There are over 1 billion users on Facebook. The chances are very, very good that your employees are amongst those 1 billion. This puts you, and your IT team, in a dilemma. Do you allow employees to access Facebook during work hours? We know the benefit of using employees as brand advocates, but how can you minimize the risks?
You also need to consider what issues can arise from phishing attacks and other forms of social engineering through Facebook that can impact your company. Let’s consider these things now, and look at the statistics.
Facebook security issues in general
A poll conducted by Naked Security found a number of alarming issues:
- Friend request: 46% of Facebook users would accept a friend request from a stranger. This opens them up to all sorts of phishing attacks. It clearly shows that they are not diligent with vetting those whom they communicate with on Facebook.
- Birthday: Every piece of information that a hacker can steal is valuable. This includes your exact date of birth. This information is frequently used in security checks. 89% of users show their full birthday.
- Email address: 100% of the polled Facebook users displayed their email address. This is another piece of information that a hacker can simply find on Facebook and use against your employees. It’s even worse if they’re using an email account which is associated with their work.
- Other users: Up to 40% of users show data about their family and friends. These friends can frequently include co-workers.
Such information is useful to identity thieves and those who wish to commit phishing attacks and even brute force attacks. These can be committed against them and then used against your company.
Facebook security practices
There are three basic areas that you need to get your employees familiar with. These points will help them protect the employees themselves and, by extension, protect you. This is all listed under Privacy Settings:
- Who can see my stuff: The first thing they should do here is to allow only their friends to see their Facebook page. If implemented, hackers can’t simply go to their page and find information like their birthday. They should also control subgroup settings or who can see specific posts that they share. They should also have approval rights for photos of themselves.
- Who can contact me: This will limit the friend requests from strangers; all too often, those strangers are hackers or data harvesters. Limiting it to friends of friends ensures the most privacy and security.
- Who can look me up: This is similar to the point above. It can also make it so that people can’t even find you, let alone contact you. You can even limit people from looking you up, even though they have your email address. The most important one to check is to see if search engines can find your Facebook profile. If yes, turn that off.
This is all about limiting the number of attack vectors available to hackers that want to target your employees. The safer they are, the safer you are as well.
The risk to your business
Your employees are not the only people at risk due to Facebook security issues. Hackers can steal employee information from Facebook and use it against your company:
- They can imitate one of your employees in an effort to contact you for business interests.
- Hackers can create fake profiles of your employees and use it to misdirect your customers.
- Your employees can be contacted through Facebook by fake accounts of their supervisors.
- Hackers can find important work-related information in the Facebook account of your hacked employees.
Those are the four basic risks to your business. But you shouldn’t relax yet; hackers are always thinking up something new.
Restricting access during work hours
Many companies restrict access to Facebook access on the work network. It has been found that 54% of companies do this. The biggest concern should be privacy reasons. Workplace productivity certainly factors in, but their smartphones still work so it’s largely moot.
There is also the risk of inappropriate information sharing over Facebook. Employees that are on Facebook during work hours are more likely to post something about their work right on Facebook. These are legitimate concerns which must be balanced against the fact that many businesses are using their employees as brand advocates.
If you determined that you’d rather have the brand advocates than worry about the risk, make sure that you:
- Set up programs that can block malicious phishing attacks.
- Offer to set up a VPN for any employee using a BYOB device.
- Have virus blocking apps on all network connections.
- Install anti-malware software on all devices.
- Take the time to cover all the Facebook security issues raised in this article.
Making the decision to allow Facebook access in your work network is not an easy one. If you determined that social interaction is important to your overall marketing and that your employees are going to act as brand advocates, you have to be certain that you are well protected.