For both businesses and individuals, the dark threat of cybercrime is ever present – and increasingly comes disguised in many forms. In 2017, global businesses were badly hit by ransomware, a type of malware that leaves IT professionals and business leaders watching helplessly as computer systems are taken over. This year, another major threat, dubbed ‘social hacking’, will sit alongside ransomware as a major cybersecurity trend to watch.
Put simply, social hacking refers to the act of manipulating outcomes of social behaviour, often by gaining illegal access to private or restricted information. Within the fast growing sphere of cybercrime, social hacking is an element of social engineering – whereby hackers use some form of psychological manipulation to trick unsuspecting users or employees into handing over data (passwords, financial information, business IP, etc.).
Today, the most sophisticated social engineers breach highly complex security systems with minimal use of a computer. Instead, they rely on a range of skills and instincts that span psychology, emotional intelligence and in-depth knowledge of IT systems. Harnessing both psychological and technical savvy, these hackers trawl the Internet – treating the web as a honey pot of juicy information. This information, which includes the personal details often revealed on social media accounts (birthdays, family names, job titles), is then used against individuals and businesses through deceptions (or redirection through other channels, such as on the phone or in person).
According to analysts, social hacking is on the rise – and education, coupled with robust cyber security tools, will be critical…
Step One – Train Employees & Drive Awareness
Employees are the weakest link when it comes to the psychological battlefield of social hacking, so training is imperative!
Businesses of every size and across sectors should invest in bi-annual training (at minimum) that is geared towards each user group (end-users, IT staff, managers, etc) so that everyone is aware of the latest attacks and methods. In addition, employees should undergo regular ‘testing’ by having an outside party conduct a social engineering hack.
Step Two – Develop a Social Sharing Policy
Without a doubt, employees need to be made aware that what they post online might compromise the company they work for – and themselves. With this in mind, developing a social sharing policy is necessary to keep both individuals and companies safe.
Step Three – Secure Social Media Accounts
As mentioned above, social hackers make a point of combing through information on social media accounts. Naturally, these accounts are also vulnerable to being hacked directly. With this in mind, here are some tips for keeping your accounts secure:
Shut down the accounts that you’re not using. Forgotten social media accounts may be compromised without being noticed. Hackers can leverage these and access other accounts linked to it, such as your email.
Find out which apps are connected to your social media accounts. Do you use Facebook or Google to sign in to any other applications, for example? Assess if this type of access is necessary!
Employ good password hygiene. For example, use different passwords for your social media accounts, and also make sure that each password is complex and unusual. Enabling 2FA for all your accounts can prevent unauthorised parties from accessing your accounts.
Use a unique email address for your social media accounts. If possible, create a whole new email address specifically for social media accounts – so that if you are compromised, the hackers cannot gain access to any valuable information.
By Colin Thornton, Managing Director of Turrito Networks and Dial a Nerd