By Vinod Mohan, Product Marketing Manager, SolarWinds
Organisations today are increasingly becoming focused on cyber-security due to the many data breaches, vulnerability exploits and non-compliance penalties that are unsparingly plaguing one and all. As businesses are gearing up to augment security measures on many IT fronts such as network, systems, endpoints and the data centre, there is not enough attention paid to one of the weakest links in the hackable IT universe – humans. Yes, you, me and all other employees in all organisations who are unaware of the pernicious, yet ingenious ways of social engineering.
Do you know what you are sharing on social media is not actually being used to lure you into a hack trap? You may never know if your new acquaintance on social media is actually a fraudster devising ways to get sensitive information about your work. What if the email that you received from a colleague you are connected to on a professional network is actually a well-crafted phishing message to get you to click on a malicious URL? Although this all this sounds paranoid, these scenarios are of common occurrence, and could potentially affect your organisation.
If you’re wondering where all this is happening and how it’s placing your organisation’s data at risk, start with employee social media activity white at work. It is extremely dangerous to get hacked while at work as it poses a greater security threat to the entire network. You do not want to let a hacker inside your secure network because a click-happy employee unsuspectingly fell for a phishing scam on a social media site.
The Mobile Social Media Menace
Social media doesn’t stop with computers; it continues with handheld devices that employees carry to work. With BYOD gaining more popularity and businesses relaxing policies to allow the use of employee-owned devices on the corporate network, it puts additional onus on IT to lay out a uniform and well-formulated social media usage policy. If employees are going to use their mobiles for social media posting and information sharing from the corporate network, it opens up more channels for cyber-criminals to commit an intrusion. Let’s analyse why this so risky:
• IT teams have no visibility into what corporate data an employee stores in his/her mobile. There could be a saved email which holds sensitive information and stored documents in the phone/tablet storage.
• If WLAN is accessible for employee-owned mobile devices, then the Wi-Fi guest password is stored in the phones, which when hacked and stolen could allow a rogue device to get on to the network.
• IT has no control over the security measures on employee-owned devices: whether there is anti-virus software, whether the apps are updated and patched, whether there are any vulnerable apps, any intrusive malware, etc. There are many different channels for risking data and network compromise via BYOD device.
• A network breach via mobile social access is also attributed to non-compliance and the organisation could end up paying huge penalties.
How to protect against phishing & social engineering attacks
• Educate your employees on the hazards social media exploits via phishing and social engineering attacks.
• Create awareness that every employee could be a victim and contribute to a network breach unless they pay attention to how they are using their IT assets while on the enterprise network and following IT policy.
• Build strong social media access policy for devices on the corporate network – for both workstation endpoints and personal mobile devices.
• Teach your employees how to detect online scams and identify social engineering advances.
• Implement mobile device management techniques to gain visibility and support employee-owned devices on the network. This includes IT administration activities such as mobile asset inventory, mobile software distribution, mobile data protection, and mobile security management.
Enterprise cyber-security is not entirely owned by IT teams. Every employee must have a sense of accountability and be mindful of their activity on the network. Whatever IT assets you have access to, you should secure.
Vinod Mohan is a Product Marketing Manager at SolarWinds. He specializes in understanding IT management technologies and markets. His product marketing expertise spans across network, systems, IT security and helpdesk management.