Cyber Crime Risks: The Social Media Edition

Social media cyber crime

Use of social media is popular in both our personal and work lives, and this doesn’t look to be changing anytime soon. In fact, it’s a given for businesses nowadays. Most organisations use social media as a tool to help promote their business and engage with customers as a key part of their marketing strategy. However, many underestimate the cyber security risks they could be exposed to.

Between September 2019 and September 2020, email and social media accounted for 53% of attacks in the UK, which shows why it’s important to have an awareness of the potential risks of the use of social media for both the businesses and your staff. Making sure every member of your team is aware in the first place is a great way to start protecting your business. This article explores a few things to be particularly wary of when it comes to social media and cyber crime.

Potential Cyber Crime Risks

Unsecure Mobile Devices

The most common platform on which to access social media is a mobile device. This ease of access means it is important to make sure access control is robust. This can be done by using a personal password, which should be at least eight characters long according to NCSC guidelines, pin code or fingerprint ID to secure your phone.

Unused Social Media Accounts

Deleting unused or unwanted accounts and apps will also help to protect you and your business from hackers, as does keeping track of all activity across active accounts. This ensures you can spot more quickly if hackers are posting counterfeit messages from your account.


Malware can be hidden in many guises from seemingly innocent links via direct message to malicious apps on the app store. Its main goal is often to steal important, personal information from your accounts to exploit. Be wary of which links you click, especially those that are unsolicited. Installing anti-virus software is an easy way to combat intrusive and exploitative malware.

Imposter Accounts/Scams

Deciding whether an account is real or not can be challenging. In 2020, Facebook blocked 1.3 billion fake accounts. Be sure to report or block any suspicious accounts and only add people you already know directly. A suspicious account may have very little information attached to it and limited activity history. Other indicators are small numbers of friends and only one or even no profile picture.

Sensitive Data

Be careful when sharing information or posting pictures from your workplace. It’s easy to overshare and this information may negatively impact your business or your employees. Be respectful when posting pictures of vulnerable employees and don’t share any unnecessary information. Hackers use clever tactics to monitor your social media and can even guess what your passwords may be. Authentication questions with a personal element, such as a pet’s name, often give enough clues for them to join the dots. Often the criminals can easily obtain this data from your social media posts themselves or information that’s visible in the background. A tactic to look out for is questions within ‘memes’. Answering these questions (i.e. your new name is your pet’s name + your mother’s maiden name) could hand personal information straight to cybercriminals.

Personal Information

For small businesses, sharing personal information often helps customers to get to know the business better. However, as mentioned above, it is easy to overshare and put your employees in danger. Make sure you have the permission of employees before posting anything regarding their personal lives. From a security aspect, by sharing personal information, you can make it easier for the criminals to break into accounts. They can then use this data to guess passwords and gain access. For example, a milestone birthday tells the world wide web that individuals precise date of birth.

Privacy Settings

Checking the privacy settings on your social profiles is a swift way to protect your information from data breaches. Double check who can see which posts and which elements of your profile. In fact, it is worth keeping your profile private, with only friends able to view what you are up to. Who can add you? Anyone? Or only friends of friends?

Third Party Quizzes

Links to quizzes often require you to enable unlimited access to your personal information. So, while it may be tempting to find out what character from Friends you are, don’t. It may come at the cost of your own private data.

Four MORE Ways to Stay Safe

There are even more ways to manage your accounts and combat the threats mentioned above. These are as follows…

Social Media Approval

Using both a social media plan for your business marketing, and an approval system will help to stop the wrong posts being shared. Make sure you have the opportunity to review both the text and any accompanying images that may contain personal or sensitive information, especially in the background. If you spot someone’s password on a post-it note stuck to their monitor, there may well be another conversation to be had…

Training Employees

Making employees aware of the risks through mandatory training on media literacy and security is a great idea to reduce human error and increase overall safety on social media. In fact, many schools are considering making digital media literacy a compulsory part of their curriculum in the near future.

Social Media Policies

Although they can seem tedious and time consuming, policies are there to protect you and your business from harm. A detailed social media policy will ensure the accuracy and suitability of shared content, as well as usage of own devices.

Limiting Access

Ensure only the necessary individuals have access to company social media profiles. Fewer people with knowledge of those valuable passwords decreases the likelihood of leaks and also means you’ll know who’s responsible if there are any issues.

Beware the DM

Although being able to privately message via social media has many benefits; it is important to be careful about what information is sent. Be aware that such methods of communication won’t have the same level of security as an email.

