How To Minimize The Risk Of A Social Media Data Breach

How To Minimize The Risk Of A Social Media Data Breach

Virtually every organization – businesses, educational institutions, and associations – has employees, students, and members who make use of social media sites such as Facebook and Instagram in their personal lives.

More often than not, businesses themselves have a considerable online presence and draw on social media networks like Facebook and LinkedIn, in particular, for marketing functions, sales, and client relations.

Organizations that lack a significant online presence but have employees that use social networks have an obligation to ensure that their users and staff members’ identities are safeguarded online.

Many organizations supply their employees with basic information on safe internet practices, with the hope that they will implement these practices at home as well as at work. This offers an ideal opportunity for corporate security teams to lay the groundwork for what actions can be taken in case of a large-scale social network cyberattack.

The goal is to lessen the impact of a breach that’s otherwise out of your control, or to limit its adverse effects.

In this article, we’ll explore five ways to help minimize the risk of a breach on social media networks and other applications.

Don’t Reuse Passwords – But Do Change Them Often

We’re going to presume that you and your team are already aware of how to come up with a strong password, using a succession of upper and lower case letters, numbers, and symbols – and not including telltale tidbits like the name of your pet.

Great password? Check! But wait, there’s more!

Whenever a major social media breach does occur, it may take some time between when the breach first surfaces, when an organization detects it, and when you’re alerted to the fact that your information has been compromised.

If you’re changing your password consistently, you narrow the window of damage opportunity between those monumental events. Even if you’ve fashioned what you believe to be the perfect password, don’t recycle it across multiple accounts. 

Based on surveys conducted by Terranova Security, nearly 80% of users are still utilizing the same passwords on numerous systems. That number increases even more for the younger generation – either they aren’t aware of the risk or it’s possible that they don’t want to have to recall a slew of different passwords.

Regardless, if you’re using the same account-password combination on several channels and one channel is breached, cyberattackers are more likely to be able to infiltrate your other accounts.

Consider Utilizing a Password Management Tool to Preserve Your Passwords

If you don’t want to – or can’t – remember all of those complicated passwords you’ve created, consider making use of a secure password management tool. From a functionality standpoint, a password manager is simply that – a program you login to with one password that stores all of your other passwords.

Think of it, more or less, as a digital wallet.

When taking into consideration which password management tool to use, try to find one that’s well-encrypted and allows for management between a number of platforms and devices. A few of the more prominent password management tools on the market include 1Password, KeePass, and Dashlane.

Implement Two-Factor Authentication

Suppose someone does come into possession of your password – what then? In all likelihood, they’ll appropriate your username in order to gain access to your social network accounts – at the very least – unless you’ve initiated two-factor authentication.

Two-factor authentication is a security method that provides a computer user access only after they have supplied multiple forms of evidence verifying that they are legitimately the user they claim to be. 

For example, let’s say you’re connecting from a computer or location that you haven’t used before – if you have two-factor authentication set up, the application will send a PIN to your phone which you must then reproduce. If someone has pilfered your password and is trying to connect to one of your accounts, you’ll receive a notification of an unauthorized access attempt.

If it obviously isn’t you who’s attempting to log in from a new source or location, you’ll know that a hacker has moved past the first stage – that is, accessing your password. If that is the case, deny the access, change your password right away, and be grateful you set up two-factor authentication.

Through the use of social engineering or malware, cybercriminals will masquerade as one of the individuals involved in these money transfers to trick the victim into sending money to a bank account owned by the cybercriminal. Once the fraud is exposed, it’s often too late to recoup the money. Scammers are quick to relocate the money to other accounts and withdraw the cash or use it to buy cryptocurrencies.

However, the scam is not always associated with an unauthorized transfer of funds. One BEC variation involves compromising legitimate business email accounts and requesting personally identifiable information (PII), wage and tax settlement (W-2) forms, or even cryptocurrency wallets from recipients.

Steer Clear of Online Applications That Enable You to Log In Automatically Using Your Facebook Credentials

More and more apps are connecting back and forth and enabling users to access multiple channels with a single sign-on (SSO). You’ve likely encountered apps where you can create an account or sign in automatically simply by using your Facebook credentials. Convenient? Smart? Not exactly.

