Security blogs

Is your social networking a cyber security risk?

Sharing the best bits about your life on social media has become a day-to-day habit for many people. But, it’s easy to forget that content shared online has a life beyond our friends’ feeds

In the past few years, the news has highlighted celebrities who have had their social media accounts hacked with devastating results: their private photos shared or held for ransom, or the attacker has pretended to be the celebrity, engaging with followers on their social media accounts. While celebrities may seem like an obvious target, hackers have plenty of reasons to steal confidential information from almost anyone, whether it be to damage the person’s reputation or for their own financial gain.

Social media can be a double-edged sword, as many people want to build their online presence so that as many followers as possible engage and interact with what they post online. But, these stories that come up in the news should be used as a reminder to look at your own personal security online. It does open up a bit more risk. There have been cases where people have accidentally posted their passwords or posted selfies that have incriminating or sensitive information in the background, or even patient information from a selfie posted at a hospital.

Sharing the best bits about your life on social media has become a day-to-day habit for many people. But, it’s easy to forget that content shared on social platforms has a life beyond our friends’ feeds. A recent survey conducted by online jobsite CV-Library with its database found younger workers surveyed were most likely to have Googled themselves (58.1% of 18- to 24-year-olds) and 50% of those surveyed said what they found prompted them to increase the security levels on their social media profiles. The same survey found one in five of those surveyed had been hacked online, something that Tully says can be simple for cybercriminals if they gain access to an account with relaxed security settings.

If it looks strange, or if they’re asking you to do something you’ve never done for them before, think twice

You have a lot of your life recorded on these networks, so it’s a clever idea to regularly purge this content, so that nothing is visible that would potentially embarrass you, or can be used against you, or could reveal some kind of personal information that could then be used to socially engineer you or manipulate you. A good rule of thumb? If you would be embarrassed for you mum to see it, don’t post it.

Not only can it be reputationally damaging and a reason for potential employers to look past your job application, hackers can look at the shared information and figure out answers to security questions. Other risks include cybercriminals knowing if you’re away on holiday and a target for burglary or using personal details to create false identities online and take out loans in your name.

As well as drawing the line at oversharing potentially damaging information or photos online, it highlights the need for secure access to your accounts in the first place. Making sure two-factor authentication is enabled where the platforms allow is a simple solution that can significantly mitigate the risk of an account being compromised, because a hacker would physically need to have the associated phone on hand to log in.

What is also important is ensuring that your social media account has a password that is different to your other accounts. Passwords should be made up of three random words (pass phrase), with numbers and symbols. If there is a breach, it’s important that the password that’s out there on the web isn’t the same one you use to log into your bank account. Sites like haveibeenpwned.com are useful tools to check if an email account or username has fallen victim to one of these attacks. The next step is to change your passwords.

Be vigilant, even with friends
Even if you’re not the one who has been directly hacked, being vigilant is key. If a friend’s account has been compromised, often the person behind the attack will assume the identity of the account and try to manipulate the person’s friends into divulging information or cash. If it looks strange, or if they’re asking you to do something you’ve never done for them before or for some kind of strange favour, think twice and confirm with them offline that it is actually them. Never respond to online requests for personal information or financial requests without verifying the identity of the person or organisation through another means first.

Being aware of what friends are posting publicly too, is a good practice if you want to avoid falling foul of phishing links, which actively seek out personal information. “The problem on social networks is a lot of them shorten links for you. For example bit.ly links are an easy way to obfuscate something that might be sketchier than a normal link.

In these cases, Cyber Aware suggests that wherever possible, you type the address of the website directly into the browser first or search for the website link via a search engine, since cybercriminals can create fake website addresses that look very similar to the real website address, for example, by replacing a lower case “L” with a capital “i”.

Purge apps
A lot of social networks give access to third-party apps to make sharing across platforms quick and easy – so a single image can be posted at the same time to both networks. A good rule of thumb is you can trust apps downloaded from the Apple App Store and Google Play but be wary of those downloaded directly from the web. Cybercriminals have created apps that can subtly gain access to personal data.

It’s good to regularly see which third-party apps you have enabled and to purge the list of apps that are no longer used.

An extra measure that people should build into their routine is regularly updating software and apps on their devices to make sure any security bugs have been patched. It’s a simple solution to make sure an account is secure, and they can be set up to update overnight.

Professional networking sites
Social platforms that often get overlooked in terms of security measures are those used for professional networking. However, hackers commonly use these sites to gain personal information, that can be used in cases such as identity theft. So, only put up information that you need for a job search and leave off personal details that can be provided on request once a job has been offered and the employer has been met in person, such as birth dates, national insurance numbers, and bank details. Also, make sure that you set or review your privacy controls on these accounts.

Another common trap to avoid is opening attachments or links that prospective employers or recruiters say are job postings or application forms.

Try to avoid opening files that are sent to you or clicking on links from people that you haven’t met in person or haven’t validated their identity in another way, through Google searching or a phone call.

 

You may also like
Have I been Hacked?
“FINAL WARNING” email – have they really hacked your webcam?
Third party hacking