Businesses of all sizes have leveraged the power of social media to increase brand awareness and connect with consumers, both locally and globally. However, the rapid growth of social media use has left businesses unaware of the many cyber risks associated with social media.
While some individuals or businesses may be familiar with common cyberspace security issues, businesses must understand social media’s impact on cybersecurity on both a personal and consumer level.
Almost 4.8 billion people worldwide use one or more social media platforms, or just over 59% of the global population. While social media platforms help users keep in touch with friends, connect with customers, and promote businesses, they also increase people’s and businesses’ exposure to cyber threats in the following ways.
While social media has become an essential marketing tool for modern businesses, using social networks also increases a business’s cyber risk of social engineering attacks. Social media channels can increase a business’ attack surface by displaying internal information or employee contacts that cybercriminals can use to execute phishing attacks, credential theft, data theft, or other scams.
The same applies to the personal social media accounts of employees. Every post in each social media profile connected to a business could contribute to a cybercriminal’s ability to use social engineering techniques or other methods to compromise business systems and data. Once a digital profile is created, information is typically visible to the public. The more information the user uploads, the greater the risk of cybercrime.
An example of this is when cybercriminals target social media users using fake accounts to trick unsuspecting users into providing personal information or access credentials or clicking links that download malicious software.
If an employee has their social media account hacked or stolen and they also have access to the business social media account, it could be
People who post frequently and with personal information on social networking sites pose a particular threat to businesses. Not only can they put themselves at risk by sharing confidential information — such as travel plans, business data, or patient information — but they also provide cybercriminals with a library of information they can leverage in the following ways:
Social media connections can pose another cybersecurity risk because user engagement — likes, shares, and comments — exposes relationships useful to cybercriminals attempting fraudulent activity, such as phishing, spoofing, and impersonation.
Exposure to a user’s social media relationships also increases cyber risk by allowing cybercriminals to make inferences about the user. Even if they have hidden their interests, location, and other information, analysis of a user’s profile can lead to potential identity fraud or theft.
Some popular quizzes and puzzles on social networking sites provide cybercriminals with information to help them achieve unauthorized access to respondents’ accounts.
Fun or psychological online tests may initially seem harmless, but even those not maliciously designed still collect personal information, such as maiden names and first pet names. Personal preferences are not exempt either, and they’re frequently examples of security questions commonly used for password and account recovery.
When a user has profiles on several social networking sites, this can help a cybercriminal build a more complete picture of who they are, which can help them launch an attack against the individual or the business with which they are aligned.
Social networking apps make it very convenient for people to use social media on the go. The average user spends about 2.5 hours daily on social media, most through mobile devices. About 35% of the US population only uses social media via mobile apps.
This introduces the risk of information being stolen from lost or stolen devices. Many users enjoy the convenience of connecting to social media with a single tap, but dedicated cybercriminals or opportunists can also enjoy this convenience, accessing other people’s social media accounts without requiring authentication.
From here, the bad actor can access personal data, sometimes including credit card data, confidential business data, customer lists, or other more sensitive information. They can also post as the individual or business to commit further crimes, such as distributing malicious links to the user’s connections, launching realistic, targeted phishing attacks against everyone in their friend lists, running scam campaigns, and spearheading other cyber attacks.
