Most people believe they are invincible to cyber crime simply for the fact that it maybe hasn’t happened to them yet, or possibly because they think they can easily recognise a scam when they see one; this isn’t always the case. Cyber Crime is increasingly becoming more sophisticated and in some cases so much so that it’s hard to tell the difference between what’s genuine and what’s a scam.
There are tactics cyber criminals use now where they can imitate genuine email addresses within a business, so why would anyone question Bob, the Human Resources Director who just left for lunch asking his secretary via email for a quick money transfer whilst he’s out. What makes it much easier, however, for cyber criminals to appear more genuine and realistic in this situation is social media.
When employees update their social networks and constantly tell their followers, and really the entire world, what they ate for lunch, or which café is the most Instagram worthy it gives anyone the access and information they need to make criminal advances on their behalf. Even take LinkedIn for example. It outlines your entire job history, your current role, your contacts and their job history and how you might know them. Any cybercriminal can come in and make an illicit advance with a contact and seem quite legitimate when all of that information is so readily accessible.
But social media is everywhere and nearly everyone uses it these days, so how do companies manage this? Here are some steps that communications professionals should keep in mind when advising on social media use and the workplace. It’s a tricky balance to strike but certainly one that can be managed.
First and foremost, educate yourself. It’s important that everyone, not just a select few people, are educated on the risks of social media and cybercrime and how they can be vigilant. Any cyber security firm will tell you that employees are the biggest risk as well as the best defence when it comes to cybercrime. If all employees are educated in recognising the red flags for cybercrime, then they are better equipped to handle an illicit advance from a cybercriminal. If you haven’t got a robust social media policy in place already, make that a priority.
Secondly, ensure there is an open, two-way communication policy in place for instances that might involve potential cyber threats. For example, the JEP reported on a Jersey Director who was targeted recently by an organised gang from the Philippines who used social media to work out that the director was on leave before asking for money to be moved on the director’s behalf. It’s possible for actions like this to occur through a scam called spoofing where the scammer appears to be a genuine contact. It’s important that there are policies in place for alternate forms of communication to flag up suspicious emails, e.g. asking for a money transfer, and confirming with the genuine sender whether they sent the email or not.
Lastly, be critical. It’s important that companies incorporate a cautious and sceptical culture around cyber security so that employees are keeping a critical eye out for any red flags that might crop up. By employing a two-way channel for communication and developing an internal focus on cyber security education then communication professionals can be certain that they are doing all they can to ensure that social media is having a minimal effect on the company’s cyber risk. It’s important to remember that this form of crime can happen to anybody, including businesses in small jurisdictions like the Channel Islands, and including yourself, so be vigilant and be aware.
Cyber crime is not just for risk, compliance or IT functions – it’s a communications issue too