Commentary Addressing Risks and Opportunities Through the Lifecycle of Data, Technology, Advertising and Innovation

Data Counsel

Home | Data Counsel

Businesses Vulnerable to Employees&rsquo; Social Networking Activity
Authorship Credit: <a href="http://www.bakerlaw.com/gregoryssaikin/">Greg Saikin</a>
The FBI has issued a fresh warning to all users of internet-based social networking, informing them that hackers&mdash;ranging from con artists to foreign government spies&mdash;are looking for every opportunity to exploit the users&rsquo; identifying and related personal information.&nbsp; The FBI reports that these tactics present serious risks to both the users and their workplace.
Per the FBI, hackers are carrying out two general tactics, which are often combined.&nbsp; Hackers are: (1) exploiting personal connections through social networks&mdash;these hackers are also known as &ldquo;social engineers&rdquo; for their ability to manipulate users through social interactions over the phone, in writing or in person; and (2) writing and manipulating computer code to gain access or install unwanted software on your computer or phone.
&ldquo;Once information is posted to a social networking site, it is no longer private,&rdquo; the FBI warns.&nbsp; &ldquo;The more information you post, the more vulnerable you become&hellip;The more information shared, the more likely someone could impersonate you and trick one of your friends into sharing personal information, downloading malware, or providing access to restricted sites.&rdquo;
In many cases, hackers are impersonating social networking users with the intent to target the user&rsquo;s workplace. &ldquo;Spear phishing,&rdquo; for example, occurs when a hacker poses as the user in an email to the user&rsquo;s co-workers. The hacker&rsquo;s email contains a link or file with malware and only one recipient needs to open the email&rsquo;s link or file to launch the malware in the business organization&rsquo;s network.&nbsp; In turn, the malware could provide the hacker with valuable information concerning the business&rsquo;s security measures and trade secrets, as well as give the hacker an even greater ability to &ldquo;social engineer&rdquo; other employees within the organization.
In addition to &ldquo;spear phishing,&rdquo; the FBI also warns about other hacking schemes, including &ldquo;baiting,&rdquo; &ldquo;click-jacking,&rdquo; &ldquo;cross-site scripting,&rdquo; &ldquo;doxing,&rdquo; &ldquo;elicitation,&rdquo; and &ldquo;pharming.&rdquo;
To protect your business against these schemes, the FBI recommends implementing the following preventative measures:
<ul>
<li>Use multiple layers of security throughout the computer network;</li>
<li>Identify ways data has been lost in the past and mitigate those threats by changing behavior of company personnel;</li>
<li>Constantly monitor data movement on the company&rsquo;s network;</li>
<li>Establish policies and procedures for intrusion detection systems on company networks;</li>
<li>Establish and enforce policies concerning what company information employees can share on personal blogs and web pages;</li>
<li>Educate employees about the impact of their behavior on the company and its employees;</li>
<li>Provide yearly security training; and</li>
<li>Ask employees to immediately report suspicious activity.</li>
</ul>
<a href="http://www.fbi.gov/about-us/investigate/counterintelligence/internet-social-networking-risks">View the full FBI report</a>.

FBI Issues New Warning on Social Networking Risks