Social Media Opens the Door to Cybercriminals; Protect Yourself

Social media, the revolutionary digital playground that allows millions of people to reconnect and catch up with colleagues, family, friends, acquaintances and even people with whom they went to high school, is also a criminal's goldmine. True, social media allows people to instantly connect and explore in ways snail mail could never match. But it’s those very features that make social media so wonderful—the sharing of information, often personal information—that also make it the perfect informational farming ground for lascivious bad actors intent on wreaking havoc to individuals and their businesses.

Think about this: the Internet is wide open to all comers, upstanding and criminally-minded alike. While most of our social media interactions are innocent enough, it’s those same exchanges that can one day become the tools a lurking Cybercrimal could use to unlock your personal and business data.  

Surely the risk isn’t that extreme, right? There are tools in place to protect us all? Not really. It is important to remember that once something is posted on the Internet, it is there, somewhere, forever. Deleted does not mean destroyed as files are generally stored in multiple places. The practice of duplicating files and storing them in more than one location is used to provide redundancy or to retain files as a backup should a failure or incident occur. Once it’s posted, the information is uploaded forever. 

Privacy? What privacy? It’s a fallacy to believe that any information shared on social media can be kept private. People who think they are safe by only having exchanges with people they know have forgotten that most people are connected to a vast network and what was private yesterday may today become public record.

What about those items that are temporary? Something may appear to be temporary, like a screenshot, but if one dives deeper deeper into a system (say the archives), that same “temporary item” will be found to be permanent. Nothing online is ever fully deleted. 

How Can Cybercriminals Use My Information?

The content of your social media accounts, including LinkedIn, make it easy to identify personal information they can use to impersonate and gain access to you in ways that may seem quite legitimate. Think of social media as a gathering ground for one’s personal data. Over time a person may post details that could be used to decipher passwords (i.e., pet and children’s names), personal information such as birthdates and parental connections, and general data such as a work histories and schools. Individually this information seems innocuous. but together they paint a data-rich portrait of an individual. Details about work or home round out the Cybercriminal’s data collection. 

Phishing scams have become much more sophisticated because of social media’s widespread information. A popular tactic makes a phishing message appear to have come from a trusted source, all thanks to information the Cybercriminal obtained about the target often through information shared on social media. Worryingly, these phishing scams are often directed to places of employment. In fact, in 2020, 74% of U.S. organizations fell prey to a successful phishing attack.

The risk doesn’t stop with LinkedIn and Facebook. If one has a blog, participates in video conference calls (where one can chat, post in online forums, or message boards), or shares videos through channels like YouTube and Vimeo, the risk is the same as with social media postings. Posting personal data online leaves one open to risk and attack.

Protect yourself, your data, and your identity. 

Reducing your personal exposure will also limit the information that cybercriminals can use to their advantage to target not just you personally but also your place a work. We should all behave as though the Internet has no delete function, and that every thing we post could be used to create a digital portrait of ourselves. 

One possibility that would allow one to post somewhat anonymously would be to establish an avatar with a name different than from one’s own and a separate email address. Those people who are posting pictures should be careful not to reveal the names of their place of employment, customers, friends, or family. 

Privacy is a big enough struggle as it is, and there are many who are working on behalf of us all to secure our identities and privacy. But everyone must take responsibility. Just as you would do not leave the door to your home unlocked to protect your valuables,  you shouldn't allow a picture containing confidential, financial, legal, or other protected documents and items to be shared either. Developing a good policy around communications to include social media can save you or your company from nasty situations that may be on the horizon.

It is my hope that you will give pause before posting something and contemplate how relevant, silly, or embarrassing the post will be next year, five years, or ten years done the road. If what you are about to post makes you uncomfortable after thinking about where it will be in the future, then perhaps you should abstain and do something different.

Written by Dean Lane, Senior Vice President for Cyber Intelligence at The Institute of World Politics. Mr. Lane brings a wealth of knowledge to his role at IWP. He has founded his own company, taught courses at Universities in California, was the Chief Information Officer for multiple companies, worked for a Big Four Consulting firm, and spent his time in the military with the Special Forces. Mr. Lane has a Bachelor of Arts from UCLA and a Master’s degree in Business Administration from National University.  He is the author of three #1 best-selling books related to information technology.