As of 2021, 4.50亿人——超过全球人口的一半——拥有社交媒体账户.1 Social media platforms connect people and facilitate simple methods of sharing information. The first social media platforms were created to help people share personal information to connect with friends, family, 有相似兴趣的同事和用户.2 随着这些平台的普及, 它们的特性和功能也是如此, 允许更多的个性化和交互式用户体验. Websites such as Facebook and Twitter serve as online communities where people can share personal information as they choose. Other websites such as Digg and Reddit make it easier to find specific information or images.3 Use of social media varies, but, anecdotally, 许多人认为越来越多的平台仅仅是个人使用的环境.
但社交媒体平台对商业和营销也变得至关重要. 社交媒体平台可以让澳门赌场官方下载提高品牌知名度, are cost effective, facilitate customer engagement, 能否提高品牌忠诚度,甚至提高客户服务水平.4 这些好处带来了更多的责任、安全和隐私问题.
Failing to prioritize the security and privacy of a social media account can result in negative consequences spanning both the personal and professional worlds. 在这两者中,后者可能会对澳门赌场官方下载弹性产生不利影响. Reputational damage, loss of customer trust, compliance violations, 员工生产力下降, and compromised intellectual property and/or sensitive data are just several of the possible outcomes of a poorly managed social media platform.5
Failing to prioritize the security and privacy of a social media account can result in negative consequences spanning both the personal and professional worlds.
尽管它在联系人们方面有好处, 共享信息和澳门赌场官方下载建设, 当社交媒体被恶意使用时,人们的担忧是合理的. 这方面的例子包括宣传虚假信息和以电子方式瞄准个人(例如.g., cyberbullying, harassment). Whereas propaganda is nothing new, social media and questionable data collection techniques (i.e., privacy dark patterns) are seemingly pitting consumers and organizations against each other because they create information disparities that favor the organization over the individual. By using dark patterns to obscure or manipulate the information that users need to make informed decisions about their privacy, organizations can gain access to more user data than they might otherwise be able to obtain.
社交媒体上的社会工程和网络钓鱼
Common account security questions can easily be answered by seeking information about the target on various social media platforms. 通过问一些看似随意的问题, malicious actors can use social engineering to obtain the information necessary to answer security questions required to reset a password (e.g.(第一个宠物的名字,母亲的娘家姓). 或者,他们可以冒充合法实体发送网络钓鱼消息.g., bank, email provider) asking for personal information to verify identity for a password reset.
Security education and awareness trainings have made strides in educating employees about certain security red flags to look for on social media (e.g.、请求发送敏感信息、拼写错误). 培训方案和宣传材料(例如.g., posters, 时事通讯)有助于让员工了解和了解社交媒体的风险, 哪一个是信息安全的关键方面. 这些知识有助于创造一种意识和责任的文化, which can go a long way in preventing social engineering attacks and other security breaches.
Despite their newfound knowledge, employees are still likely to share information on social media. 尤其是当员工档案与工作地点相关联时, the availability of this public information increases the effectiveness of social engineering efforts. For example, a malicious actor could leverage information gleaned from social media accounts about an upcoming class reunion. Posing as a classmate, the malicious actor could increase the likelihood of success in an email compromise through the use of a tailored phishing email campaign. This believable impersonation effort would allow the threat actor to gain the trust of the target account holder and leverage it for malicious purposes.
信息不仅可以从个人社交媒体账户中获取, 员工姓名等信息, job titles, email addresses, and telephone numbers found on an organization’s social media profile can be used to target employees with spear-phishing attacks, social engineering tactics, 竞争情报收集, and identity theft. To prevent this, it is important for organizations to be aware of the information they share publicly and limit the amount of sensitive information they disclose.
社交媒体与员工心理健康
社交媒体的日益普及, 加上一个永远在线的社会, appear to underscore a growing mental health crisis surely to further strain the healthcare provider ecosystem and/or increase absenteeism in the workplace. A distracted employee can be a significant threat to information security because they may be more likely to make mistakes or take shortcuts that can leave systems vulnerable to attack or compromise.
The impacts of social media on an enterprise are numerous and can affect employee mental health. 有心理健康问题的员工可能难以集中精力完成任务, 导致生产力水平降低. 他们也可能难以与同事有效沟通, 哪些会导致误解和延迟完成项目, and possible security missteps. Alexey Makarin, an assistant professor at the Massachusetts Institute of Technology (MIT) Sloan School of Management, Cambridge, Massachusetts, USA, stated, “使用更多社交媒体的人可能会变得更抑郁, or conversely, 更抑郁的人可能在社交媒体上更活跃.” Makarin believes that social media enterprises and policymakers must work to alleviate social media’s potentially harmful effects on mental well-being.
但对于澳门赌场官方下载来说,社交媒体问题的影响超过了人力资源的影响. From an adversarial standpoint, social media platforms are a low-risk way to conduct reconnaissance and target enterprises or key persons within them. 通过查看个人的帖子来收集个人信息, comments and connections on social media platforms remains relatively easy to do when so few people use multifactor authentication (MFA) or employ strong privacy settings.
Conclusion
随着社交媒体的使用持续增长, it is crucial that individuals and organizations be vigilant in protecting their information and privacy. Social media platforms are prime targets for cybercriminals hoping to steal personal information, spread misinformation, 并进行网络钓鱼等诈骗活动. Enterprise security education and awareness training programs should be routinely reviewed and tailored to increase employee awareness and education regarding an enterprise’s unique threat landscape. 通过提高对潜在威胁的认识,采取必要的预防措施(如.g., 启用双因素身份验证[2FA], 不要在网上分享敏感信息),并严格遵守社交媒体政策, 个人和组织可以更好地保护自己.
Endnotes
1 Walsh, D.; “研究:社交媒体使用与心理健康下降有关,麻省理工学院斯隆管理学院, Cambridge, Massachusetts, USA, 14 September 2022
2 玛丽维尔大学,城镇和乡村,密苏里州,美国社交媒体的演变:它是如何开始的,接下来会走向何方?
3 Rastogi, K.; “社交媒体如何被滥用,” iPleaders, 17 May 2016
4 The Edge Picture Company, “你的澳门赌场官方下载需要社交媒体的5个原因”
5 DeLoach, J.; “社交媒体影响你风险状况的10种方式,” Corporate Compliance Insights, 6 March 2018
Chris McGowan
Is the principal of information security professional practices on the ISACA Content Development and Services team. In this role, he leads information security thought leadership initiatives relevant to ISACA’s constituents. McGowan is a highly accomplished US Navy veteran with nearly 23 years of experience spanning multidisciplinary security and cyberoperations.