How to Minimize the Risk of Social Media Data Breaches
While data breaches can happen at any time and anywhere, the world of social media has become a prominent battleground in recent years.
Virtually every organization – businesses, educational institutions, and associations – has employees, students, and members who make use of social media sites such as Facebook and Instagram in their personal lives.
More often than not, businesses themselves have a considerable online presence and draw on social media networks like Facebook and LinkedIn, in particular, for marketing functions, sales, and client relations.
Organizations that lack a significant online presence but have employees that use social networks have an obligation to ensure that their users and staff members’ identities are safeguarded online.
Many organizations supply their employees with basic information on safe internet practices, with the hope that they will implement these practices at home as well as at work. This offers an ideal opportunity for corporate security teams to lay the groundwork for what actions can be taken in case of a large-scale social network cyberattack.
The goal is to lessen the impact of data breaches that are otherwise out of your control or to limit their adverse effects.
In this article, we’ll explore five ways to help minimize the risk of data breaches on social media networks and other applications.
Don’t Reuse Passwords – But Do Change Them Often
We’re going to presume that you and your team are already aware of how to come up with a strong password, using a succession of upper and lower case letters, numbers, and symbols – and not including telltale tidbits like the name of your pet.
Great password? Check! But wait, there’s more!
Whenever a major social media breach does occur, it may take some time between when the breach first surfaces, when an organization detects it, and when you’re alerted to the fact that your information has been compromised.
If you’re changing your password consistently, you narrow the window of damage opportunity between those monumental events. Even if you’ve fashioned what you believe to be the perfect password, don’t recycle it across multiple accounts.
Based on surveys conducted by Terranova Security, nearly 80% of users are still utilizing the same passwords on numerous systems. That number increases even more for the younger generation – either they aren’t aware of the risk or it’s possible that they don’t want to have to recall a slew of different passwords.
Regardless, if you’re using the same account-password combination on several channels and one channel is breached, cyberattackers are more likely to be able to infiltrate your other accounts.
Consider Utilizing a Password Management Tool to Preserve Your Passwords
If you don’t want to – or can’t – remember all of those complicated passwords you’ve created, consider making use of a secure password management tool.
From a functionality standpoint, a password manager is simply that – a program you log in to with one password that stores all of your other passwords. Think of it, more or less, as a digital wallet.
When considering which password management tool to use, try to find one that’s well-encrypted and allows for management between a number of platforms and devices.
A few of the more prominent password management tools on the market include 1Password, KeePass, and Dashlane.
Implement Two-Factor Authentication
Suppose someone does come into possession of your password – what then? In all likelihood, they’ll appropriate your username in order to gain access to your social network accounts – at the very least – unless you’ve initiated two-factor authentication.
Two-factor authentication is a security method that provides a computer user access only after they have supplied multiple forms of evidence verifying that they are legitimately the user they claim to be.
Let’s say you’re connecting from a computer or location that you haven’t used before – if you have two-factor authentication set up, the application will send a PIN to your phone which you must then reproduce. If someone has pilfered your password and is trying to connect to one of your accounts, you’ll receive a notification of an unauthorized access attempt.
If it obviously isn’t you who’s attempting to log in from a new source or location, you’ll know that a hacker has moved past the first stage – that is, accessing your password. If that is the case, deny access, change your password right away, and be grateful you set up two-factor authentication.
Through the use of social engineering or malware, cybercriminals will masquerade as an individual involved in these money transfers to trick the victim into sending money to a bank account owned by the cybercriminal.
Once the fraud is exposed, it’s often too late to recoup the money. Scammers are quick to relocate the money to other accounts and withdraw the cash or use it to buy cryptocurrencies.
However, the scam is not always associated with an unauthorized transfer of funds. One BEC variation involves compromising legitimate business email accounts and requesting personally identifiable information (PII), wage and tax settlement (W-2) forms, or even cryptocurrency wallets from recipients.
Steer Clear of Online Applications That Enable You to Log In Automatically Using Your Facebook Credentials
More and more apps are connecting back and forth and enabling users to access multiple channels with a single sign-on (SSO).
You’ve likely encountered apps where you can create an account or sign in automatically simply by using your Facebook credentials. Convenient? Smart? Not exactly.
While it might seem like a timesaving method, should your Facebook credentials become exposed, hackers could take advantage of them to access other accounts under your name. Whenever possible, refrain from taking advantage of these opportunities.
The supposed convenience of social media-based SSO is appealing, but bear in mind that if you are compromised on one platform, you could be compromised on another. The more interconnected systems you have, the more you are at risk.
Take Heed When Your Friends’ Social Network Accounts Are Compromised
“Don’t accept any new friend requests from me. My account has been hacked.”
“Don’t click on the link in the message it looks like I sent you on Facebook. It isn’t me.”
You see these kinds of posts in your newsfeed all the time. But those are just the ones we’re aware of for certain. You might have friends or online acquaintances who don’t yet realize they’ve been compromised, and hackers may already be using their accounts to make phishing attempts.
Other times, hackers are merely paying attention to and gathering information that people post voluntarily on social media.
What’s the solution? It’s simple.
Don’t post confidential information on social media! Don’t make mention of your dog’s name on social media then use “What is your pet’s name?” as the security question on your online banking account.
And if your account is breached, let your friends know…immediately! Particularly on social media.
It’s all about creating a culture of information security. By presenting this information to users, organizations can demonstrate that they’re not just preoccupied with their own pursuits, but they’re concerned about the well-being of their employees as well.
DataGroup Technologies, Inc. (DTI) offers a wide variety of cybersecurity services to help protect your business from cyberthreats, including security risk assessments, web and DNS filtering, next-generation firewalls, network security monitoring, operating systems and application security patches, antivirus software, and security awareness training. Give us a call today at 252.329.1382 to learn more about how we can help you #SimplifyIT!