Social Media Security in the Workplace

by Robert Siciliano

Social Media Apps

Why someone would set up a fake social media profile? The answer correlates with news of cyber-attacks on businesses and other organizations being targeted with advanced persistent threats which has risen sharply over the past two years.

The Register reports “Social engineering via platforms such as Facebook can be one of the early stages of an advanced persistent threat (APT), the latest buzz word on the information security scene and a technique commonly linked to cyber spies operating from China.”

One highly publicized cyber-attack was on Supreme Allied Commander Europe (SACEUR) Admiral James Stavridis NATO’s most senior military official.

It is believed the social media account in his name was “attempt to trick colleagues, friends and family into giving away his personal secrets on the social network.”

These cyber-attacks on social media are often used to gather intelligence to crack a password or to gain insight to knowledge based questions or challenge questions. For example:

  • What’s your favorite food?
  • Where did you honeymoon?
  • Your first pets name?
  • Name of your first car?
  • The name of your elementary school?
  • Your father’s middle name?
  • Your mother’s maiden name?

All these questions are meant to bypass social media security and replace that used-to-be-secret-obscure word that only you and your parents would know the answer to.

Officers of a company or anyone in a pivotal position like HR or accounting, need to recognize IT security risks and realize while they may not be a NATO commander they do have access to company and client data that may be worth serious money to a thief, competitor or foreign government.

Below are a few social media security tips on how to prevent cyber-attacks

  • Keep social media profiles all business
  • Limit “lifestyle” information and set your privacy setting to high
  • Don’t just friend anyone
  • Be cognizant that someone’s always watching and might be using what you post to access your company data


Robert Siciliano personal and small business security specialist to ADT Small Business Security discussing ADT Pulse on Fox News. Disclosures