With individuals, companies and even government entities increasingly relying on social media platforms and other online forums to create, deliver and receive information, it is perhaps no surprise that such platforms have become a veritable treasure trove for cybercriminals and other ill-intentioned profiteers. Along with other looming cyber threats such as ransomware and cyber espionage, the scourge of ‘social hacking’ is fast becoming a major issue for internet users worldwide.
Social hacking essentially refers to the act of manipulating outcomes of social behaviour, most commonly by gaining illegal access to private or restricted information that is gleaned online. Increasingly, savvy hackers use some form of psychological manipulation to trick unsuspecting users or employees into handing over data (passwords, financial information, business IP, etc.) that ultimately has costly ramifications for the targeted individual or company.
With the Facebook/Cambridge Analytica scandal in mind, in which up to 87 million Facebook users had their data shared to sway political opinion, technology companies are having to relook their data protection and data privacy policies to avoid the ghastly fallout that Facebook and its beleaguered CEO Mark Zuckerberg is now facing. Following the revelation of the ‘data leak’, Zuckerberg was summoned by U.S. Congress to testify before the House Energy and Commerce Committee, where he faced tough questions around the failure to protect user privacy.
Arguably, however, we cannot rely on technology companies – or even governments – to protect us from the dark shadow of cybercrime and the malicious hunt for our private data. It is up to individuals, business leaders and companies to be proactive and to ensure that they are taking every action possible to guard against social hacking and other nefarious acts online.
A good place to start is to establish a Social Sharing Policy. Given the threats that exist daily, employees need to be made aware that what they post online might compromise the company they work for – and themselves. With this in mind, developing a social sharing policy is necessary to keep both individuals and companies safe.
In addition to putting strong policies in place, businesses must invest in education and training. Without a doubt, employees are the weakest link when it comes to the psychological battlefield of social hacking, so education and training are key.
Today, companies across sectors should implement bi-annual training (at minimum) that is geared towards each user group (end-users, IT staff, managers, etc) so that everyone is aware of the latest cyber-attacks and methods. Importantly, employees should undergo regular ‘testing’ by having an outside party conduct a social engineering hack.
Finally, social hackers are adept at gleaning key information from social media accounts. Increasingly, these accounts are also vulnerable to being hacked directly. Securing these accounts must be a top priority for every business and internet user.
Here are the key steps to take:
- Delete the accounts that you’re not using. Forgotten/old social media accounts may be compromised without being noticed, which can have terrible consequences. Hackers can leverage these and access other accounts linked to it, such as your email.
- Learn about good password hygiene. For example, use different passwords for your social media accounts, and also make sure that each password is complex and unusual. Enabling 2FA for all your accounts can prevent unauthorized parties from accessing your accounts.
- Understand which apps are connected to your social media accounts. Do you use Facebook or Google to sign in to any other applications, for example? The less this happens, the safer you are.
- Always use a unique email address for your social media accounts. If possible, create a whole new email address specifically for social media accounts – so that if you are compromised, the hackers cannot gain access to any valuable information.
- Sign up for managed cybersecurity with a reputable managed services provider. They have access to a host of tools that can give your SME enterprise-level protection.