TechHive reports that over 10,000 users have fallen victim to a Facebook-based malware attack. Like other schemes before it, the color-changer malware purports to allow users to customize their Facebook, but when the faux app opens, hackers can access their accounts.
Unfortunately for IT consultants, attacks like this can expose an entire organization to malware and compromise its security. To understand the risks of social media malware, let’s look at…
- How this new Facebook malware works.
- How to limit social media liability.
- How to protect your IT business from data security lawsuits.
Why Is Facebook Vulnerable to Malware?
Vulnerabilities in Facebook's app platform allow hackers to direct users to phishing sites or surreptitiously download malware onto a user's computer. The new color-changing app does both.
After clicking on the app, users are taken to a site that requests that they watch a video in order to unlock "tokens" they can use with the app. If users click on the video, the app gains access to their friend list. If they don't view the video, the app will try to download a bogus "malware screening app" if they have an Android device.
While this isn't the most complex cyber attack out there, there are a few useful takeaways:
- Many common platforms are insecure. Security consultants have criticized Facebook's app platform for giving developers too much access to a user. This weak security architecture is a breeding ground for cyber attacks. How bad is Facebook? MobileMarketPortal reports that 71 of the top 100 Facebook apps are vulnerable to social-session hacking. That's bad.
- Many cyber attacks are preventable. Data breaches are often caused by simple user mistakes. An attack like this – disguised as a way to customize profiles – highlights just how easy it can be to trick the average user into downloading malware.
- Social media attacks expose entire organizations. If a client's employee is hacked through a social media account, the attack can spread via their contacts to the client's entire organization. To make matters worse, phishing attacks can trick a user into divulging their passwords. If they use the same passwords at work, the hacker can access your client's network.
To learn more about recent Facebook attacks, read, "Facebook at Work: A Data Security Issue?"
Protect Your Clients from Social Media Hacks
A client might not realize how much their company's cyber security is connected with their employees' online habits. One compromised social media account can lead to an attack on the company network. Even companies that limit social media access at work can be exposed if employees use social media at home, and then they bring the device (mobile / laptop) to work and log on to the company's network.
So how do you limit a client's exposure to social media attacks?
- Require client employees to use unique passwords at work.
- Limit access to social media at the office.
- Have protocol in place to limit BYOD liability.
- Educate clients about common hacks, phishing scams, and other online attacks.
What IT Professionals Can Do to Account for Their Cyber Liability
Because IT consultants can be sued over data breaches and malware attacks, addressing cyber liability can protect your finances.
Professional Liability Insurance (also called Errors and Omissions Insurance) pays for third-party cyber liability lawsuits, which is legal jargon for a client suing you over a data breach on their network.
Because data breaches are expensive, clients can sue you for…
- Lost revenue.
- Damages to their reputation.
- Repair costs.
- And other expenses.
Professional Liability Insurance pays for your lawyer fees and damages you owe clients, shielding you from the cost of client data breach. To learn more about tech insurance and the cost of IT coverage, see our sample insurance quotes for IT consultants.