Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Partner Perspectives  Connecting marketers to our tech communities.
SPONSORED BY
1/11/2017
03:00 PM
Malwarebytes Labs
Malwarebytes Labs
Partner Perspectives
50%
50%

Operational Security Best Practices For Social Media

Building a firm, clear policy on disclosures online can provide a flexible, adaptive response that will protect proprietary data from winding up in a public leak.

In recent years, we’ve seen the pace of database breaches and the subsequent distribution of Personally Identifiable Information (PII) accelerate to a breakneck pace, causing significant financial and personal damage to the individuals impacted.  But what often goes unconsidered is the organizational damage that the loss of even a single email address can cause. 

One carefully considered stolen pair of credentials can offer a jumping off point for a phishing campaign that appears to come from a trusted source, an intelligence source that affords an attacker targeting data for subsequent action, or a pivot point to access other accounts that may use the same password. In fact, attackers will commonly comb through leaked databases for high value targets and resell secondary lists to those looking to use the accounts before a password reset.  A common defense against these sort of scenarios is practicing good organizational social media operational security – OPSEC - principally by keeping company data off LinkedIn, Facebook, Reddit, and the like. 

OPSEC on social media demands good communication between first-line managers, legal policy, and your Security Operations Center (SOC).  Legally, you can’t forbid your employees from using LinkedIn, but you can bar them from disclosing company assets publically, such as an organizational email.  First-line managers are responsible for implementing legal policies, but more importantly – these managers can communicate back to the OpSec team when business needs are forcing employees to circumvent security policies. 

Much more common than the malicious insider threat is the employee who can’t access data they need on the road, and decides to forward company email to a webmail service.  Another dangerous scenario is the employee who is required to disclose their company email to third parties, but doesn’t have a separate account for sensitive data. 

SOC: Your OPSEC Of Last Resort
There are generally simple, easy fixes for these issues that tend not to be implemented due to poor communication with first-line managers.  And there will always be individuals with exceptionally poor judgment, for example, those who would register for ashleymadison.com with a company email.  Bottom line, making sure security policies are aligned with business needs is a low cost measure that decision makers should be doing as a matter of course.

The SOC affords your organization with OPSEC of last resort. If a SOC tech sees company information disclosed in a public space, something has already gone wrong.  That said, a simple crawler set to look for a defined keyword or domain list on sites like Reddit or Facebook can find leaked PII fast, increasing the odds that a takedown will be more effective. 

A Tier II SOC tech can triage a leak after the fact by pinpointing the precise point of egress.  Asking for passive monitoring of PII can afford an additional layer of security for situations when policy is not sufficient.  Brand Protection services will also do this as part of a vendor relationship, although typically at significant cost. 

As with most cybersecurity issues, protecting company information on social media boils down to issues of communication.  Building firm, clear policy on disclosures online, as well as providing channels for feedback to filter upwards, can provide a flexible, adaptive response that will protect proprietary data from winding up in a public leak.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Mobile Banking Malware Up 50% in First Half of 2019
Kelly Sheridan, Staff Editor, Dark Reading,  1/17/2020
Exploits Released for As-Yet Unpatched Critical Citrix Flaw
Jai Vijayan, Contributing Writer,  1/13/2020
Microsoft to Officially End Support for Windows 7, Server 2008
Kelly Sheridan, Staff Editor, Dark Reading,  1/13/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-7227
PUBLISHED: 2020-01-18
Westermo MRD-315 1.7.3 and 1.7.4 devices have an information disclosure vulnerability that allows an authenticated remote attacker to retrieve the source code of different functions of the web application via requests that lack certain mandatory parameters. This affects ifaces-diag.asp, system.asp, ...
CVE-2019-15625
PUBLISHED: 2020-01-18
A memory usage vulnerability exists in Trend Micro Password Manager 3.8 that could allow an attacker with access and permissions to the victim's memory processes to extract sensitive information.
CVE-2019-19696
PUBLISHED: 2020-01-18
A RootCA vulnerability found in Trend Micro Password Manager for Windows and macOS exists where the localhost.key of RootCA.crt might be improperly accessed by an unauthorized party and could be used to create malicious self-signed SSL certificates, allowing an attacker to misdirect a user to phishi...
CVE-2019-19697
PUBLISHED: 2020-01-18
An arbitrary code execution vulnerability exists in the Trend Micro Security 2019 (v15) consumer family of products which could allow an attacker to gain elevated privileges and tamper with protected services by disabling or otherwise preventing them to start. An attacker must already have administr...
CVE-2019-20357
PUBLISHED: 2020-01-18
A Persistent Arbitrary Code Execution vulnerability exists in the Trend Micro Security 2020 (v160 and 2019 (v15) consumer familiy of products which could potentially allow an attacker the ability to create a malicious program to escalate privileges and attain persistence on a vulnerable system.