The Cybersecurity Dangers Of Employees Oversharing On Social Media
How many of your employees do you think overshare on social media? Only one? Maybe a handful at most? The real numbers might surprise you!
According to Help Net Security, 93% of workers overshare online. That’s exactly why hackers love social media. Social media is a gold mine for hackers on the hunt for personal data. They use the things you and your employees are posting online to figure out passwords and to find answers to common security questions used to authenticate identity.
So, how do we ensure personal data protection when employees are giving away the proverbial farm online? Let’s explore everything you may want to consider keeping your company protected regardless of what’s being shared on social media.
What Is Oversharing On Social Media?
As the name suggests – oversharing is when your employees share too much information on social media. The personal sensitive data shared by your employees doesn’t necessarily have to be about your company to be flagged as security warnings.
Oversharing takes on other forms as well.
When employees take quizzes to determine things like which character they would be on the show Friends or which animal is their soul animal, they often enter personal data in these quiz forms that identifies them as well.
Arguably the most dangerous way of oversharing is when employees explicitly give information away. Sensitive personal data revolving work like work hours, company software, and policies just floating around the internet can cause serious damage. For example, an employee adding a geotag that happens to be the address of the SCIF room on Instagram, or complaining they will be stuck alone in the security office until 2 a.m. With oversharing like this, you don’t even need a hacker to cause trouble.
How Oversharing Can Harm Your Company
Oversharing and Leaking Security Questions
Something as harmless as a cute puppy photo could reveal sensitive personal data. The same applies to when your employees take pictures of their kids. And again when they tag their mom in a new post. At a first glance, it’s almost absurd to consider these possible threats – right? Wrong.
These “harmless” posts could reveal the answers to security questions. Looking at the three scenarios above where the employee likely added a caption, we’ve got a dog name, the name of their kids, and the name of a parent.
These are three of the most common security questions that you’ll see when you make an account on most platforms. With the correct answers to security questions, a hacker can bypass password requirements, change passwords, and potentially hack into the company system as a whole. Bottom line – oversharing could very well lead to identity theft and so much more.
Oversharing and Spear-Phishing
Clicking on a phishing link can lead to a whirlwind of consequences, most of which involve sensitive personal data being violated. Hard to remove applications like spyware, malware, and ransomware are installed when phishing links are clicked. Even worse, these malicious applications are often unnoticed by the average computer user.
How does oversharing lead to spear-phishing? If your employees share their personal or work email addresses on their social profiles, hackers will know that the email is live and have all the personal information necessary to create a convincing phishing link. These highly personalized spear-phishing links aren’t obvious and can be mistaken for legitimate links until it’s too late.
Oversharing and Robbery
Posting selfies may be harmless on some occasions, but they can cause a lot of trouble if the real-time geolocation feature is enabled. If a robber is deliberately targeting your company, they may choose to follow most of your employees on their social profiles. A bad actor can then create a schedule and determine when most of the employees are away from the workplace. That’s when they could potentially strike.
Employees may also accidentally leak other confidential information (e.g. passwords, credit cards, etc.) on their social profiles. This can further a company’s chances of being both physically and digitally robbed.
Proactive Approaches To Reduce Oversharing
Oversharing can jeopardize a company’s intellectual property, current and future clients, and reputation. That’s why it’s so important to take a proactive approach to ensure employee personal data protection.
Enforce Company Wide Training Regularly
Before an oversharing dilemma blooms, nip it in the bud as quickly as possible by training your employees. Plan out trainings to highlight the dangers of oversharing, how to refrain from sharing sensitive personal data, and how to identify threats like spam, phishing attacks, malware, and so on.
Training should cover best practices for general security, such as using unique passwords and setting up 2-factor authentication, along with the common signs of an infected computer. For the best results, it is recommended that believable scenarios are used during training. This will help employees be better prepared when a real threat comes into play.
Offer Clear Communication
By explicitly communicating what you want from your employees, they don’t need to do any guesswork. In a social media security strategy, clearly lay out:
- Necessary training requirements
- What counts as oversharing
- What employees can and can’t post on social media
- Disciplinary actions that may result from oversharing
Part of clear communication is also asking for feedback and listening to what your employees have to say. When creating and distributing social media security strategies, it’s critical to ensure those in management are approachable and open to discussing oversharing-related policies.
Keep A Watchful Eye and Utilize Tools
A combination of network monitoring, system anti-viruses, and data protection technology should be used to keep you and your employees safe. This watchful eye approach is necessary for both legal liability and business success in our modern era. IT and security teams may want to monitor the full social media spectrum of employees to mitigate threats before they manifest.
How To Find The Best Tools For Company Protection
While proactive approaches can reduce the amount of security stress that your company faces, those approaches can not 100% eliminate these threats. To accommodate for these uncertainties, most companies will want to invest in personal data protection tools.
Tools like website security software and malware removal tools are especially important to ensure that data is kept confidential and that everything remains secure.
When deciding on the best software to purchase, some features that you should look for include:
- Automatic backups
- Automatic patching
- Automatic virus removal
- Risk scores
- 24/7 real-time customer support
- Malware scanning
- SSL scanning
- SQL Injection scanning
- Spam scanning
- DDoS protection
- Backdoor protection
- Malicious bot protection
As exciting and entertaining as social media might be – it has very real and tangible risks that can jeopardize your company’s confidential data. You’ve spent years building up your company, and it would be a shame for something major to happen over something as “innocent” as a social media post! Train your employees, and use the right tools, and hopefully you can keep bad actors at bay.
Posted in: KnowledgeBaseLeave a Comment (0) ↓