As someone in a high profile role and privy to sensitive information, you are at greater risk of cyber attacks.
Among the potential means of cyber attack is something known as spear-phishing. This is when a communication is sent to a particular person and is designed to look like it has come from a known or trusted contact.
These can be sent to personal email addresses as well as business email addresses. Malicious links can be included in such emails through a URL or can be embedded into a document on something like Google Drive.
The victim can then be directed to a fake sign in page for what appears to be a legitimate service. Their details will then be used to sign into their own account and to forward any future correspondence to the cyber attacker.
If in doubt about whether an email is genuine then check via a different means. Also do a regular check to ensure there is no mail forwarding active on your account
Be very careful about what, if any, personal information you share via social media. It could be used as part of a spear-phishing attack. Cyber attackers will often gather and use such information to devise persuasive and convincing emails.
Likewise, be cautious about connecting with people on social media, even when they appear to have mutual contacts. They could be fake accounts, set up to impersonate others.
Consider using a professional social media management service, which will enable colleagues or employees to create posts without the need for you to share your passwords.
Using a social media management tool enables an audit trail to be kept in terms of who has posted content. If using a social media management tool, ensure that account access logging is switched on, if it is available.
You should implement a content approval process, setting out how any draft social media content will be checked and signed off to guard against any problematic content.
Only authorised staff should have access to your social media accounts and social media management tools. Ensure that such access is removed before any staff members leave their role and change any passwords which they had access to.
You should also ensure you have an emergency recovery plan in place. This should set up what to do, for example, if an employee or anyone with access to your accounts has posted damaging content.
You need to know who to contact in advance of any such situations arising.
Ensure you lock any devices when not using them.
The National Cyber Security Centre advises the use of three different words combined to make a stronger password. This renders it more difficult to hack and easier for you to remember.
https://www.security.gov.uk/guidance/social-media-guidance/
https://www.security.gov.uk/guidance/social-media-guidance/using-social-media-securely
https://www.security.gov.uk/guidance/social-media-guidance/perform-social-media-security-assessment
Guidance on recovering a hacked account:
The National Cyber Security Centre
https://www.ncsc.gov.uk/guidance/recovering-a-hacked-account
For more information on protecting what you post on social media, visit:
https://www.ncsc.gov.uk/guidance/social-media-protect-what-you-publish
Reporting a cyber attack
You can report any cyber attack incident via the link below:
Share this page:
