There is increasing awareness among security experts about how social media behaviors can open the door for insider and outsider threats. However, other than an employee posting a direct threat online, it can sometimes be difficult to know what to look for.
When attackers want to penetrate an organization’s security, they look for vulnerabilities. These vulnerabilities may be technical in nature but oftentimes employees themselves can be the weakest links in a security system. The content that employees post on social media can give would-be attackers clues as to who in the organization might be susceptible. At Fama, we’ve worked with numerous organizations to help them interpret potential risk indicators on social media.
Here are five examples of social media posts that have left organizations vulnerable to an attack.
1. Complaining about security protocols – We’ve even seen employees complain online about security measures and even state that they don’t plan on abiding by those measures. In one instance, a government contractor had a policy prohibiting employees from bringing company phones to work. One employee complained on Facebook about the “absurdity” of the rule and joked about not following it. By posting these comments publicly, the employee not only encouraged others to ignore the protocols, but also advertises to potential outside attackers that his phone is a potential path into the organization.
2. Bullying or harassing others online – We unfortunately see public bullying of co-workers on social media. This behavior is obviously unacceptable and hurtful in its own right but it also indicates to outside attackers someone who is potentially hurt, angry or resentful and would have a reason to lash out against the company.
3. Financial desperation – Financial debt is the second leading cause of insiders turning rogue. An employee talking about student loan debt but not be a problem but when an individual starts talking about financial problems with emotional desperation it is an indicator that they may be willing to do something extreme.
4. Badmouthing the corporation – While most insider threats are motivated by financial gain, employees who are happy with their jobs and their companies are less likely to take such an extreme step. An employee who talks about hating their job, hating their boss, or calling their company “evil”, is more likely to rationalize self-serving behaviors.
5. Revealing sensitive client information – Revealing privileged information is a problem that you need to know about. When someone seems to talk too freely about clients or corporate IP, even if it’s not a direct privacy breach, it is an indicator that this person is likely to share information that he probably shouldn’t.
Make sure that your organization has clear policies for what is acceptable for your employees to post online. Have process in place to ensure that those policies are being followed because a policy with no enforcement might as well not exist. Finally, make sure you have options for how to act in the event a policy was violated whether it be further training, restrictions, or more serious action steps. We'd love to tell you more about how Fama can work with you to identify these kinds of risks at your organization.
Contact us at [email protected] if you’d like to learn more.
 “Insider Threats and the Need for Fast and Directed Response,” SANS Institute, 2016.