Dec 12, 2014
Your organisation's employees are using social media. They're using it at work, at home, when they're out and about, on their work computers, home laptop, tablets, mobiles, and more. That poses a question for organisations: should their staff be trained in social media security? Or does it pose minimal risk?
Why Social Media Training is Important
Social media security training is important for a number of reasons:
Privacy settings - Many employees at your organisation are likely sharing too much personal information on social media. Attackers can harvest this information to steal your employee's identities, guess passwords and more.
The majority of people struggle to use social media privacy settings correctly, and the right training will help them to secure their profiles, and reduce the risk of attacks.
Malware/viruses - Thousands of messages containing viruses and malware are shared across social networks every day. What's worst is that often these messages come from people's friends, and are extremely deceiving.
With training, your employees can be taught how to identify common virus/malware tricks in messages, and reduce the risk of infecting either their own systems or company systems with malicious software.
Social engineering - More than 60% of attacks target employees via social engineering. Innocent looking messages from people posing as colleagues or friends can result in organisation employees successfully handing over confidential information or access to systems to attackers.
Appropriate training will teach employees how to identify social engineering attempts, and reduce risk.
Spearphishing - We're all used to receiving phishing emails, and most organisation employees are probably now aware of how to identify the more generic emails. The problem is that open privacy settings and social media profiles provide attackers with heaps more information they can use to tailor the emails they send out to your employees. Highly personalised emails can far more readily trick your employees.
The right training will teach your staff how to identify even the most well executed spearphishing attacks, reducing the risk to information security.
How to Train Your Organisation's Employees
This leads to an obvious question -- we know the attacks exist, and that social media security training is important for employees, but how does an organisation go about implementing training?The easiest way is through video. Proficient computer-based security awareness training programs should contain modules on social media security, and teach staff about the most common risks and how to minimise them. They'll cover topics like:
- Best practices for appropriately using social media
- Understanding the security and secrecy of social media
- The biggest risks associated with using social media
- How to limit these risks through usage of social media
- A general policy explaining the use of social media on work computers
Your staff don't all need to be security experts, so resist the temptation of trying to explain how all the attacks work. Your company's training simply needs to identify the risks, and provide employees with a set of best practices for minimising them.The majority of risks can be minimised by adhering to very simple best practices, most importantly:
- Don't open attachments, whether they're emails or messages via social media unless you're completely sure you can trust them.
- Don't follow links in messages unless you're completely sure you can trust them.
- Secure your profiles. Only share personal information and updates with people you're connected to.
A quick way employees can often identify whether a message can be trusted or not is to reply to it -- reply and ask a question only the person who has sent it would know if they have any doubts, and don't click a link or open an attachment until a reply has received.It doesn't take much knowledge to vastly reduce the risks posed to your organisation by employee social media usage.Are your organisation's employees trained in social media security best practices? How successful was the program, and what are you doing to maintain awareness? Let us know in the comments below.