The Influence of Social Media on Cyber Security

Social media is an essential marketing strategy for increasing brand awareness and connecting with consumers. However, using social networks increases an organization’s cyber risks. Furthermore, employees’ personal social media use can also impact employers. Specifically, employees may overshare on social media platforms, not realizing that cybercriminals can gather information—known as data mining—to launch targeted attacks. Considering that more than 60% of people worldwide use social media, according to database company Statista, employers must take steps to minimize the risk of harm it can cause.

Social engineering attacks are associated with social media use. In these attacks, threat actors attempt to manipulate their targets into downloading malware, sharing sensitive information or other compromising activities. Here are two types of such attacks:

1. Spear-phishing attacks—Unlike generic phishing emails sent in bulk by cybercriminals, spear-phishing attacks are sent to just one person or organization. Threat actors use information gathered from social media sites and other means to craft personalized phishing emails, texts or phone calls.
2. Whaling attacks—This scam type targets high-ranking executives. Using data-mined information, cybercriminals engage in prolonged interactions with senior executives to manipulate them into compromising actions, such as wiring money.

To protect themselves from social engineering attacks, employers should consider these measures to improve social media security:

• Implement a social media policy. Employers should create a clear, company-wide social media policy that includes guidelines on strong privacy settings, secure password creation, and device and software updates. The policy should cover both the business’s and employees’ personal social media use.
• Conduct employee training. Employers should conduct robust social media training to help employees understand the risks of oversharing, unaudited privacy settings and public Wi-Fi use. Training should also include how to spot social engineering attacks.

Additionally, employers should implement technical controls, including antivirus software and tools to scan and decode suspicious links.

Navigating the Cyber Insurance Claims Process

When a cyber incident strikes, employers need to know how to navigate the claims process and understand what their insurance may cover. Although response measures may vary based on the nature of an incident and its associated losses, here are three general steps for employers to take amid the cyber insurance claims process:

1. Notify important parties. Once organizations have validated a cyber incident, they should swiftly execute their cyber incident response plan and contact necessary parties (e.g., the Privacy Commissioner of Canada, law enforcement their cyber insurance provider) to kick-start the investigations and claims processes. In addition, employers should coordinate with impacted vendors to help remediate the situation and minimize related damage.
2. Mitigate the incident and document associated expenses. Organizations should work closely with their brokers and claims adjusters to calculate the total expenses incurred and determine insurance cover capabilities. This entails keeping detailed records of all associated damage and restoration costs.
3. Resolve the claim and determine key takeaways. Organizations should finalize any supporting information required to help the insurer resolve the claim. Upon receiving payment, employers should conduct a post-incident analysis to identify cybersecurity weaknesses and guide improvements.