5 security awareness topics you need to know about now – false friends

Avatu - the email security specialists

Organisations can’t stop themselves coming under attack from thieves and other criminals trying to disrupt their business, damage their reputation or steal their data. But they can prepare themselves in better way and minimise the risk.

In this blog, and the four others in the series, we’ll cover five simple issues you need to be talking through with your employees right now. The second subject we cover is social media and false friends.

If you’d like to read all five updates all at once, there’s a link for a download at the bottom of this blog.

2. Social media: false friend?

High profile reports on phishing attacks often focus upon malicious links lurking inside email inboxes but social media phishing is growing in popularity amongst bad actors.

As social media content is often publicly available, a single post containing a malicious URL can often be far more impactful than if it were distributed by email.

It’s certainly a fact that cyber criminals are taking advantage of: around 2% of URLs within replies to Fortune 500 tweets and Facebook posts are now malicious or attempted attacks.

To ensure you avoid being amongst the 13% of organisations suffering a social networking related breach annually, it’s imperative that your security training programme for users highlights that they must be as aware of the phishing threat when using social media sites as they are when scrutinising their email inboxes.

But further dangers could exist in the social media behaviours of the untrained.

58% employees admit that they will willingly accept friend requests from individuals that they do not know.

As a result, any information they share is potentially exposed to hackers.

Are your users conscious that sharing a lunchtime photo of a colleague in the office could potentially reveal confidential data on a nearby screen or secret information from an office poster about a future product release?

Leading security awareness training will draw the attention of employees to the fact that even innocent information posted online could put them and their employer at risk.

Name-dropping their pets, family members or hometown could be just the information that those with ill-intent need to crack a password for a corporate system, particularly if they have the help of a password hint!

Advice from Rob Savage, Chief Technology Officer with Avatu, the information security advisors.

Rob can be contacted on 01296 621121 or email: Rob.Savage@avatu.co.uk Want to know more?

If you missed the any of the other blogs, or if you want to read them all at once, you can download all five pieces of advice here.