The information you openly share online can have a serious effect on your cyber security. The process of social engineering and spear phishing are responsible for over 85% of human error breaches – so whether you share your mobile number and email in your contact information, or simply post an update of a pastime, consider who can see it and whether a malicious actor could use it against you.
If you are unaware of what social engineering is, it is a common method of cyber crime used to gather sensitive information, which can then be used to manipulate an individual through a spear phishing attack – spear phishing being a specifically targeted scam email. If when reading this you think to yourself the common phrase, “There’s nothing about me online,” then think again.
Since the dawn of social media, cyber criminals have revelled in the newfound source which can easily be used to collect the information they need to weave together a fraudulent email. The everyday social media user rarely considers the sensitivity of what they share online or who they openly share it with. Job background, list of friends/family, where you go to the gym, vacation or even your contact information – while it all seems fairly regular for social media, all of this information makes you an easy target of human hacking.
Consider this: you post an update checking in at your gym, a cyber criminal see’s this information due to your account being public or perhaps they’re in your social connections, they then decide to manipulate it. They head to your contact information, find your email, replicate the gym’s email domain and then send you a scam email asking you to confirm your bank details for security purposes. More diligent social media users might be suspicious, but a considerable number might still think nothing of this and happily respond, resulting in their bank details being stolen due to a harmless social update.
While you may consider this an extreme example, it isn’t. From fake bank emails, phoney vacation deals and even a message from an apparent friend in need, malicious actors are successfully scamming people through the process of social engineering and spear phishing day after day. You wouldn’t put all of this information on your front door for passersby to see, so why give it away on social media?
Cyber criminals aren’t how there are painted in the media. Anyone with an electronic device can be a cyber criminal and it isn’t just your bank information that you need to worry about. There is a wide range of social engineering and security risks involved in what you share online. Practical driving test certificate? Motor fraud. Accepting an unknown message? Malware. Checking your child into their school? A major safeguarding risk. These are things that are all too common and are just the tip of the iceberg when it comes to online safety.
Some general tips to minimise your cyber security risk on social media include:
- Where possible, make your account private – public accounts openly share all of your information with strangers. You never know who is looking at your profile.
- Never include contact information such as your mobile number or email – those that need it, should have it.
- Don’t accept unknown requests and remove any you already have – you should only be connected to people you genuinely know on social media.
- Be cautious of what you share – while some things may seem harmless, it could become a serious cyber security risk if your account is open for everyone to see.
- Turn off your location settings – this goes for your child’s phone and your general phone settings. Criminals are tech savvy and social platforms such as Snapchat allow people to track your exact location if they add you.
- Monitor your child’s electronic devices and where possible, set restrictions – social platforms tend to have age limits which should be followed. Children are vulnerable and should not be permitted to use social media until they are of responsible age.
The same rules and cyber security risks generally apply to businesses. Employers should take the time to educate their workforce on what is acceptable to share and what isn’t. Even the most basic piece of information could pose a risk to your business. If you are unsure which of your employees are vulnerable, Intqual-pro can provide a Spear Phishing Assessment that will identify your overall business risk, as well as departmental or role specific risks.
We can also offer an Executive Digital Footprint Analysis and by taking just a business card our investigative team will replicate social engineer methodology and help an individual to both realise and respond to the cyber threat they present for your organisation.