When social networks are the gateway for 'hackers' in companies
This Wednesday, June 30, the Social Media Day, one of the digital tools that users use daily in a massive way to inform themselves, communicate and entertain themselves, but that can endanger the security of companies through the theft of personal data Of the template.
According to HootSuite and We Are Social study 'Digital 2021' there are more than 4,033 million users of social media worldwide, which is 13.7 percent more if you compare the figures for April 2020 and April 2021.
Furthermore, lUsers spend more than 2 hours and 22 minutes a day on average on social networks and when they access them, they do so mainly through a mobile device (in 99% of cases).
This ease of access can mean that many users use these platforms while they are in their workday and that the connection is through the company's internet network, which can cause cybersecurity breaches in the company itself through the theft of personal data of the staff.
These gaps can lead to the theft of financial information or credentials linked to the organization or by attacks on the equipment being used, as warned by the Spanish cybersecurity group Excem Technologies, it's a statement.
'Phishing', 'spoofing' or 'smishing'
Identity theft is one of the main avenues of attack by cybercriminals, who use different techniques ('phishing', 'spoofing' or 'smishing') to get hold of sensitive employee information, such as personal data or access credentials.
In the case of 'phishing', the attackers pose as an official body to gain the trust of the user. The 'spoofing'refers to emails and the spoofing of an email header so that the message appears to have been sent by someone or from somewhere other than the actual source, while the'smishing'uses text messages or SMS as a means of communication.
Through the identity fraud cybercriminals launch their attacks of 'malware'. One of the most common are those of 'ransomware'. With this type of malicious code, the 'hacker' kidnaps the user's information and files and will keep them in exchange for a certain amount of money. In this case, if social networks have been accessed from a mobile device for business use, the employee will provoke an attack on the entire corporate network.
From Excem Technologies they point out that there are already several cases of social networks that have experienced a cyberattack that has led to the exposure of a multitude of users' personal data. In most cases, personal files end in the dark and deep web.
These two versions of the web are the layers of the internet that occupy the most space, but which are more difficult to access since they contain information that is not indexed to any search engine. In this way, criminals know the credentials of certain profiles that they will use to use later to perform identity theft.
Security measures
Excem Technologies experts recommend companies to establish a series of cybersecurity measures and policies in which social networks are one more factor to take into account, especially by employees. For this reason, they understand that it is essential to carry out training and awareness days for workers, so that they are aware of the danger involved in sharing certain information on social networks. But also use strong passwords and perform an analysis of social networks, which will allow identifying key information or generating suspicious profiles.
