Social Media Vulnerability Assessment

This exercise is ‘technical’ only in as far as the participants themselves are and is designed to

highlight the general cyber knowledge (or otherwise) within an organisation. The process will

highlight areas of weaknesses and threat where these may not have been previously imagined. It

comprises two elements:

• Cyber Audit: a number of one-on-one conversations with key figures from across the

organization, for discussion of their cyber practices, company policies and the comparative

strengths and weaknesses of these,

• Social Media Vulnerability Assessment: a review of the social media use and practices of a

number of employees, with a view to determining where these are open to threat.

The exercise will inform the key figures within the organization of the dangers that current cyber

practices invite, and determine where the leaks can be plugged to ensure a more holistic cyber-

security posture.

Who should participate in the Exercise?

For this exercise to work effectively it is necessary to engage with employees from across the

whole spectrum of the organization, from senior management to associates, and including

departments such as HR and IT. It is a key predication of the assessment that cyber-security relies

on buy-in at all levels of a company, rather than being left as ‘someone else’s problem’. Hence, it is

advisable that at least one individual at each department/level attend the interview strand, while

a few dozen names from across the entire company are passed over for the SMVA aspect.

Depending on the number of interviewees, it is estimated that a full day on-site will be needed to

conduct the Cyber Audit. The SMVA will be conducted off-site over a week prior to the day of the

Audit itself.

Duration

About the Exercise

Both the Audit and the SMVA will tackle a number of core areas essential to managing and

understanding the cyber-security risk as follows:

• Policies: IT, Social Media, Business Recovery

• Wi-Fi and network access and restrictions

• Passwords and encryption

• Personal use of the Internet while at work

• Social engineering

• Responses to Business continuity and crisis management

Benefits for the Individual

Both elements of this exercise will offer the company a sight of the ‘bigger picture’ of where it

stands with regards to cyber-security and crucially, the understanding that there are a wide

variety of threats that do not come at all from the traditional hacker routes – and many that do

not require outside hacking at all. For instance, the Cyber Audit might highlight that permitting

guests and employees alike to use corporate Wi-Fi exposes the company to whatever bad actors

may care to do to it (such as obtaining copies of all files and emails sent over this network) and

the Social Media Vulnerability Assessment may indicate that certain employees, due to the

quantity and personal nature of the information they post, are susceptible to social engineering.

Both the Audit and the SMVA will indicate where inherent policies and practices regarding all

things ‘cyber’ put an organization at risk; how employees can unwittingly contribute the most to

this; and how organisations can mitigate against these and improve their threat posture in both

the short- and long-terms.

Cumulatively this will provide the organization as a whole with a better understanding of the

nature of all the threats and how they can be countered.

Key Features

[0044] 207 451 1191

info@kcsgroup.com

www.kcsgroup.com

Contact us To find out more or to arrange a meeting to discuss your business needs, please contact us: