Cybersecurity Handbook
Chapter 7

What Risks Do We Face on Social Media?

Almost all of us have profiles on social media, whether on Facebook, Instagram, Twitter, LinkedIn, or TikTok. If you are among the rare people who have managed to keep out of these networks, it’s highly likely that the organization for which you work has a social media presence and strategy. We better get to it!

We’ll discuss how social networks function and especially (this is, after all, a guide on cybersecurity!) how they can be used against you and your organization.

As you probably know, different social media platforms thrive on the collection of personal data. Their business model is based on the importance of encouraging involvement, keeping you connected, and as a result: gathering more data about you and your habits. The data is obviously collected for marketing purposes. 

For this reason, it’s important to manage your social networks responsibly by regularly adjusting your privacy settings and limiting the information you share publicly.

Making these adjustments has many benefits. You’ll be able to avoid the uncomfortable situation of your partner finding an old photo from a few years ago of a drunken night spent vacationing with your ex in Mexico. 

More importantly, improving your privacy settings and paying attention to the content of your posts can prevent many cyberattacks.


How can social networks contribute to a cyberattack?

We talked about passphrases and personal information in a previous chapter. The content of your social media posts can offer clues to a malicious person wishing to gain access to your accounts. The posts can help them guess your password (if you haven’t already changed it) or even the answers to the security questions that allow you to regain access to your accounts.

If we can guess that you’re a huge fan of the Beatles, it’s best to avoid using their lyrics to make up your passphrase. The same logic applies to your cat Felix (who is terribly cute) or to your niece Shannon who is the angel in your life. 

In short, review your passphrases and security questions. Do they contain information that a mildly motivated individual could find in your online accounts?

On another note: if it’s possible to guess where you work with the information you post online (thank you LinkedIn), to know your list of friends and contacts (thank you Facebook), and to be aware of your daily activities (thank you Instagram), it’s possible to organize attacks that assemble this information. 

By knowing that you’re on vacation in Cuba, an attacker pretending to be you could send an email to one of your colleagues with the goal of resetting the passphrases and thus gaining access to your organization’s sensitive information. 

Cybersecurity is a team sport

Remember that cybersecurity is a team sport. If you adopt good practices, your increased security will benefit your entire team and the people with whom you are connected.

Social networks generally contribute to increasing your attack surface. The more active you are, the more important it is for you to be aware of the risks they entail. 

One method of ensuring that your data is secure is to do an Open Source Intelligence (OSINT) search. This exercise requires you to play detective on the net (kinda cool, right?) and take inventory of all the information that is publicly available about a person. The following website is an excellent resource that lists various tools to help you do this: osintframework.com.


Recap

  • Information posted on social media is more public than private.
  • Social networks are gateways to your other accounts and the accounts of people to whom you are connected.
  • Be responsible about the information you post.
  • We can never repeat it enough: a secure passphrase is the necessary starting point to ALL good practices in cybersecurity!
Chapter 8 Privacy Settings All the Chapters