You may have top-notch security tools and a comprehensive cybersecurity plan, but if your employees don’t understand how social hacking works, they may be inadvertently giving away information that opens a back door into your organisation.
Social hacking — also known as social engineering — is the practice of convincing people to give up confidential information such as bank details or passwords. In its earlier, clumsier phase it often came in the form of badly misspelled emails encouraging you to hand over your credit card information. These days, social hacking is much more sophisticated, and hackers often gather breadcrumbs of information from several sources which they put together to thwart security protocols used by banks and employers.
What’s worse is that many of us are helping hackers by voluntarily oversharing information publicly via social media.
Here are some of the most common ways that we enable social hacking through our social media habits.
Joining in viral quizzes and games
We’ve all seen them on Facebook or Twitter, and some of us may have joined in the ‘fun’. It’s some variation of your porn star name is your middle name and the street you grew up on. Or your porn star name is the name of your first pet and the name of your first school. They may seem like a fun — if silly — distraction, but they’re actually designed to get you to share information that helps hackers get into your online accounts. They work because they seem like an innocuous game, so it’s easy to let down your guard, especially if several of your friends are playing along.
The details you reveal when you share your mother’s maiden name or the town where you met your spouse help hackers guess your password or give them the answers to common security questions. And as many people reuse passwords across different accounts, hackers will try them across different websites.
Failing to use privacy settings on your social media accounts
Does your Facebook profile really need to be available to everyone? Hackers can find out an awful lot about you. All those friends wishing you a happy birthday just revealed your date of birth (or most of it). Have you listed your hometown in the ‘about’ section? Perhaps you like to share photos of your pets or children and their names. Regularly check your privacy settings to ensure that you are only sharing sensitive information with people you actually know.
Sharing workplace photos
During the work-from-home phase of the pandemic, many people shared photos of their home office set-up. While most of these photos were harmless, some included their open computer screen, tabs, zoom meetings and post-it notes, potentially sharing things such as the names or email addresses of their colleagues. This is exactly the sort of information that enables hackers to impersonate a co-worker.
The same goes for photos taken in the workplace. Ensure that you’re not unintentionally exposing confidential information.
Announcing to the world that you have a new job
We get it. You’ve just got the job of your dreams or a promotion and you want the world to know. But you’ve also just announced the name of your company or organisation and the fact that you’re new and almost certainly don’t know everyone who works there. This, together with the fact that new employees are usually eager to please, makes you an ideal phishing target for a hacker pretending to be a co-worker.
Falling for employment scams
One particularly unpleasant phishing scam involves fake ‘recruiters’ contacting job seekers about a position they’re ‘perfect’ for. They then collect information (such as name, address, age, phone number, employment history) for the job application which they use to to steal their identity or gain access to their contacts. This is particularly a problem with LinkedIn, where being a first degree contact of someone gives the hacker some legitimacy.
Keeping employees off social media is impossible. But ensuring that employees are educated about the dangers of oversharing on social media can help mitigate the risk of identity theft or phishing. To find out how we can help with ensuring your workers are security conscious, visit our Security Operations Centre page and contact us for an informal no-obligation chat.
Intersys offers a security operations centre service for organisations of all sizes. Choose from the Silver, Gold and Platinum packages to get rock-solid protection from an industry specialist in IT security. Prices are scalable and cost far less than you might think. Find out more about SOC as a service from Intersys, or get in touch now and tell us about your requirements.