ST. LOUIS, MO (KMOX) - "The more data that you share to the world, the more that can be used against you," says Mieng Lim, Vice President of Product Management at threat management firm Digital Defense by Help Systems. If you routinely post on social media from work, or for work, you could be putting your company at risk.
Lim tells KMOX, cyber criminals are finding new attack vectors through employees' use of social media platforms. "It could be something as innocuous as taking a photo as you're entering the office. That gives a potential introducer, a potential malicious actor, a visual of what that entrance looks like. Are there security controls in place? Is there a badging system? Is there a security guard?"
In a report on social media dangers, Digital Defense says cyber criminals don't care what level you work at within a company, if they can gain access to your data, they can potentially reach higher level executives of your business.
Lim says attention grabbing headlines on social media feeds can give hackers access to your device if you click on a malicious link. "And all it takes is one inadvertent click. It might be a drive-by malware that they install. It might be sending you into all the wrong sites in the future that could cause harm to your personal machine, and of course be able to capture data from your machine that would enable them to take additional malicious action as well." If you use company WiFi for your personal device, or have both business and personal accounts on one device it could leave you and your company vulnerable to hackers.
Other tactics include social media phishing scams where at attacker might reach out to you through private message. Lim says there are also Botnet attacks, that can infiltrate your social platforms and destroy reputations. "Botnets in general may be able to leverage your machine, depending on how it's been compromised to have you liking things that you would otherwise never like."
She also warns about Profile Hacking scams, especially on social media platforms for professional connection. "I don't Link In with anyone unless I've actually physically met them or had conversations with them." Lim explains the risk is that cybercriminals can use real photos and believable credentials, to create a fake profile and entice users to connect, eventually trying to gain more data about your company.
@2021 Audacy (KMOX). All rights reserved.