IT Security Bulletin: Social Media Use
Social media in the workplace
Social media gives you the power to connect with others effortlessly and share information instantly. Since these services and platforms have become so integrated and integral to daily online activities, we find ourselves interacting with them on a regular basis. However, when you use personal and professional social media accounts, you can be providing threat actors easy and obvious entry points to your organization’s networks and systems. You can even be placing your online identity and that of your co-workers at risk.
What to consider when joining social media applications
· Research the social media platform you want to join or use; including a review of publicly available information
· Take time to understand the platform’s privacy, data collection and data use policies, their requirements for permissions, and their terms and conditions for using the application to know what data will be accessed and where it will be stored or transmitted
· Understand the ownership, control or influence, and data residency—the vendors and owners of the platform are subject to the laws of their region, which could impact the security and privacy of users
· Know which features and elements of your devices can be accessed by the app, such as your camera, microphone, location, and contacts list
Risks of using personal social media accounts in the workplace
Whether you share images on Facebook, tweet, or post content to your LinkedIn page, your activity can reveal a lot of information about you or your organization which can then be exploited. Some risks include:
· Unintentional Loss of Data – be careful what you post and ensure your accounts are not compromised. Information gleaned from social media can help threat actors understand relationships inside the College.
· Malware and Viruses – Clicking shortened URLs or advertisements can direct you to malware sites placing the organization at risk.
· Social Engineering – The more you reveal about yourself, the more likely you are to become a target for a threat actor who can create well-crafted personalized scams.
How to reduce risks when using personal social media
· Do not sign up with your @mohawkcollege.ca account unless you have an authorized college-sponsored account and you have been authorized to do so. See the College’s Social Media Policy for more info
· Use a unique passphrase or password for each of your accounts
· Seek approval before posting work-related information on a personal account
· Limit the use of tracking or location services in social media applications
· Enforce Multi-Factor Authentication on all devices and accounts when available
· Accept friend, follower or contact requests only from people you know
· Be wary of posts containing unusual language or content
· Use caution when clicking on shortened URLs; they could direct you to a malicious site
· Avoid revealing private information on personal accounts
· Review privacy settings to control who sees your information and content
· Sign out or log off when you’re done using your accounts
If you believe your accounts or devices have been compromised by an attacker, report it to the IT Service Desk at 905-575-2199 or through the IT Self-Service Portal.