Did you know that cyber attackers can use publicly available information about your business and employees to make their attacks more successful? Information is often gleaned from websites and public social media accounts.
To make it more difficult for attackers to target your business, there are a few steps that you can take to prevent your business being so forthcoming with important data to assist a cyber-attack:
‘Meet the team’ pages: useful to add personality to your business but an absolute Pandora’s box for those with malicious intent! If an attacker has details of your employees they can use this to craft targeted phishing emails so limit this information where possible;
Social media: LinkedIn and other social media accounts often provide information which attackers can use to find a “way in” to your business. Review the information on these sites and ask yourself if it is really necessary to post details about recent contracts won, suppliers your business uses and partners with your business. Think about the information you are posting and how it may be used against your business;
Be aware of what others are saying about you: review what your business partners, clients, contractors and suppliers give away about your business online;
Use of employee credentials for 3rd party sites: your business may use corporate email addresses to sign up for 3rd party services, such as employee benefit schemes, cloud storage providers etc. If these services are breached and employees reuse passwords across accounts, then this can be a big threat to your business. Leaked credentials can provide a simple way in for an attacker.
Be aware and if in doubt, err on the side of caution to prevent your business falling victim to the ever increasing cyber threat.
Author: Claire Cornish is a Senior Associate at law firm Browne Jacobson LLP