Oversharing personally on social media is equal in sentiment to a business thinking they’re too small to be subject to a cyber attack. Both are very easy to brush off as, ‘my life isn’t interesting enough for a criminal’ or, ‘my business isn’t significant enough to bother hacking’. Both statements are incorrect – both parties have information of value to someone who can exploit it.
A friend viewing a post on the train may have malicious eyes spying on your seemingly innocent post about a favourite childhood pet. There goes the secrecy of security question number one.Or you might have a relative who takes it upon themselves to re-post updates of your travels whenever you’re out of the country. Your empty home is now vulnerable. There are numerous scenarios that could occur, where the long and short of it comes down to, don’t overshare.
You may not think what you post online is revealing, but a cyber-criminal can deduce so much from so little.
Checking in to every location you visit makes it very easy to build up a picture of your routine. Many people take the same route and transport method to work, visit the same coffee house, work in a fixed location, leave at the same time each day and enjoy consistent evening and weekend activities. Sharing where you are reveals so many things. Attacks can deduce when your home will be empty, when you might be connected to a public Wi-Fi, when you might be more distracted and less suspicious.
Does the background reveal where you live/work/visit regularly? You don’t have to actively ‘check in’ to a location for it to be obvious where you are. Are you inadvertently sharing photos containing personally identifiable information? This could be an envelope containing your address or bank name on the kitchen table, the front door of your house with the exact number in shot, photos containing the types of devices you own, visible screens showing other social usernames/inboxes/contacts, etc. Be particularly careful when taking photos around mirrors. It’s very easy to miss information reflected when you’re focused on the main subject.
Checking the social media of prospective new employees is almost a given when it comes to recruiting. All it takes is a friend of a friend who knows someone at the new company and what you thought was private is no longer. Equally, posting about problem clients or projects at your existing company, whether names mentioned or not, can very easily be spotted by the wrong person – opening up a world of unnecessary trouble.
Commenting on posts
How much thought do you put into what you’re commenting on? An unbelievably easy way for a hacker to gather personal information is to pose a question in an engaging way. ‘Honour the memory of your favourite pet by posting their name here’. ‘Click Like and enter your postcode to get sent a discount code for XYZ’. ‘Write your current street name and your first car model to find out your [insert funny character] name now’. All of these are enticing you to give up snippets of answers to security questions or passwords, or just build up a picture of who you are.
We’ve put together a helpful poster that can be shared around workplaces or pinned on break room notice boards. Alternatively you’re welcome to use it as a training tool to help protect individuals from oversharing on social media. Download the poster here.
What’s wrong with these posts?
From just two posts, fictional user Sally has told criminals where she works, what time she starts, that she doesn’t enjoy it and where she lives. Sally has also shared the make and model of one of her devices, plus one of the apps she uses. She has given out her favourite pet’s name, where she goes at the weekend and one of her breakfast preferences. There are so many ways this information could be used to profile Sally.
Purely digitally, we can see what phone Sally uses, plus a likely answer to one of her security questions: Rover. We’d can also assume she’s taking the photo on a second device such as an iPad. Sally’s readily supplied her postcode and first line of her address, and her name is clearly displayed. Sally has left herself very exposed already. By taking a cross section of 10 posts, you can imagine the amount of data we could obtain.
Physically, an attacker could ‘bump in’ to Sally on her Sunday walk and strike up conversation based on common interests. Sally is someone who loves dogs, likes croissants for breakfast, lives in Townsville, dislikes working in the legal profession and enjoys walks on the beach – easy done. This could be to get further information from Sally, to gain access to bank accounts and company information, or for more sinister reasons. Alternatively and much more simply, it’s very obvious when Sally isn’t at home and we have her address. What valuables might be there for the taking?
We’re taught as children not to talk to strangers. Whereas this doesn’t exactly ring true into adulthood, the principles do remain. Just because you’re posting online doesn’t make it less significant. Be mindful of what you publish, and the ways in which this can be used against you, accidentally or otherwise. Don’t overshare.
Talk to M-Tech for further advice on cyber security and how to keep your business and employees safe online.