Businesses Vulnerable to Employees’ Social Networking Activity

Authorship Credit: Greg Saikin

The FBI has issued a fresh warning to all users of internet-based social networking, informing them that hackers—ranging from con artists to foreign government spies—are looking for every opportunity to exploit the users’ identifying and related personal information.  The FBI reports that these tactics present serious risks to both the users and their workplace.

Per the FBI, hackers are carrying out two general tactics, which are often combined.  Hackers are: (1) exploiting personal connections through social networks—these hackers are also known as “social engineers” for their ability to manipulate users through social interactions over the phone, in writing or in person; and (2) writing and manipulating computer code to gain access or install unwanted software on your computer or phone.

“Once information is posted to a social networking site, it is no longer private,” the FBI warns.  “The more information you post, the more vulnerable you become…The more information shared, the more likely someone could impersonate you and trick one of your friends into sharing personal information, downloading malware, or providing access to restricted sites.”

In many cases, hackers are impersonating social networking users with the intent to target the user’s workplace. “Spear phishing,” for example, occurs when a hacker poses as the user in an email to the user’s co-workers. The hacker’s email contains a link or file with malware and only one recipient needs to open the email’s link or file to launch the malware in the business organization’s network.  In turn, the malware could provide the hacker with valuable information concerning the business’s security measures and trade secrets, as well as give the hacker an even greater ability to “social engineer” other employees within the organization.

In addition to “spear phishing,” the FBI also warns about other hacking schemes, including “baiting,” “click-jacking,” “cross-site scripting,” “doxing,” “elicitation,” and “pharming.”

To protect your business against these schemes, the FBI recommends implementing the following preventative measures:

  • Use multiple layers of security throughout the computer network;
  • Identify ways data has been lost in the past and mitigate those threats by changing behavior of company personnel;
  • Constantly monitor data movement on the company’s network;
  • Establish policies and procedures for intrusion detection systems on company networks;
  • Establish and enforce policies concerning what company information employees can share on personal blogs and web pages;
  • Educate employees about the impact of their behavior on the company and its employees;
  • Provide yearly security training; and
  • Ask employees to immediately report suspicious activity.

View the full FBI report.