Social Media and Cybersecurity

Cybersecurity Trends

The recent proliferation of social media platforms have provided hackers with a treasure trove of personal data on pretty much anyone in the world.
Consequently, social media has made social hacking easier and cheaper than ever before. So, what's the solution? Here are the top four social media threats along with mitigation techniques:

Data Selling
The first threat comes from the social media companies themselves. Since most social media companies don't charge for their use, they have to make money in other ways. The expression "if you don't know what the product is, then you are the product" is fitting here. Social media companies are essentially ad agencies, providing their clients with access to user data, analytics, and behavioral trends. Famously, Facebook suffered a major reputational blow when it was discovered that they'd shared vast quantities of user data with Cambridge Analytica, a political consulting firm.

We recommend periodically reviewing your privacy settings for all of your social media accounts, particularly after downloading software updates. For Facebook, this can be found by going to Settings > Your Facebook Information > Off-Facebook Activity.

Sensitive Data
Particularly when posting images and videos, it's not uncommon for sensitive information to be accidentally included. For example, Post Its in the background of an office selfie might contain passwords, your home office calendar might be visible during video calls, or an Instagram photo of your latest dish taken from your kitchen might capture a private note stuck to your fridge. Also, it's not uncommon for private information like confirmation codes or usernames to be included in screenshots posted to LinkedIn or Twitter.

We recommend carefully reviewing all of your content before posting and using a virtual background during video calls. Otherwise, you'll be sharing far more than you think.

Unfortunately, it's not only sensitive information like login credentials or confirmation codes that hold a risk. By using seemingly innocent information about you, social hackers will be able to craft highly tailored phishing or vishing campaigns with a high likelihood of success. In a recent talk with renowned ethical hacker, Rachel Tobac, she recounted how she hacked into someone's hotel rewards account simply by viewing an Instagram post they sent in which they tagged the hotel.

While it's perfectly fine to use social media, we recommend following a policy of "polite paranoia" when it comes to over-sharing. So, for example, it's okay to send a selfie from the beach, but it's probably best not to tag the hotel or mention the dates of your stay.

It wasn't too long ago when phishing was "only" possible through emails. Nowadays, it has spread to SMS, Messenger, LinkedIn InMail, Instagram DM, and even dating apps. In essence, each new way in which you interact with others online is a new vector that social hackers will exploit.

We recommend migrating away from publicly-accessible messaging platforms as much as possible. For example, P2P messages through Signal are automatically encrypted and can be set to delete after a set period of time, and company-wide platforms like Slack make sure that only authorized users can contact you. When possible, try to build inter-platform confirmations into your workflow (e.g. confirm sensitive email requests with a Slack message) so that a single compromised channel won't be able to do as much harm.

Protect your organization. Talk to a Silent Breach representative today to schedule your comprehensive cybersecurity audit.

About Silent Breach: Silent Breach is an award-winning provider of cyber security services. Our global team provides cutting-edge insights and expertise across the Data Center, Enterprise, SME, Retail, Government, Finance, Education, Automotive, Hospitality, Healthcare and IoT industries.