While it might seem like a timesaving method, should your Facebook credentials become exposed, hackers could take advantage of them to access other accounts under your name. Whenever possible, refrain from taking advantage of these opportunities.

The supposed convenience of social media-based SSO is appealing, but bear in mind that if you are compromised on one platform, you could be compromised on another. The more interconnected systems you have, the more you are at risk.

Take Heed When Your Friends’ Social Network Accounts Are Compromised

“Don’t accept any new friend requests from me. My account has been hacked.”

“Don’t click on the link in the message it looks like I sent you on Facebook. It isn’t me.”

You see these kinds of posts in your newsfeed all the time. But those are just the ones we’re aware of for certain. You might have friends or online acquaintances who don’t yet realize they’ve been compromised, and hackers may already be using their accounts to make phishing attempts.

Other times, hackers are merely paying attention to and gathering information that people post voluntarily on social media.

What’s the solution? It’s simple.

Don’t post confidential information on social media! Don’t make mention of your dog’s name on social media then use “What is your pet’s name?” as the security question on your online banking account.

And if your account is breached, let your friends know…immediately! Particularly on social media.

It’s all about creating a culture of information security. By presenting this information to users, organizations can demonstrate that they’re not just preoccupied with their own pursuits, but they’re concerned about the well-being of their employees as well.

DataGroup Technologies, Inc. (DTI) offers a wide variety of cybersecurity services to help protect your business from cyberthreats, including security risk assessments, web and DNS filtering, next-generation firewalls, network security monitoring, operating systems and application security patches, antivirus software, and security awareness training. Give us a call today at 252.329.1382 to learn more about how we can help you #SimplifyIT!

Related Posts

4 Helpful Tips For Keeping Your Passwords Secure

4 Helpful Tips For Keeping Your Passwords Secure

Individuals and organizations get hacked every day. It’s a fact of life. Sometimes it’s because the hacker is smart, and sometimes it’s because the users’ passwords are weak. Oftentimes, it’s both.

If you want to boost your protection against hackers, password security is paramount.

Here are four simple steps for ensuring that your accounts stay as protected as possible at all times:

Create Long, Unique Passwords

It’s crucial that you use a unique password on each of your online accounts. If you don’t do this, it could be easy for hackers to access a number of your accounts by cracking just one password. Cyberattackers actually count on you not taking this important step. A popular hacking approach called credential stuffing involves hackers trying your password across multiple sites to see how many of them they can successfully access.

Not only should all passwords be unique, they should also be long and complex. While a more complicated password doesn’t necessarily make it stronger, having a long password is the most important aspect. Experts recommend using passphrases in order to make the password longer, but also easier for you (and only you) to remember. The quirkier the phrase, the better. Substituting characters for certain letters can also help strengthen the password.

For instance, the absurd passphrase “dancing eggplants ate the cake” could be further bolstered by changing it to “d@nc!ng eggpl@nt$ 8 t#e c@ke.” While this does make the precise password more difficult to recall, it’s easier than picking a completely random password that’s 20+ characters long.

Keep it simple by using a memorable line from your favorite book, a special-to-you song title, or the name of your favorite film. This will ensure that the password is easy to recall, while retaining the length you need it to be for maximum security.

Use a Password Manager

A password manager is simply an online tool that helps remember your passwords for you. As well as logging all your passwords to make them easy for you to access, many popular password managers often tie into breach services such as HaveIBeenPwned and will notify you if your credentials have appeared in any known hacks.

Keep a Password Book

While password managers are pretty secure, some people prefer to keep a physical notepad for listing all their passwords. This is a perfectly acceptable practice, provided you make sure to keep it in a safe location and never take it out with you. In any case, a password book still beats using the same one or two passwords for every account you have.

For people who frequently travel, a password book is not an ideal option, especially if the book is stored alongside devices that could be easily lost or stolen.

Enable Two-Step Verification

Two-step verification or multi-factor authentication – when one or other means of authentication are required along with your password in order to access accounts – are among the best ways to keep your accounts secure. Some websites and apps – such as Apple’s Face ID and Touch ID on the iPhone – already have this type of verification built into them for security purposes.

Other authenticating tools, such as the Yubico YubiKey – a physical security key that you plug into your device – and the Authy app – which generates a code you can use in addition to your password – are other good options to try.

