Tuesday 29 March 2016 8:00 am

Cyber security: Business leaders are inadvertently leaving their companies open to threats from social engineering

Cyber criminals are increasingly turning to social media to mine valuable information on targets, with many high-profile business figures inadvertently revealing more than they should, a report out today has found.

The study by Digitalis Reputation discovered that, although 62 per cent of businesses offer staff advice on digital security and the kinds of personal information they should and should not be posting online, many business leaders are making silly mistakes that leave their firms open to risk.

For example, just half (51 per cent) of business leaders have altered their privacy settings on websites such as Facebook to protect sensitive pieces of personal information, and only a quarter (24 per cent) regularly check what information about them is easily accessible online. 

"Even firms with state-of-the-art computer systems and software are being caught out by criminals targeting a staff member who has given away too much personal information on social media," said Dave King, chief executive of Digitalis Reputation. "Criminals use information from social media to craft bespoke phishing emails which show a very convincing understanding of the staff member’s life and habits. In these situations, staff members are often caught out, either directly by giving away company secrets or transferring money to criminals, or indirectly by clicking on links which allows hackers access to the company network."

Read more: Boris Johnson backs "minimum standard" of cyber-security

Dr Laura Toogood, managing director of private clients at Digitalis Reputation, added: "While there can be good business reasons why firms might embrace social media, business leaders also need to be more aware of the risks to them and their firms of posting personal information online. Criminals can sometimes find just one piece of information very useful, but sometimes nuggets of data that don’t appear significant on their own can be used to build up a very detailed profile of an individual and lead to a sophisticated attack."

Business leaders are also not doing as much as they could to protect themselves online in general, with less than two-thirds (64 per cent) using strong passwords and changing them regularly and just over half (55 per cent) only accepting friend requests from people they already know. 

Read more: A typo saved this bank from a billion dollar heist

However, some business leaders are very careful with safety online, with one in five (20 per cent) using some type of encryption service and a similar proportion (18 per cent) shunning social media entirely because of privacy concerns.