Social media isn’t all fun and games. And what you don’t know could hurt you… and your business.
All across the world, every day users of online social media are put at a massive privacy risk. And no, we’re not talking about Cambridge Analytica or targeted advertisements here. Social engineers are using tactics to outsmart people into giving away private information that could lead to a business’s downfall.
And it could happen to you.
Stephen Komorek works for Conflict International – United States, a private investigation/ intelligence firm that specializes in these exact kinds of online threats.
They work from both sides of the angle – whether a company is looking for holes in their security or whether a particular person is repeatedly getting caught up in social engineering schemes.
So how can you avoid getting caught in the middle of one? How do you avoid becoming a target?
Facebook and LinkedIn are major tools for these schemers.
“If someone is trying to befriend you and you’ve never met this person, be aware that they may have ulterior motives. ‘What is their interest in me?’ you should always be thinking,” Komorek told Law Enforcement Today.
“Treat online encounters exactly as you would on the street,” Komorek said. “If a random person that you knew nothing about walked up to you and began a conversation, then began asking you questions, would you find it odd? The same goes for social media.”
Komorek says that if you don’t know someone, be wary. Don’t open up to people who are perfect strangers. They typically work slowly, developing a rapport with their target before eventually getting them to reveal trade secrets or issues with the company.
“People love to talk about themselves,” Komorek said. “Sometimes when someone gets going, they give away serious proprietary information without even realizing it. And sometimes that information can be used to put them out of business.”
There are also certain types of people that social engineers target for exploitation.
“People with money problems, divorce, people who are angry at their company,” Komorek said. “They are all more easily coerced into revealing private information.”
Komorek says that businesses contact Conflict International to perform a task called “Red Teaming,” where their agency uses these tactics to try and find weaknesses within the security of a company – whether through their employees or through penetration tests.
So what should the company look for?
“Be on the lookout for disgruntled employees, workers who feel they’ve been short-changed or having money issues; there are many variables to consider, but these variables are the ones that we see the most that pose a security risk within the enterprise.”
OPSEC, or operational security, is a training that all federal employees go through to help keep privacy measures operating smoothly.
“Loose lips sink ships,” said Komorek. “OPSEC helps to prevent and deter sensitive information from being leaked out into the public sector.”
Has this happened to you? Report it to your security team at work.
“Watch what you post online,” Komorek finished. “Make sure your privacy settings are set correctly. If you think your secrets are getting stolen, contact Conflict International.”