Social Media Users — the Pitfalls & Passwords That Put Your Organization at Risk

To safeguard your organization from social media risk do the following: block all social media use from your network altogether — done. If only it were that easy! Social media is ever-present and unavoidable in today’s enterprise. When used concurrently with security awareness best practices, it can be a valuable tool to help grow your organization. Trouble is when the average user spends nearly two hours on social media a day, how do you keep Facebook-combing lunchtime users from putting your network at risk.

To hackers, the beauty of social media is the comfort and familiarity it gives end users. This false sense of security plays favorably to a hacker by providing an inherent feeling of trust where instead there should be healthy suspicion. The three most commons social media cybercrimes:

  • Broad-Sweep Scams — Entice users to click links or visit pages that result in drive-by malware downloads and network infiltration
  • Public Hunter Hacks — Carelessly and publicly expose valuable personal data giving social engineers everything needed to craft targeted phishing emails
  • Insider Breaches — When social media is used to exchange and trade stolen information (Security Policy Management)

The second tier of exposure is the casual nature of social platforms themselves. Social media users are often misguided as to how valuable their data truly is or how it can be used to breach a network. The infamous LinkedIn breach that leaked 117 million passwords brought this laissez-faire attitude to light. Once made public, the passwords used by LinkedIn account holders, in a word — pitiful. Security professionals worldwide cringed as they read the top three used passwords:

  1. 123456 (1 million+ users)
  2. linkedin (207K+ users)
  3. password (150K+ users)

My six-year-old has a more sophisticated password on her tablet. Worse yet, researchers at Preempt, a behavioral firewall company, found that 65% (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Jenna Hulbert. Read the original post at: