst the planning, meetings and the hustle between airports and hotel rooms, executives may find some solace in logging onto Facebook, Twitter, Instagram and LinkedIn to keep their social networks updated. Unfortunately, while your followers are listening, cybercriminals are as well.

Executive social media accounts are the first places many malicious attackers go when gathering intelligence for one of the fastest growing cyber threat vectors – business email compromise (BEC). Simply put, BEC takes place when an attacker pretends to be an executive/person of authority and sends a realistic-looking email to a colleague requesting a large wire transfer or sensitive details like intellectual property (IP) or HR/payroll information.

The FBI recently warned that imposter emails increased by 270% last year and worldwide it jumped a staggering 1,300 per cent since 2015, equaling $3.1B US in identified exposed loss. Top executives have also lost their jobs due to significant financial losses associated with imposter emails.

With that in mind, here are three things you should do when using social media while traveling.

Avoid Checking-in

If you are in a senior executive at your organisation, do not risk checking-in on any social media channels (or enabling location on your posts), whether that be at the airport, a business district or your hotel. You’re essentially letting the public know that you’re out of the office. That absence gives the malicious attacker the opportunity to fraudulently email your team and request a wire transfer. For example, “Hi John – as you know I’m away for a few weeks in Hong Kong and am mostly uncontactable – can you URGENTLY wire $100,000 to the below account by COB today before my important meeting at 4pm.”

Ensure your status updates are private

If you are going to advertise your business travels and movements online (like sharing photos of a delicious meal at an airport or your selfie at an iconic city landmark), ensure to share updates solely with your Facebook Friends and LinkedIn Connections. Do not cast the net wider than family, friends and close business acquaintances. As a general side point here, always be careful about who you accept as connections on your social media accounts. For example, Facebook cloning is a recent trend affecting users as it involves attackers sending friend requests out from convincing fake profile accounts.

Manually approve online tags

There is an option on Facebook, Instagram and Twitter to approve statuses, photos and video tags prior to publishing content on your page and to your network of friends. By turning this option on, you’ll reduce the chance of attackers, who are actively monitoring the movements of you, your colleagues, and your partner, from automatically discovering more information about your business travels.

Following these three rules will help keep your activities sheltered from cybercriminals and reduce the likelihood that your business will fall victim to a BEC attack. In addition, be sure to remind your staff of the proper procedures for authorising wire transfers or sending sensitive content, especially while you are traveling.

Business Insider: http://bit.ly/29S0QfA

« What Makes A Data Scientist?
Ransomware Hackers Are Getting More Advanced »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

NICE Systems

NICE Systems

NICE Systems provide software solutions to ensure compliance, fight financial crime, and safeguard people and assets.

Cybonet

Cybonet

Cybonet is committed to empowering organizations of all sizes with the tools and capabilities to detect and engage cyber security threats.

Bolton Labs

Bolton Labs

Bolton Labs is a leading provider cybersecurity services, tools, and analysis for MSPs and organizations who want to scale their security offerings.

Cyverse

Cyverse

Cyverse is a cyber-security firm which provides corporations with state-of-the-art cyber-security service-based and technological solutions made in Israel.

AntemetA

AntemetA

AntemetA specializes in network infrastructure, security and cloud computing, helping companies transform their Information Systems.

ReSec Technologies

ReSec Technologies

ReSec provides total protection against all types of known and unknown malware threats including viruses, Trojans, ransomware and phishing, regardless of their delivery method.

XLAB

XLAB

XLAB is an R&D company with a strong research background in the fields of distributed systems, cloud computing, security and dependability of systems.

SBD Automotive

SBD Automotive

SBD Automotive are specialists in automotive technology providing independent research and consultancy to help create smarter, more secure, better connected, and increasingly autonomous cars.

National Health Care Anti-Fraud Association (NHCAA)

National Health Care Anti-Fraud Association (NHCAA)

National Health Care Anti-Fraud Association is the leading national organization focused exclusively on the fight against health care fraud.

Blackpoint Cyber

Blackpoint Cyber

Blackpoint’s mission is to provide effective, affordable real-time threat detection and response to organizations of all sizes around the world.

Spamhaus

Spamhaus

Spamhaus is the world leader in supplying realtime highly accurate threat intelligence to the Internet's major networks.

Peris.ai

Peris.ai

Peris.ai is a cybersecurity as a service startup that protects businesses and organizations from online threats.

FTI Consulting

FTI Consulting

FTI Consulting is a global business advisory firm dedicated to helping organizations manage change, mitigate risk and resolve disputes.

Kivera

Kivera

Kivera enforces your organisation governance and security policies across cloud deployments preventing misconfigurations turning into attack vectors.

Strobes Security

Strobes Security

Strobes is among the world’s first cybersecurity platforms specifically designed for end-to-end continuous threat exposure management.

Odaseva

Odaseva

Odaseva delivers the strongest data security solution for enterprises running on Salesforce, safeguarding confidentiality and integrity of critical business information.