The age of social media has been a long time coming; it is an invaluable tool for socializing and staying in touch with friends and family. Our social media presences are extensions of our real-life existences, so much so that according to Kepios, Filipinos spend an average of 10 hours a day glued to the internet, with social media taking up a solid 4 hours of that time.
Social media use has opened a new vector of attack for companies from malicious actors seeking unauthorized penetration of their systems. Social media platforms exist to turn a profit and while users of social media do not get charged the product is far more valuable than any fee: their data. Everyone’s information has value to someone and the more information one puts into platforms, the greater value it has both to the platform and potentially malicious actors. One needs not to be rich/or famous for their information to possess value: professional information can be used for unauthorized access to your bank account, and your data can be sold by some entities to organizations you don’t expect nor explicitly consent to.
Apart from the information platforms required to build a profile, what a person shares could also form a vector of attack. It opens a user to voluntarily sharing details of their personal as well as professional lives. This opens up a person to attacks by spear-phishing where malicious actors string together bits and pieces of information to create a realistic email where a target hands over security credentials. Sharing too much information also opens up users to attacks of social engineering where the malicious actor pieces together information from a user and infer one’s credentials from there. They can also use relationships built in your social network to compound the attack and gather information about more targets.
In the age of big data, malicious actors are also using analytics and large pools of data from a single user to aggregate information across multiple platforms. Thus, a single data breach or incident can compound and leverage relations to create more attack vectors. They can spread malware, impersonate you or your organization and ultimately compromise official company communications.
Lastly, accessing social media and other apps through work devices. This might be innocuous but accessing the wrong link or giving permissions to a bad app could be devastating to an organization.
Like most things, using social media entails a background baseline of risk, and being smart and responsible does plenty to reduce this. Be mindful of the permissions you grant to apps, especially if you’re accessing from different devices. Share what needs to be shared, and avoid talking about work and unnecessary personal information on social media. Verify and think before you click; run things through HR or IT when work communications are in coursed through unauthorized channels. These things can do wonders.
Crafting good privacy and social media use policies that balance engagement and security are key. Companies would also be doing themselves a favor by investing in active monitoring solutions to ensure bad actors aren’t leveraging their employees’ and organizations’ data.
eWeek, 2021. 5 Ways Social Media Impacts Cybersecurity.
Cox, J., 2020. How the U.S. Military Buys Location Data from Ordinary Apps.
Burt, J., 2021. Phishing Campaign Used Morse Code to Evade Detection: Microsoft.
Proofpoint, 2022. What is a Social Media Threat?.
Hiter, S., 2021. Big Data Trends in 2022 and The Future of Big Data.
Maguire, J., 2018. Big Data and Cambridge Analytica: 5 Big Picture Truths.