Workers’ weak social media security practices helping cyber criminals
15 September 2016 |
Workers are putting themselves and their businesses at risk by oversharing on social media, according to a new report.
A survey by Blue Coat Systems found that just 42 per cent of social media users only accept friend requests from people they know - down from 43 per cent in 2015.
Only 40 per cent have changed their profile privacy settings to only allow certain people access, and just 41 per cent always check others' identities before connecting with them.
By failing to restrict access to their personal profiles, workers could be giving cyber criminals a way to collect information on them and their companies to use in social engineering attacks and trick them into handing over money and data.
Only 36 per cent of those questioned said they use a different password for each social media and messaging application, and just 12 per cent said they prefer to exclusively use apps that encrypt their data by default.
IT staff were no better than their colleagues in other departments in this respect, with 39 per cent using different passwords across their accounts and apps, compared to 43 per cent of HR employees and 36 per cent of health workers.
Employees aged between 18 and 24 were the worst age group for password security, with 14 per cent always using the same password, compared to eight per cent of all workers.
Financial professionals were most likely to connect with strangers, with just 37 per cent saying they would only add people they know on social media.
“This research highlights the risks organisations are exposed to due to the behaviour of their employees on social media and messaging applications,” said Robert Arandjelovic, director of Blue Coat product marketing in EMEA for Symantec.
“Social engineering remains a common tactic for threat actors to gain access to business networks, in part due to many employees leaving security holes through poor social media practices. This makes it easier to have an account compromised, and for attackers to move laterally to more sensitive business applications that contain critical data.
“Social engineers hack people, not computers, so it’s important to ensure humans aren’t the weakest link in cyber security. Encouraging employees to protect themselves online, with simple steps such as strong passwords for each application and privacy setting, will help navigate through the complexity of modern day threats.”