The vast landscape made available to potential cybersecurity threats is increasing.
Because social engineering is such an effective way to attack information systems, and companies are riddled with various ways to interact with those systems, new vectors of social engineering attacks are made possible every day. Think of how many ways in which you communicate online.
There are all kinds of social media available to you and your employees. You’ve got Twitter, LinkedIn, Facebook, Instagram, Google+, YouTube, Yammer, etc, and the list goes on. Then there are all kinds of corporate tools like Skype, DropBox, Outlook, Microsoft Teams, Basecamp, and so on. You text, use WhatsApp, cameras, and read from e-readers.
Add all these together, and you have a network of personal information that’s so large, it’s almost impossible to secure it all. Almost.
There are methods to protect yourself and your business, thus preventing advanced social engineering attacks. You should be changing passwords frequently- but that’s not a wide enough security measure to keep things safe. (We’ve already seen that passwords are basically useless- but no worries, we can help you there too with our Endpoint Security Broker solution.)
Some of the big questions to ask in order to prevent social engineering attacks are: Who’s listening? And who’s watching? Furthermore, how do you find that out?
A social media policy for your company is a good place to start.
This policy should be created for the social media account manager, the blog editors, or the marketing department who create and send public collateral. Take a look at some of the points in these corporate social media policies:
- Adidas
Employees are allowed to associate themselves with the company when posting but they must clearly brand their online posts as personal and purely their own. The company should not be held liable for any repercussions the employees’ content may generate. - Gap
“If you #!%#@# up? Correct it immediately and be clear about what you’ve done to fix it. Contact the social media team if it’s a real doozy.” - The LA Times
The authenticity of what employees post is important. Online journalists should verify questionable content with credible sources before posting or tweeting about it.
However great these examples are, the buck doesn’t stop here. Check out this infographic to learn about other ways to help your organization stay safe.
One last tip? A policy for personal social media use should be created.
Any employee who elects to use personal social platforms should be held responsible for messages they send publicly or privately.
Most end users within your company should also be operating under the principle of least privilege (PoLP). This practice gives them the access they need on their machine, nothing more and nothing less. There are very few people within an organization who need Admin rights. This sits with the SecOps and Ops Teams. Everyone else should have PoLP in place to decrease the risk of user-error.
Lastly, the SecOps team should also set up something the industry likes to call ‘Controlled Choice’.
This is the practice of offering end users a set of options for one piece of software. For example, your company may offer two different ways to listen to music like iTunes or VLC Player and that’s it. Downloading another type of mp3 player would be a violation of the terms your company has set up, giving way for vulnerabilities to be exploited.
By enforcing social media policy, giving end users least privilege, and setting up Controlled Choice, you are helping your business prevent social engineering attacks.