Conclusion

In addition to the tips provided above, there are other security measures you can take to further protect your accounts.

Always be wary of emails and texts claiming to be from a familiar service, such as a website or app you use frequently, especially if these messages are asking you to enter your credentials. These types of requests are almost always fraudulent. The sender – likely a hacker in sheep’s clothing – is probably attempting to gain access to your login and password.

Whenever you’re unsure about whether a request of this nature is legitimate, contact your IT department or IT service provider. Don’t compromise your security by careless actions online!

For more cybersecurity tips or to schedule a free IT assessment for your company, contact DataGroup Technologies here or by calling us at 252.329.1382!

Related Posts

Are Your Credentials On The Dark Web?

Are Your Credentials On The Dark Web?

Would you hand over your password to a complete stranger to log in to your bank or investment account? What about your email or other cloud service account?

Obviously, no one wants to voluntarily surrender their credentials to crucial accounts such as these. But every day, many users – potentially even your customers or team members – may be doing something equally as perilous.

We’re constantly being admonished not to use the same password for multiple accounts. At the same time, having an ever-increasing number of applications means also managing an escalating number of accounts.

Recalling individual passwords can be a hassle – if not implausible. A password manager can help. Ultimately, though, the most formidable threat of all is credential exposure.

What Is Credential Exposure?

Credential exposure is when a company in possession of your login information is breached – that is, personally identifiable information is publicly disclosed – and the attacker is able to access these account records.

If maintained inappropriately by the company being breached, those accounts can be laid bare, giving the attacker easy access to your login information.

Due to the fact that most applications now default to an email address for the username, and many people reuse the same password across countless applications, it’s not difficult to see how this can swiftly wreak havoc.

All of this may well leave you speculating about what steps you can take to defend yourself from dark web breaches. Here are a few commonsense approaches to keep your assets protected.

Implement Multi-Factor Authentication

The first thing you can do to safeguard your credentials is to implement multi-factor authentication (MFA) on any account that supports it. Resign yourself to using that authenticator app regularly – the additional time spent during logins will outweigh the time you’ll spend recovering from a data exposure which results in a compromised account.

There are a variety of free and paid options, including Microsoft’s Authenticator app, which harmonizes with the Office 365 and Azure infrastructure that many organizations are already using. This is the first of many measures to take and should be standard operating procedure in your office. 

Use A Secure Password Manager

While there is a degree of risk connected with storing all your credentials in a single location, the benefit of having the password manager create and remember strong passwords is worth that risk for most users.

In addition, many password managers provide the means to safely share a password with another user, detect who has gained access to a password, and make sure that you are aware of which passwords need to be updated in the event that someone who has previously accessed a password leaves your company.

Perform A Dark Web Scan

There are a number of tools available that can execute a dark web scan – i.e., searching the results of publicly shared data breaches where credentials were exposed. Not only can these resources notify you of any exposures associated with your email account, they can also make you aware of the password which was exposed so that you know to refrain from using that one in the future.

Ensure That Your Product Set Is Secure

You need to ensure that the software you use with your clients is secure. Solutions such as single sign-on (SSO) allow you to access a specific program’s entire suite of products via one secure login, making it easier for you to set up and connect products, as well as manage your account.

Don’t Recycle Compromised Passwords

Lastly, it’s essential to bear in mind: if your credentials have been revealed publicly, you can never use that password again. Once that password is part of a public list – particularly one that’s associated with your email address – you can safely assume that it will also be included in a future attack.

If you use passwords similar to the one that was compromised, you’ll need to change those, too. The risk is too great to even contemplate reusing it; and any other account that uses the same password should be immediately updated as well.

Keep in mind that this isn’t personal. You may not have been the cause of the exposure, but that credential is now public. There’s no indignity in something you can’t control, but taking appropriate action after the fact is the only way to defend yourself going forward.

Final Thoughts

Keep these tips in mind when using and reviewing your login credentials in order to protect your assets from exposure on the dark web. Remember, every precaution you take today is one less risk to manage later.

Are you curious to find out whether your credentials are already on the dark web? We can perform a dark web scan for you! Call us at 252.329.1382 or visit dtinetworks.com today to see how we can help you #SimplifyIT!

 

*************************

An earlier version of this article appeared on the ConnectWise blog.

