Posting intimate details of our of our personal and professional online gives cybercriminals valuable information. (Avishek Das/SOPA Images/LightRocket via Getty Images)
Is our propensity for sharing every detail of our lives — and the lives of our children — putting ourselves, our friends and family and even our employers and colleagues at risk?
There is a growing consensus among cybersecurity specialists that the information we freely share to the likes of Facebook, Twitter and Instagram creates ammunition for the cybercrime industry’s onslaught on consumers, businesses and public infrastructure.
The line between the personal and the business worlds is also blurring. Posts on business-oriented sites like LinkedIn are becoming more “social” and employees and companies are inadvertently leaking sensitive business and personal information.
That job advert for a firewall engineer with very specific requirements tells a cybercriminal important information about your choice of security vendors and where there are gaps in your cyberskills – information that they can’t easily obtain elsewhere.
Weaponising our personal data
A study in 2021 found that personal data was involved in 45% of all breaches last year. Identity theft is also showing a sharp increase – in 2020 researchers found a 42% increase in identity theft compared to the previous year.
Partly to blame is our love of sharing details of our personal and professional lives online. This can reveal intimate details of ourselves that cybercriminals would struggle to find elsewhere. Such details include our location, date of birth, occupation, place of work, hobbies and even where we’re going on holiday.
The more personal information people share on public platforms, the easier it becomes for cybercriminals to build profiles of their potential victims which are used to develop and launch sophisticated social engineering and other types of cyberattacks.
Such attacks can not only compromise the person’s personal cybersecurity but also that of their immediate family, friends and, especially, employers.
In Mimecast’s State of Email Security 2022 report, more than eight out of 10 South African respondents said they believed their company was at risk due to inadvertent data leaks by careless or negligent employees.
‘Sharenting’ poses additional risks
The trend of parents sharing photos and other details about their children online — colloquially known as “sharenting” — is of particular concern.
Sharing photos of children’s birthdays and special moments can pose real and direct security risks to parents, their children, and others in their immediate personal and professional circles, including their colleagues and employers.
For example, if a parent posts a photo of a child’s birthday outfit outside their school, it reveals information about the child’s age, location, the school they attend and more, which cybercriminals could potentially access and use in their attacks.
Or if a parent posts a picture of their “take your child to work day”, anyone watching would suddenly have multiple data points about that parent that could be weaponised by threat actors to improve their attack methods.
Online permanence calls for greater awareness of risks
One of the great dangers of sharing information online is that, once something exists in digital format, it “lives forever” and is largely out of one’s control. This makes it more likely that, at some point, the information will fall into the wrong hands.
In the case of photos and other information shared on social media, all it takes is for threat actors to develop online personas that can connect with a person’s social media profiles, giving them full access to the inner workings of the person’s life.
Sharenting holds additional risks. Cybercriminals could use the information people post about their children to commit identity theft. This can put children at risk for years to come. In fact, studies estimate that by 2030 nearly two-thirds of all identity fraud cases affecting children will have been a result of sharenting.
Since anything posted online lives on indefinitely, children might have a hard time later in life disassociating themselves from pictures or other information posted online by their parents.
People should, therefore, take extra care before posting anything to social media. Critically, parents and internet users generally should:
- Never reveal intimate personal details about where they live, where they work or where their children go to school;
- Avoid posting photos from an office that can provide insight into the company’s security measures, as threat actors could use this information to circumvent company defences and
- Always remember that the internet doesn’t forget – anything posted online is likely to remain there indefinitely. Take care to consider whether that photo or social media post could create risks to you or those in your immediate circle, including your employer.
Organisations should also prioritise regular and ongoing cyber awareness training to equip employees with knowledge of how to avoid risky online behaviour. Alarmingly, a recent study showed fewer than a third of South African organisations were committed to providing cyber awareness training to employees on an ongoing basis.
Brian Pinnock is a cybersecurity expert at Mimecast.