One Article Review
| Source |  AlienVault Lab Blog |
|---|---|
| Identifiant | 8517209 |
| Date de publication | 2024-06-12 10:00:00 (vue: 2024-06-13 19:33:14) |
| Titre | Cybersécurité des médias sociaux: ne laissez pas les employés être votre maillon le plus faible Social Media Cybersecurity: Don\\'t Let Employees Be Your Weakest Link |
| Texte | The content of this post is solely the responsibility of the author. LevelBlue does not adopt or endorse any of the views, positions, or information provided by the author in this article. Maintaining an active social media presence can be a great way to improve brand visibility and generate leads, but it also opens the door to cybersecurity risks — from phishing scams and malware to identify theft and data breaches. If employees accidentally post confidential information or click dodgy links via corporate accounts, cybercriminals can launch malicious attacks that can cause lasting damage to your business (67% of data breaches result from human error). Despite that, as many as 45% of businesses don’t have an official social media policy for employees to follow. Fortunately, by creating a comprehensive social media policy, you can raise social media cybersecurity awareness among your employees, and keep sensitive company data safe. Creating a social media policy A formal social media policy should outline cybersecurity best practices for employees working with your business’s social media accounts. At a minimum, the policy should prevent employees from posting things like private business plans, trade secrets, and personal details about other employees, customers, and clients. It’s also important to include guidance that helps employees avoid common cybersecurity risks — for example, they should know not to click on suspicious messages or links as these can contain worms (self-replicating malware) and phishing campaigns. Quizzes should also be off-limits. Although they might seem like harmless fun, social media quizzes may be harvesting company and/or personal data to sell to third-parties. Hackers can also guess passwords from the information provided in quizzes, so they should be avoided altogether. Corporate content should be posted with corporate devices, not personal ones Your social media policy should also state that work devices (and only work devices) should be used to create and publish corporate content. When staff are free to use their personal devices, they may accidentally post personal content on the corporate account (or vice versa). So, personal devices should never be used for business purposes, so as to prevent any mix-ups. Personal devices also tend to be far less secure than corporate ones. Shockingly, 36% of remote workers don’t even have standard password protection on all their personal devices, which leaves any corporate accounts accessed on them at greater risk of compromise. That said, it’s also important to regularly invest in new corporate devices rather than relying on old ones in order to save money. 60% of businesses hit by a data breach say unpatched vulnerabilities were to blame, and these weaknesses are often present on old devices. “Consider the fact that older devices run older software and are often prone to working slowly and freezing up” Retriever warns. “They’re also less likely to be able to stand cyber attacks. These factors put data at risk and it’s why it\'s recommended that compu |
| Notes | ★★★ |
| Envoyé | Oui |
| Condensat | “consider “they’re able about access accessed accesses accidentally account accounts active activity admin adopt all allow also although altogether among and/or any are article attacks attention author authorized available avoid avoided awareness best biggest blame brand breach breaches business business’s businesses but campaigns can cause click clients code common company comprehensive compromise computer confidential contain content control corporate create creating customers cyber cybercriminals cybersecurity cybersecurity: damage data despite details devices dodgy does doing don don’t door editing employees endorse enter error essential even every example fact factors far features follow form formal fortunately free freezing from full fun further generate gives good grant great greater greatest guess guidance hackers hardware harmless harvesting have help helps hit however human identify if/when immediately implementing important improve include including information instance invest it’s keep know lasting launch leads leave leaves less let levelblue like likely limits link links logging longer maintaining make making malicious malware many may mean media messages might minimum mix money never new not off official often old older ones only opens order organization’s other others outline page parties password passwords pay personal phishing phone plans policy positions post posted posting posts power practices presence present prevent private prone protection provide provided publish purposes put quizzes raise rather recommended record regularly reinforces relying remote remove removed replicating responsibility responsible result retriever rights risk risks roles rule run safe said save say scams second secrets secure security seem self sell sensitive sent shockingly should show slowly social software solely solid staff stand standard state step strength successfully suspicious technically tend than theft them then these things third three top trade transparency turn two unauthorized unpatched unwanted up” updated ups use used user users usually verification versa vice views visibility vulnerabilities warns way weakest weakness weaknesses what when which who who’s why work workers working worms would years” you’re your |
| Tags | Malware Vulnerability |
| Stories | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.