Cybercriminals have turned to Facebook, Twitter and other platforms to launch attacks aided by employee behavior in social media accounts. Here are a few of the riskiest social media habits to avoid at work:
Oversharing sensitive information
Social media accounts are full of information that are commonly used in security checks for password recovery forms. Birth dates, education histories, family relations, what city you were born in, etc. are often easily found by cybercriminals looking to access your e-mail or other accounts.
Clicking every link
On social media people are likely to click on links that they would usually avoid in an email. Users who don’t read the articles simply “share” them automatically sending unverified links to friends and families and potentially affecting millions of people. More cybercriminals are using social platforms to distribute malware via phishing campaigns, and hijack accounts to distribute ransomware and malicious browser extensions.
Controversial posts
Hacktivists, like the group Anonymous, are known to target individuals and organizations with conflicting social and political views. Employees who draw attention to themselves by posting controversial opinions on public forums could provoke cybercriminals who have a personal agenda. If they post controversial comments from an NSHE IP address (your computer) or with an NSHE e-mail address, they risk making NSHE a target.
Reusing passwords
Not using unique passwords for social media accounts and work accounts makes it easier for a cybercriminal to leverage compromised credentials from social media to access work related applications and systems. In LinkedIn’s 2016 data breach attackers used the credentials from a DropBox employee and were able to access 60 million more credentials because that employee didn’t use different passwords for LinkedIn and work accounts.