Cyberthreats facing your business are nothing new. But what is new is the way hackers are getting into your system. If you thought celebs were the only people at risk for social cyberattacks, think again. Your business just got sent straight to the top of the social media hacking list.

We’re here to help you do something about it.

Phishing via Social Engineering

What It Is: Just like normal phishing, except rather than email, hackers target you using social media.

How to Defend Against: The key here is the social engineering element and how it’s used on social media to target your business account or employees’ accounts. Your teams know not to send confidential login info to suspicious emails, but what about emails sent from social platforms? Odds are high that your employees, much like everyone else, sign into their social media accounts on their business devices. Hackers have realized this and are now targeting specific business networks through their employees’ social media accounts.

To keep this cyberthreat from damaging your business, train employees on how to spot phishing attempts for email AND social media. Train them to recognize the difference between official Facebook password reset emails and fake ones. Have employees reset their current passwords to more secure versions. Provide details on which computers or devices should never be used for personal social media accounts for enhanced security. Restrict admin access for your business social media pages to as few people as possible and provide in-depth training to the few remaining on how to spot phishing attempts on Twitter, Facebook, LinkedIn, and other social platforms.

Enhanced Spear-Phishing via Social

What It Is: Similar to phishing, but requires no information from the victim. Simply requires a link to be clicked. But rather than email, this is done through social media platforms. The additional enhancement? Hackers are now impersonating victim’s family members, friends, or content that the victim engages with regularly to get them to click the link. Spoiler: It works. Really well.

Recent Case: The U.S. Defense Department

How to Defend Against: Ok, so you know how to stop phishing social cyberattacks, but what about spear-phishing cyberattacks? Rather than waiting for your employees to send over confidential social media login info, hackers create bot or spoofed accounts that post or share links infected with malware to targeted social media users.

Hackers are now formatting these links to appear like the typical content victims engage with on Facebook or Twitter. They are also searching your timeline, news feed, and friends list to have the compromised link sent from the people you regularly engage with and trust. Which, you guessed it, dramatically increases the odds that the attack will be successful. Cybersecurity firm Zerofox released a report claiming 66 percent of spear phishing attempts sent through social media were opened, compared to only 30 percent of spear phishing email attempts.

So how can you train employees to recognize a threat that can appear as anything on their social pages? Like a message from their mom on Facebook or a tweet from their friend with a link attached? It’s hard, but not impossible. Provide comprehensive cybersecurity awareness training. Have IT walk your employees through this type of cyberthreat and the various forms it can take. Advise employees to implement the most private setting available for all active social media accounts. Have all employees update their social passwords to more secure options. Eliminate admin access to your business social media accounts to as few people as possible and ensure they are properly trained on how to spot spear-phishing social cyberattacks. Consider blocking social media platforms on work devices for enhanced security or requesting employees not post or tag their employer on their respective pages. This will reduce the likelihood of your business being targeted by social cyberattacks by making vulnerable employee accounts harder to find or identify.

Bye Bye (Twitter) Birdy

Having your business quit social media isn’t an option for most (especially since having an active and engaged social media page boosts SEO…) and employees will definitely not respond well to being asked to delete their respective accounts (cue internal rioting). But rather than crossing your fingers and hoping for the best or saying goodbye to that cute, blue Twitter bird for good, implement these cybersecurity safeguards to better protect against the evolving threat of social cyberattacks.

If you lack the specialized cybersecurity talent you need to do so, contact Mondo today. We have the experts you need to spot cyberthreats early on and prevent successful cyberattacks on your business.