Use 2FA/MFA to Protect Online Accounts

2FA, also known as two-factor authentication helps to protect online accounts by using something you have, something you know or something you are – together. Many software providers now offer this technique as an additional layer of protection if password databases are compromised. Users are required to log in with two different methods of authentication. This could be a password followed by a code sent via SMS or email or even via an authenticator app such as those created by Google or Microsoft. MFA (multi-factor authentication), as the name suggests, uses multiple methods to help identify a genuine user. With 2FA/MFA, it is more difficult for malicious actors to gather all the information they need to gain access.

 Social media use is now a necessary part of working and personal life. However, using these platforms does not need to open your business and employees to dangerous threats. Follow the tips above to ensure you and your business have the protection you deserve.

If you would like more advice on protecting your business from security threats, get in touch with SupPortal today.

‘Debunking IT security jargon’ – what does it all mean?

it jargon

Cyber threats can be confusing for those with limited IT knowledge. It’s hard enough to understand how to protect your company, without being overwhelmed by all the jargon too. However, with these threats continuously on the rise, it’s vital that you are doing what you can to protect your business infrastructure.

A cyber threat attempts to disable computers, steal data, damage data or to generally disrupt digital life – is a malicious act. With the average cost of a data breach standing at $3.86 million in 2020 and the average cost of a malware attack increasing rapidly over a five-year period, it’s no small matter.

Cyber attacks don’t just cost money either. The practical impact of data breaches are an important consideration, not to mention the time spent dealing with the aftermath. Plus, let’s not forget the potential damage to the company’s reputation, which could take far longer to rectify.

In this latest blog, we’ll walk you through the top five cyber threats you ought to be aware of (without the jargon).

1. Ransomware

Ransomware is a form of malware (malicious software) that blocks access to a computer system until you have paid a sum of money. Usually cyber criminals encrypt, or scramble (to avoid more jargon!) your data and then demanding a ransom to release it.

Ransomware is an illegal money-making system. Scarily, a 3rd party can install ransomware without your knowledge The installation occurs when clicking on deceptive links in emails, social media messages or websites. As soon as you click the link, the ransomware can infiltrate your network, locking up your files causing devastating effects.

Why do you need to be aware of ransomware? It’s unpredictable, difficult to detect and near impossible to prevent except by avoiding the risk in the first place. In the last year, 40% of businesses across the UK, U.S., Canada, and Germany have experienced ransomware attacks. Of these victims, more than a third lost revenue and 20% had to stop their business completely (Spectrum Internet).

2. Phishing

Phishing is a type of cyber attack where victims are misled into handing over sensitive information or installing malware on their own systems. This can happen using email, phone or text message and involves a person posing as someone they are not. They usually pose as a legitimate company or an individual in need of help.

The level of sophistication being used in these attempts has increased recently, over half of cyber attacks in the UK in 2018 involve phishing (PWC).

3. Data Leakage

Data leakage is also known as slow data theft and is most commonly caused by criminal hacking. It occurs when unauthorised individuals access sensitive data. It can also be caused by poor data security practises or worse yet, by accident! This tends to be the type of incident that reaches the mainstream press.

Cyber criminals often look for personal information they can use for identity theft. They can also identify confidential information such as product details or patents that are vital for a business to be competitive in its market. Credit card fraud is another common use of leaked data.

Risk Based Security (2020) reported that in the US a whopping 36 billion records were exposed through 2020. This is over four times the number of records exposed through 2019. This shows that data breaches are a real problem.

4. Hacking

Hacking is a method whereby criminals look for security weaknesses in a computer system or network. They then expose, change, destroy, disable, steal or gain information from the computer system or network.

The reasons for hacking can vary. Criminal hackers can hack to gain profit, to gather information, to protest or even just for the thrill. They often install malware onto a computer system. Sometimes so-called ‘ethical hacking’ is used (with permission) to test security systems to see how robust they are.

5. Insider Threat

This type of threat involves someone from within the targeted organisation intentionally abusing their credentials to steal information. This could be a former employee, board member or business partner. Surprisingly, it doesn’t necessarily mean they still work as an employee for a company.

Insider threats can be difficult to prevent. Many security systems may be designed to keep purely outside threats at bay. However, with some big-name companies recently targeted such as Facebook and Coca-Cola, it is an increased worry for businesses.

Now you’ve deciphered the jargon, how can you stay protected from these five types of cyber-attack?

As our society becomes ever more dependent on technology, it’s likely that cyber security threats will continue to rise. Prevent attacks and save money by making sure that you have the best security procedures in place.

Here at SupPortal, we won’t bombard you with jargon. Our goal is to work with you implement clear cyber security strategies to help protect your IT infrastructure. Take action today to take preventative measures for your business. Get in touch with SupPortal today.