Social media gives you the ability to share stories about your day, post pictures of your food, or disclose your location with your friends. But if you’re not careful, you could be inadvertently leaking sensitive information to strangers. Facebook, Twitter, LinkedIn, and Instagram contain a treasure trove of data about ourselves and our businesses that can be used to fuel hackers’ malicious schemes. So if you frequent any of these websites, it’s important to be cautious about what you post on them.
What do cybercriminals want from social media?
While it’s common sense not to share something as private as bank information or social security numbers online, posting the smallest details about your personal or professional life could provide hackers a gateway into your business accounts. Even ‘Instagramming’ a photo of a boarding pass and prefacing it with #boardingpass is enough for hackers to easily find your post and steal your flight details, frequent flier number, and credit card information.
Aside from sensitive photos, cybercriminals, scam artists, and would-be identity thieves trawling social media websites are often looking for the following:
- Personally identifiable information - publishing your full name, birthday, phone numbers, and address without properly configuring your privacy settings is the surest way to become a victim of a social engineering scam.
- Employment details - by knowing your email address, job title, and employer, identity thieves can simply impersonate you to con other employees in your company.
- Password reset answers - if details like your pet’s name, your interests, or your mother’s maiden name are plastered all over your wall, you’re basically allowing hackers to reset your login credentials.
- Geolocation tags - checking into a location shows everyone where you are and where you’ve been, giving cybercriminals the opportunity to break into where you’re not or concoct more convincing lies for their social engineering scams.
Once cybercriminals get ahold of this sort of information, their attacks become even more potent. For instance, rather than mass distributing unconvincing phishing emails to random people, hackers -- equipped with your personal information -- can tailor a much more persuasive message urging you to click a malicious link or download a questionable file.
Hijacking your identity is also a lot easier when cyber crooks have unfettered access to your personal information and password-reset answers. From here, they could simply log in to your business accounts, steal corporate data, or make unauthorized purchases under your company’s name.
Although there are potential risks in oversharing on social media, we’re not saying you should delete your Facebook and LinkedIn accounts. After all, social media, when used properly, offers incredible marketing opportunities. That said, you and your staff must be mindful of what you share and how you share it. As a general rule, make sure your posts don’t provide any information about your password, banking credentials, or your current location.
If you do plan on sharing details about your day, don’t forget to configure your privacy settings. On Facebook, for example, go to Settings, click Privacy, and change the settings under “Who can see my stuff?” and “Who can look me up?” to Friends only or Only me.
Keep in mind that you can also customize sharing settings on a post-by-post basis by simply clicking on the “Who should see this?” option next to the post button.
Setting strong and unique passwords for each of your social media accounts is also a must. As an extra measure of protection, you should enable two-factor authentication. This adds another step in the verification process as users will have to provide login credentials plus a temporary SMS code or security key, making it more difficult for hackers to breach your accounts.
After all this, train your staff about the risks of publicly disclosing sensitive data online, and to be wary of unsolicited friend requests from people they don’t know. Establishing a good security culture as soon as possible can reduce the chances of identity thieves and social engineers targeting your company.
Sharing too much information can leave your business vulnerable to security threats. And with more social media services than ever, it’s important to have the right tools and training to protect your data from falling into the wrong hands. Here at IntelligIS, we provide practical security advice and cybersecurity tools to safeguard your business. Simply contact us today at www.intelligis.com.