Despite rising levels of awareness around social engineering-based cyber-attacks, British business leaders, their relatives and their colleagues are exposing organizations to unnecessary risk by oversharing online, according to new research.
Digital intelligence firm Digitalis Reputation polled over 1000 CEOs and the like across a variety of sectors and business sizes.
It found that 61% are aware of the threat posed by social engineering attacks and 41% of firms now educate staff on how human error can lead to a serious cyber-attack.
What’s more, 69% use different email addresses for home and work, 64% use strong passwords and change them regularly, and 63% share only the minimum amount of personal info when signing up to new services.
However, other stats were less reassuring.
For example, only half (51%) of business leaders restrict their profile visibility on Facebook, 20% use encryption services and only a third (36%) follow-up if any privacy settings changes are made to the social sites they’re signed up with.
Perhaps unsurprisingly, awareness of social engineering is lowest at smaller firms and those with lower turnovers.
Just over half (58%) of business leaders at firms of fewer than 50 employees use a different email address for home and work, compared to 80% at bigger companies of over 250 employees.
Digitalis managing director for private clients, Laura Toogood, argued that social media is the main springboard for social engineering attacks, which can ultimately lead to serious data breach incidents.
“While there can be good business reasons why firms might embrace social media, business leaders also need to be more aware of the risks to them and their firms of posting personal information online,” she added.
“Criminals can sometimes find just one piece of information very useful, but sometimes nuggets of data that don’t appear significant on their own can be used to build up a very detailed profile of an individual and lead to a sophisticated attack.”
Real world examples of over-sharing on social media include a successful businessman whose teenage daughter accepted friend requests from an investigator employed by a competitor, according to Digitalis Reputation.