Social media is used for anything and everything in today’s world. Whether it’s to see photos of family who live on the other side of the country or to keep health hints in mind or share the latest jokes, there’s a good reason why many people engage with it.
However, you might also be putting your cyber security at risk.
Even an innocent post asking you to remember your deceased pets could be a ploy to get personal information about you that cybercriminals can use to gain access to systems and data.
It’s surprisingly normal and is referred to as social engineering — a trap set to trick you into sharing data. Pet names, street names or favorite actors/songs/movies — are all the most common things passwords are made of.
Your social media pages can be a goldmine for criminals; giving them a lot of information — especially when they cross-reference it with all the other personal data you have shared on your other social media profiles.
Common Social Media Posts To Avoid Interacting With
The following posts seem innocent enough, and the data gleaned from them may not seem like anything critical, but a lot can be learned from a simple viral post. Here are just a few examples of these posts.
Have you ever been tempted by a “ prove me wrong” puzzle like this one?
How about a brain teaser? While this seems like an innocent ask, it could be used to gather your personal information.
How Cybercriminals Use Your Data From Social Media
Data harvesting can work in a few different ways (and sometimes more than one.) For instance:
- You share personal information (like a pet’s name) and it’s used to answer a challenge question to gain access to your account. In the case of the “What’s missing?” post, you just shared your favorite breakfast food (because it’s the one you noticed isn’t there, like bacon or chocolate chip pancakes.)
- The post itself links to a suspicious website that downloads malware automatically onto your computer. This can also happen with fake friend requests or even fake ads.
- Your data gets added to a data pool used in brute force attacks (more on that next.)
Right now, you’re probably imagining a criminal sifting through your social media and cross-referencing that with every place you have an account, then rapidly typing in a bunch of challenges until they gain access to your accounts.
While that’s certainly possible, criminals today don’t need to try nearly that hard.
All cybercriminals have to do is buy some software from the dark web. The software combs the internet millions of times a day and scrapes data from all kinds of publicly available messages.
It then dumps that information into a program that automatically challenges hundreds of accounts at a time until it gains access. These are called brute force attacks and cybercriminals don’t need to have hacking skills to run them, only access to hacking software.
8 Ways To Improve Your Social Media Security
Part of what Internos does for clients as a managed service provider is to provide ongoing cybersecurity training for the client’s entire team. The reason we do so is that social engineering and phishing are by far the easiest way for criminals to gain access to a network.
Your employees are your best cyber security assets, and you should treat them as such. Training turns your biggest security risk (your people) into human firewalls that know how to spot and resist falling for posts like these.
Here are some quick tips to help you hit the ground running:
- Secure all your devices. If you’re using a computer, smartphone or other network devices, all software on your devices needs to be regularly updated. Installing the latest security software, web browsers and operating systems is the safest protection against viruses and malware. By the same token, use anti-virus software.
- Limit the information you share on social media. Don’t include your address and other sensitive information or even a hint at your daily itinerary like your favorite coffee shop. Other personal information you shouldn’t share online includes but isn’t limited to your Social Security number, passwords, full name, address, birthday, and even vacation plans.
- Disable or turn off location services. Don’t publicly disclose where you are (or aren’t) at any time on social media. However, if you want to share that you went to Disney World or the Universal Studios theme park, post it AFTER you get home, not while you’re there. On a similar note, you should disable geotagging. Geotagging a website, photo or other data with your specific location (latitude and longitude) allows anyone to see where you are—and where you are not—at any given time.
- Inform your friends if they’ve shared something about you that makes you uncomfortable or you think is inappropriate. And, you should allow them to speak up if you’ve done that to them.
- Report all incidents of harassing or suspicious activity. Most social media platforms want reports like this so that they can block harassing users. If you’ve been a recent cybercrime victim, let local and national authorities know.
- Keep in mind that there is no permanent “DELETE” option on social media. Even if you choose to delete a post or picture within seconds, chances are someone already saw it and it is still on a backup server or archive somewhere. Consider that when you post. The speed of lightning is nothing compared to the speed of data transfer on the internet.
- Update your security settings, and increase the privacy settings. Set the security and privacy levels for information sharing at a comfortable level. At a minimum, you shouldn’t have a public profile.
- Only connect with or “friend” people you trust. While some social networks might seem safe because of the semi-limited personal information you share through them, keep your connections to people you personally know and trust.
Next Steps
Want to up your security game, but aren’t sure where to start? That’s where the experts at Internos come in. Contact us or book a meeting to discuss beefing up your security measures today.