There is increasing awareness among security experts about how social media behaviors can open the door for insider and outsider threats. However, other than an employee posting a direct threat online, it can sometimes be difficult to know what to look for.
When attackers want to penetrate an organization’s security, they look for vulnerabilities. These vulnerabilities may be technical in nature but oftentimes employees themselves can be the weakest links in a security system. The content that employees post on social media can give would-be attackers clues as to who in the organization might be susceptible. At Fama, we’ve worked with numerous organizations to help them interpret potential risk indicators on social media. Based on our experience, here are five ways that social media posts can leave organizations vulnerable to attack.
5 Ways Social Media Behavior Creates Security Risks
1. Complaining about security protocols
We’ve even seen employees complain online about security measures and even state that they don’t plan on abiding by those measures. In one instance, a government contractor had a policy prohibiting employees from bringing company phones to work. One employee complained on Facebook about the “absurdity” of the rule and joked about not following it. By posting these comments publicly, the employee not only encourages others to ignore the protocols, but also advertises to potential outside attackers that his phone is a potential way into the organization.
2. Bullying or harassing others online
We unfortunately see public bullying of co-workers on social media. This behavior is obviously unacceptable and hurtful in its own right but it also indicates to outside attackers someone who is potentially hurt, angry or resentful and might have a reason to lash out against the company.
3. Financial desperation
Financial debt is the second leading cause of insiders turning rogue. An employee talking about student loan debt may not be a problem, but when an individual starts talking about financial problems with emotional desperation it is an indicator that they may be willing to do something extreme.
4. Badmouthing the corporation
While most insider threats are motivated by financial gain, employees who are happy with their jobs and their companies are less likely to take such an extreme step. An employee who talks about hating their job, hating their boss, or calling their company “evil”, is more likely to rationalize self-serving behaviors.
5. Revealing sensitive client information
Revealing privileged information is a problem that you need to know about. When someone seems to talk too freely about clients or corporate IP, even if it’s not a direct privacy breach, it is an indicator that this person is likely to share information that they probably shouldn’t.
Make sure that your organization has clear policies for what is acceptable for your employees to post online. Have process in place to ensure that those policies are being followed because a policy with no enforcement might as well not exist. Finally, make sure you have options for how to act in the event a policy was violated whether it be further training, restrictions, or more serious action steps.
 “Insider Threats and the Need for Fast and Directed Response,” SANS Institute, 2016.