Are you leaking your own data on social media without realising?

Ben Murden

January 24th, 2022

This Data Privacy Week, our Governance, Risk, and Compliance team share how easy it can be for cyber criminals to access and manipulate your social media data to target you or the organisation you work for with online attacks.

With its popularity, addictiveness, and wide range of uses, it’s no surprise social media is an increasing part of most people’s lives. In fact, there are 53 million social media users in the UK alone spending on average 102 minutes each per day scrolling through their favourite channels. Social media platforms have become digital billboards where users can share everything, from what they’ve had for lunch to pictures from their latest holiday, and pretty much anything else that’s going on in their lives.

However, some of the information shared on social media sites can attract attention from groups who have a less than friendly objective, including cyber criminals. They can use this data to access your personal or work accounts resulting in a cyber security breach.

Keeping your information private on social media is in your best interests to ensure you and your organisation stays safe online. So, what are some of the most common risks posed by the information you share on social media?

Photos

Social media was created to share, so naturally if you visit anyone’s social media profile it will be filled with photos. But, being mindful of what photos you post helps to reduce your online (and offline) risk.

Check what is visible in the background after taking a photo and before you post to ensure you’re not sharing more than you intend to. Any clues to your personal life may be irrelevant to friends and family, but to a cyber criminal, being able to see information that identifies you – such as what number you live at or on what street, your pet’s name, where you work (posing a risk to your workplace too), or even mail with account numbers on – can give them what they need to carry out a successful cyber attack.

Personal information

Most social media sites require you to provide some personal information to create a profile, including full name, date of birth, age, and email address. This information tends to be private, however on some sites this it can be visible to people on your profile by default. In the wrong hands, this information could be enough to cause you some issues with fake accounts and compromised email accounts.

Avoid this by making your profile private and only allowing very basic information, such as your first name to be displayed on your profile. Also, try to avoid account handles that include your first and middle or first and last name, or year of birth as these can been seen by anyone even if your profile is private.

Click bait and post bait

We’ve all done it; you’re sat bored on an evening scrolling through your favourite social media site when you come across a post asking, ‘Which spice girl are you?’ These types of posts can be a bit of fun and a good way to kill time, but the websites behind these “quizzes” often use the personal information they collect about you to market and sell to you.

As well as click bait, there’s also post bait, and these types of posts tend to be a little more dangerous. They typically ask 10-15 questions, such as your nick names, first pet’s name, hometown, mother’s maiden name etc. and then ask you to tag five friends to keep it going. It’s the social media equivalent of chain mail. However, the questions you are answer can be used by cyber criminals to guess your passwords and gain access to other accounts via the security questions you set up. For this reason, as much fun as they can be, it’s best to avoid them altogether.

Friends and connections

Social media was invented as a way to stay connected with people online, but this in itself can present a risk when it comes to cyber security. Your friends and connections list could be hiding cyber criminals who are monitoring your updates for opportunities to strike.

To keep yourself safe online, it’s best practice to only accept requests from people you know. At some point, most of us will have accepted a friend request from someone we didn’t know because they had mutual friends, so a regular cull of your friends list to remove anyone you don’t recognise is a good idea too.

Location

Given that social media is digital, it’s not surprising that most of the risks posed by it are online. However, not all threats caused by data sharing on social media are online. Some social media channels give you the opportunity to tag in the location you’re currently at when you share a post, and some even provide live location updates on a map (we’re looking at you, Snapchat), allowing other users to see exactly where you are.

Sharing your current location or storing your past visited locations presents risks outside of the cyber world, giving criminals visibility of where you visit most often, the area you live, where you work, and even highlighting when you’re away. It’s tempting to check in at your favourite spots, but try to be mindful by avoiding tags in places you regularly visit or posting once you’re home.

Privacy settings

Regularly checking your privacy settings ensures that you are only sharing the information you want to be sharing with people you know and trust. There is certain information that you don’t want to publicly share with anyone online, including your full name, email address, and date of birth, but on most social media sites, the default privacy setting will automatically share more information than you may be aware of. Get into the habit of checking this for new accounts and existing accounts when terms and conditions are updated.

How safe are your employees online? 

Arrange a call with Aaron to explore your organisation’s security strategy and how you can strengthen your defence against risks and attacks.

[button to=”https://calendly.com/security-governance-risk-compliance-and-environment/cyber-security-governance-risk-and-compliance?month=2022-01″]Book now[/button]

Also check out our free cyber security training resources guide.