Related Posts

Computer Security Day: 8 Tips to Bolster Your Business’s Cybersecurity

Computer Security Day: 8 Tips to Bolster Your Business’s Cybersecurity

In 1988, the Association for Computer Security established the first Computer Security Day to raise awareness about cybersecurity issues. Computer Security Day encourages people to take ownership of their online presence and identity. Taking the time to review computer security best practices can help individuals and organizations avoid compromised data and other unwanted scenarios.

In celebration of this day, here are 8 tips for bolstering your computer security:

1) Update Passwords on All Your Devices

Take the time to change the passwords on all your online accounts. This is something that should be done on a regular basis anyway, but if you’ve neglected to do so recently, today is as good a time as any.

Avoid using the same passwords across multiple accounts and devices. Reusing the same or similar passwords over a period of time can put you at greater risk of being hacked. Ideally, you should create a different password for each account that you use on your various devices.

It probably goes without saying, but it’s never a good idea to share your passwords with others, even people that you trust. You can’t know for sure that they will keep your credentials as secure as you would yourself.

2) Create and Use Strong Passwords

When it comes to password security, length matters. Passwords that are 6 characters or fewer are much easier to hack, particularly if they consist of only lowercase letters. To strengthen your password, create a complex, unique mixture of upper and lowercase letters, symbols, and numbers that is at least 9 characters in length.

A password manager can help generate unique passwords for each of your online accounts. At the same time, this useful tool can save all your passwords in one convenient location, so you don’t have to remember them each time. You can also take advantage of Password Checkup, a Google Chrome extension that warns you when it detects you using compromised, duplicate, or weak passwords. As another option, consider using the tool How Secure Is My Password to test the strength and “hackability” of your passwords.

3) Keep Your Software and Hardware Up-to-Date

Make sure that all software – for your operating systems, browsers, programs, applications, etc. – is updated with the latest versions available. When you’re all set with that, it’s time to update your protection software, including spyware, antivirus, and antimalware software. Run a security scan not only on your computers, but on your smartphones and tablets as well. Mobile devices are as much at risk, if not more so, than your desktops or laptops.

It’s crucial to check on the status of your hardware as well. Outdated hardware may not support recent software security upgrades, and also responds slower to cyberattacks, in the event that one should occur. Better to be safe than sorry and upgrade your hardware while everything is smooth sailing.

4) Encrypt and Back Up Your Data

Keep your data secure and confidential – whether it’s being stored or in transit – by encrypting it. Encryption uses complex algorithms to scramble your data and make it unreadable, ensuring that only an authorized person can access the data.

Create a backup copy of all your sensitive data on a portable storage device – such as an external USB or hard drive – and store it in a safe place. Alternatively, you could upload your backed-up data to a cloud-based storage solution such as Google Drive. It’s important to keep your data backups up-to-date and test them periodically.

5) Implement Multi-Factor Authentication

Many online platforms now allow you to enable multi-factor authentication in order to keep your accounts more secure. Multi-factor authentication offers an additional layer of protection by helping to verify that it’s actually you who’s trying to access your account and not an unauthorized user.

6) Be on the Lookout for Social Engineering Attacks

Social engineering attacks are difficult to counteract, as they’re specifically designed to take advantage of natural human characteristics, such as curiosity, respect for authority, and people’s desire to help their friends. Anytime you receive a suspicious email, it should be treated as such. Take a moment to think about where the communication originates from; don’t just trust it blindly.

Often, social engineering depends on a sense of urgency. Attackers hope that targets won’t think too hard about what’s going on. Thinking twice before taking any action can prevent most social engineering attacks and expose them for what they are – frauds.

7) Don’t Leave Your Devices
Unattended

Despite what you may think, locking your office is not enough. If you use a laptop or desktop computer at work, you should always power it down at night. Additionally, whenever you leave your office for the day, you need to lock up your memory keys, hard drives, and anything else that has sensitive data on it.

8) Educate Your Employees About Cybersecurity Awareness

Cybercriminals are specifically targeting your employees when they send out phishing emails in attempting to steal information. Through training and awareness, you can help your employees better recognize fraudulent emails when they encounter them. In so doing, you can significantly reduce the risk of your employees surrendering sensitive data to those who would deliberately misuse it.

