Publicly Shared Email Ids Can Put Enterprises At Risk

Carl Leonard, Senior Security Research Manager (EMEA), Websense Security Labs, talks to Biztech2.com about the trend of social spear phishing and best practices that companies can adopt to safeguard themselves.

With social media being extensively used in businesses, how enterprises safeguard themselves and their employees from the threats surrounding it?

With the penetration of social media in the workplace security is of paramount importance. Cybercriminals are using social networking sites to spread malware and execute other cyber attacks.

It is, therefore, important that employees are made aware of the dangers of clicking on links on such sites. Before clicking any link on sites such as Facebook and Twitter, users should consider the following: What is the intent of the link; Where is the link going to redirect them; Why did they receive the link; How realistic is the claim that the link shows or highlights; How reliable is the person who shared the link?

If the user receives the URL out of context of a discussion or seems ambiguous, then the user should avoid clicking on the link. Most importantly, companies should automate their protection through real-time security. Due to the increasing sophistication of cyber attacks, users are unable to distinguish between when it is real and when they are potentially being duped.

How can publicly shared email ids be exploited by cyber criminals?

By publicly sharing their personal email addresses, users are exposing themselves to advanced ‘social spear phishing’ attacks and spam campaigns. Social spear phishing involves criminals attacking harvested email addresses with information extracted from monitoring users’ Twitter conversations or the Twitter API. According to the recent research conducted by Websense Security Labs, more than 11,000 email addresses were shared worldwide daily via Twitter.

To protect themselves from malicious attacks while using social media, one should use direct messages for sending email addresses to contacts instead of tweeting or posting on the wall. It is important to cross check any emails received from friends that have links to external sites as these could be spam. One should never use passwords that can be easily identified and that link with publicly accessible information.

Please share some security tips on how to best avoid shared data potentially being used against a company.

Facebook, Twitter, YouTube and LinkedIn are social media and business tools to enable business success. Companies should consider deploying real-time security defenses that provide them the control over social web to monitor, control, enable read-only viewing and provide visibility with reporting and analysis. Some other suggestions can include using real-time security to protect against unknown exploits. Those in charge of company’s IT security should keep patches up-to-date to protect against known exploits.

What employees should be made to understand is that email is the easiest tool that cybercriminals use for hacking into a company. Therefore, it is necessary that organisations ensure that their email security has superior malware protection against modern threats.