Hacking is on the rise. And it isn’t just the big corporations that cybercriminals choose to go after.
One of the theories some hackers work on is that small to mid-size companies are less prepared and less aware of the threats so do less to prevent hacking attempts. So from the hackers perspective why not target several small businesses with an easier system to pass, instead of concentrating their time on one large business that is well secured.
One of the tools hackers use to gather information to gain potential access to a business is Facebook.
Facebook pages are important for marketing and customer outreach today, so closing the page is not really an option. Instead there are ways to make your Facebook page more secure.
Why Cyber-Criminals use Facebook
Facebook is the first port of call for many hackers looking to gather intelligence on your business. They will look at both your Facebook business page and the personal pages people who work in the business.
Unless the privacy settings on your business page and the pages of employees are tight, a cyber-criminal has access to sensitive and potentially valuable information like who to target and their phone numbers, their photos, personal interests, the names of your family members or kids and who your friends with.
Now the cyber-criminal has learned personal information that can be used to impersonate a friend or colleague, gain trust in a phishing scam and malware attack that gets people to open malicious attachments to emails that encrypt all your business files and demand a ransom.
Do You Know Who Your Facebook Friends Are?
If you think that only your friends can access your information because you’ve set up privacy filters, it may be time to rethink. It’s possible that some people on your friends list are not the real deal.
Behind the photo it could be a hacker who did some digging to see who you might accept a friend request from.
Facebook Privacy Audit
Conduct a privacy audit on your Facebook page, and encourage staff members to follow suit. Facebook has automated some of this process, look for the ‘privacy check-up’ button. It will then show you the three basic privacy settings, posts, apps, and your profile.
The first basic part of the check-up involves your Facebook posts, change them to ‘friends only’ or create a group with those friends you’re closest with, or your immediate family members.
Next, look at the apps connected to your account. If an app has access to your account, the developer of that app may have access to all of the information on your profile or the apps could be hacked by a cyber-criminal giving them access to the data.
Finally, review your profile. Restrict who has access to information like phone numbers, emails, date of birth and city. There is no reason to make this information public to everyone in the world.
Dive a bit deeper on your profile to the ‘About’ section. This details further personal details including where you’ve worked, studied, and lived. Hide this information if you want to truly be secure.
Also consider doing the following:
- Make your friends list private
- Hide family members
- Remove or hide life events
- Hide hobbies, favourite films, artists
Who Should See Your Photos?
Making photos on Facebook private is a bit more complex because others upload photos of you too.
You can set the photos you upload to friends only, but photos uploaded by others need to be managed separately.
Go to > ‘Manage’ > ‘View Photos Hidden from Timeline’ >‘Shared with: See All’ > ‘On Timeline: Hidden or Visible’ here you can view all the photos of you that are out there on Facebook.
Go through each photo and change their visibility or remove yourself from being tagged in them.
For business owners, it is clear that cybersecurity training is important for members of your business in order for them to recognise fraudulent phishing scams. It is important to train your employees on what signs to look out for in emails, webpages and also on social media websites like Facebook.
For Facebook in particular you can follow the privacy tips above and encourage staff to follow these security practices as well.
If you want to add more proactive cybersecurity measures you can also add in additional tools and services like DNS monitoring and anti-virus monitoring which can be run from the cloud. Ultimately though security starts with people and your employees are one of the biggest threats to letting hackers into your business even though it is in an inadvertent manner.
Being aware of what you’ve made public is a great first step, it is also worth setting up reminders to periodically check privacy settings and what information is out in the public domain.
Keep in mind that even though an email might come from what seems like a trusted source or appears to be from a friend, it may be a hacked account. Awareness is key, and you should always take a closer look at any emails you were not expecting to ensure it is genuine especially if the email contains attachments, images or links that you are asked to click on.
About EC-MSP, your technology partner
EC-MSP is one of the most trusted IT support providers in London. If you would like more help advice and support with technology for your business, contact us today to see how we can help.