Onboarding training and continuous updates help create a human firewall between your company’s information and security threats. Employees need to understand that cybersecurity is every bit as much their concern as it is the concern of your technology experts.

DataGroup Technologies offers a wide variety of cybersecurity solutions to help protect your business against cyberthreats like malware, phishing, ransomware, man-in-the-middle attacks, social engineering, and distributed denial-of-service attacks. Are your company’s data and that of its customers fully protected? How can you be sure? Partner with us and we can help safeguard your business against all these and more! Call us today at 252.329.1382 or drop us a line here.

Related Posts

How To Secure Your Business Website In 2022

How To Secure Your Business Website In 2022

If you have a booming business website that’s raking in profits and helping you establish your brand, that’s great! However, you still need to make sure your site is protected from hackers and trolls who might want to tarnish your image. To ensure continued success and prevent bad actors from appropriating your intellectual property, follow these tips to help better secure your business website.

What Is Business Email Compromise?

According to TechRepublic, business email compromise (BEC) is “a sophisticated scam that targets companies and individuals who perform legitimate transfer-of-funds requests.”

Through the use of social engineering or malware, cybercriminals will masquerade as one of the individuals involved in these money transfers to trick the victim into sending money to a bank account owned by the cybercriminal. Once the fraud is exposed, it’s often too late to recoup the money. Scammers are quick to relocate the money to other accounts and withdraw the cash or use it to buy cryptocurrencies.

However, the scam is not always associated with an unauthorized transfer of funds. One BEC variation involves compromising legitimate business email accounts and requesting personally identifiable information (PII), wage and tax settlement (W-2) forms, or even cryptocurrency wallets from recipients.

How to Protect Your Business Against BEC Attacks

In the public service announcement, the FBI offers several suggestions for businesses to adopt to better protect against business email compromise attacks.

  • Use secondary channels (such as phone calls) or multi-factor authentication to validate requests for any changes in account information.
  • Ensure that URLs in emails are associated with the businesses or individuals from which they claim to be originating.
  • Keep an eye out for hyperlinks that contain misspellings of the actual domain name.
  • Steer clear of providing login credentials or PII of any sort via email. Bear in mind that many emails requesting your personal information may appear to be legitimate.
  • Verify the email address used to send emails – especially when using a mobile or handheld device – by making sure the address appears to match that of the purported sender.
  • Enable settings on employees’ computers to allow full email extensions to be viewed.
  • Monitor your personal financial accounts routinely for irregularities, such as missing deposits.

What to Do If You or Your Company Should Fall Victim to a BEC Attack

According to TechRepublic, business email compromise (BEC) is “a sophisticated scam that targets companies and individuals who perform legitimate transfer-of-funds requests.”

Through the use of social engineering or malware, cybercriminals will masquerade as one of the individuals involved in these money transfers to trick the victim into sending money to a bank account owned by the cybercriminal. Once the fraud is exposed, it’s often too late to recoup the money. Scammers are quick to relocate the money to other accounts and withdraw the cash or use it to buy cryptocurrencies.

However, the scam is not always associated with an unauthorized transfer of funds. One BEC variation involves compromising legitimate business email accounts and requesting personally identifiable information (PII), wage and tax settlement (W-2) forms, or even cryptocurrency wallets from recipients.

What to Do If You or Your Company Should Fall Victim to a BEC Attack

Cybersecurity has never been more important. We live in an increasingly connected world, which enables cyberattackers to constantly find new ways to carry out digital attacks. Even the most vigilant business owners and IT managers can become overwhelmed with the stress of maintaining network security and protecting their data.

These increasingly advanced cyberattacks create unprecedented situations of data breach and money extortion. The tools that hackers use are getting smarter and stronger every day. If you’re not proactive about protecting your network, your business will become a target of cybersecurity attacks.

DataGroup Technologies, Inc. (DTI) offers a wide variety of cybersecurity services to help protect your business from cyberthreats, including security risk assessments, email security solutions, web/DNS filtering, next-generation firewalls, network security monitoring, operating systems/application security patches, antivirus software, and security awareness training. If you’re not 100% certain that your business is protected from cybercriminals, contact us today at 252.329.1382 or message us to find out more about how we can help #SimplifyIT!

Related Posts