Your employee’ social media account was hacked. How does it affect you?
"Social media accounts hold A LOT of personal information including full names, email address, phone number, date of birth, place of birth, place of work (that's your business!)..."
Did you know that social media accounts are one of the favorite targets for cybercriminals? You may think cybercriminals would prefer to hack online banking accounts or shopping accounts, but that doesn’t seem to be the case. Here’s why: Social media accounts hold A LOT of personal information including full names, email address, phone number, date of birth, place of birth, place of work (that's your business!) high school attended, names of family, friends and pets, anniversaries, and more...which means, they are basically gold mines of Personally Identifiable Data (PID). Plus, if you play games and have your credit card details saved, there’s more information and better the chances for the cybercriminal to commit fraud. All of this data can then be used to hack into other accounts of the user, including financials. So, hacking into someone’s social media account can help cybercriminals gain entry into other, more ‘useful’ and secure accounts.
But, how does it matter to you, as a business? If your employee’s personal social media account is hacked, it shouldn’t affect you, as a company, right? Wrong...here’s how it can affect you:
If the employee whose social media account is hacked is the administrator of your company’s official social media handles, you are in big trouble as hackers will gain access to your company account and consequently to customer information, because you may be having clients who follow your business account on social media. The whole situation can result in a lot of damage to your business and brand reputation and also result in penalties and possible lawsuits.
Even if your employee doesn’t handle your company’s social handles, the hackers may have enough of their PID to try and pry open a small entryway into your IT network.
You can avoid such mishaps by:
Training your staff on social media and cybersecurity best practices, including advanced privacy and permission settings for social media accounts
Ensuring your employees are able to identify and steer clear of phishing and social media frauds
Helping your employees understand the importance of practicing good password hygiene across all their online accounts - social, work and personal.
Ensuring they realize that their Facebook or LinkedIn account is not ‘just another online socializing platform’, but an actual gold mine of information and only those who they really trust should be able to access them.
Sharing regular Day Zero Alerts and relevant news articles with your staff that keeps them updated on the latest modus operandi and happenings related to cybercrime
Your managed IT services provider will be able to help you in organizing and conducting these kinds of training and awareness sessions at regular intervals for your staff.
If you would like additional tips and info about protecting your business, drop me a line!