A big obstacle for information security practitioners is driving home why information security is so important. We try all sorts of things to inform our colleagues and loved ones about why it is crucial to protect yourself online. We cite statistics, simplify information, or provide examples. Social media can be treacherous territory, especially because most people use it very casually. The following are some examples of things people post on social media that malicious actors can use and what we can do to better protect ourselves.
When we create social media accounts or any other online account, we have to create a username and password. A strong password is recommended, but can be hard to remember. Most providers use security questions to reclaim your account in case you forget that strong password. They suggest security questions, and we provide answers when we create the account. These security questions are usually personal. Things that only we should know about ourselves. Who was your best friend when you were in elementary school? Your first pet? Your favorite meal? What school did you go to for middle school? Very few people will remember these details from so many years ago, so we answer them honestly.
But wait! It’s Throwback Thursday #TBT or Flashback Friday #FBF. So we post pictures on a public social media profile of ourselves with our best friend at some school event. We tag our friend, type the school name in the caption, and maybe we have a picture hanging out with Rover, the first and greatest pet we’ve ever had. Well, now everyone knows the answers to those security questions.
We also post pictures of more recent memories. Maybe every Tuesday, we go out for tacos with friends at the “best taqueria down the street!” We take photos of the fun night and, of course, the delicious tacos. Throw in a geotag of this taqueria, and every week we post a new picture with the group. Now a malicious actor knows a few things. One, tacos might be your favorite food. Two, you’re not home on Tuesday nights, and not only that, they look up the geotag and know which taqueria you’ll be at next Tuesday. Let’s not forget we briefly mentioned it’s just down the street from your house or apartment. Does the entire internet need to know where you live?
All of this is pretty scary stuff! Although Halloween is just a few days away, this is not meant to scare you, but empower you. Think about what you’re posting online. Here are some tips to keep in mind:
- Consider making your social media accounts private and then vet all requests.
- Only accept follow-requests from people you know and trust. Confirm that it is actually them through another trusted means, like asking them in person.
- Use different profile pictures for different accounts. Artificial intelligence (AI) is being used by malicious actors to search for profile-picture matches.
- Malicious actors may search for common usernames, friends, and interests between accounts. This helps them build an information profile to target someone later.
- Go a step further and avoid using profile pictures of yourself and people you know. This will make it much harder for a malicious actor to connect the dots.
The take-away from all of this is that your information is valuable. Companies want your data to market products to you. Malicious actors want your data to access your accounts to steal money or private information. Your information may be the most valuable asset you have, so do your best to protect it and think about what you’re posting. Is it revealing too much information, and if it is, is it worth the risk?