A new study by ESET UK has warned how employees could be exposing their companies to cyber attacks through their social media accounts.
80% of IT professionals in the poll believe that social media is an easy way for hackers to gain access to corporate networks because it is an area often neglected in terms of network security.
The study, which looked at the attitudes of 200 IT professionals, was carried out in May 2015 and also revealed that 12% of organisations have already had a virus enter their network via social media. But although many in IT are aware that social media can be an attack entry point, simply handing out directions on policy may not be enough - although 56% of respondents revealed that their organisation does have a policy which limits social media usage, 56% admitted that the policy wasn’t actually enforced.
The root of the problem may lie in a lack of employee awareness about the risks - when 1000 employees were also quizzed as part of the survey, 36% said that when their organisation limited social media usage, they believed it was to increase productivity, rather than prevent security threats entering the network. Worryingly, when consumer respondents were asked if they, or anyone they know, has had their Facebook identity stolen or attempted to be stolen a quarter of respondents said yes.
'Social media is often entirely overlooked within an organisation’s security posture because it is not recognised as a threat, this however is wrong. Hackers are continuously looking for ways to access corporate networks, and social media can often be an open door,' said Mark James, security specialist at ESET UK.
'Cyber criminals use social media as a way to sneak malware and exploits past corporate firewalls, and scammers also trick social media users into visiting sites which they think are legitimate in a bid to steal information. However the biggest concern is that IT professionals have no visibility into what their employees are doing on social media and if the pages they are visiting pose a threat to the organisation.'
The study also warned of Facebook 'like-hacking' scams that trick users into posting a Facebook status update for a site they did not intentionally mean to like, which then enables the spreading of hoaxes and spam. These types of scams, said James, are very common and usually involves an enticing video and that directs users to a compromised website, which then tries to install malware on their computer.
Like-jacking is a big threat to consumers and they should be cautious about what they are liking on social media sites as it can be a lot more harmful that they would think, continued James. But when employed consumers were asked if they would unlike a page of Facebook if they realised it was a scam and 12% said they would not as there would be no point.