CISO Perspective: Using Social Media Safely
keeping-my-information-safe | Read Time: 3 minutes
By Robert Eastwood | Published: August 2022
Social media is a great way to connect with friends and family, share news, pictures, where you are visiting, you name it. We are quick to tap that button and share what's going on!
While social media can be fun and a great tool for personal and professional use, it needs to be used properly to keep you, your friends, and your company safe.
Did you know that someone can collect your location information from a picture you post? It's a little thing called metadata that imbeds your longitude and latitude coordinates right in the picture. If you are using a mobile device with GPS, turn off your GPS before you take the picture.
You might say, “well I keep my settings private when I post.” And that is an important practice. Social hackers will try to friend you or your friends to learn more about you. If the hacker can connect to enough of your friends, you may be more likely to accept their friend request believing that they are truly “friends of friends.”
Attackers target professional social media sites to gain as much information about a business they wish to target. If you think about it, it is easy to search for a list of employees, see what positions they have with the company, and collect email addresses for targeted phishing attacks.
Ever have your password guessed? If you, like many people, create passwords based on things that are familiar to you like a family or pets name, where you work, or favorite place to eat, it’s likely in one of your posts. Social media hackers collect this information to try and guess your passwords. If you aren't using multifactor authentication...you could be compromised.
So, what else can hackers do with the information they have gathered?
Lots of bad things! They can contact a business and trick employees into providing sensitive information. If the attacker has gathered enough information about the company, they can seem completely legitimate.
Phishing attacks are another easy way hackers can trick you into clicking a link that could steal your password or infect your company with malware. In some cases, hackers can modify malware that is customized to breach your company's data because they have collected enough information about the business operations.
Here are a few tips to remember:
- Manage your social media privacy settings. These settings change relatively frequently so make sure to set them to your preference.
- Turn off GPS when taking pictures that you intend to post to social media.
- Use strong and unique passwords.
- Use multifactor authentication where and whenever possible.
- Review and narrow down your social media “friends” to reduce fake friend requests.
- Watch out for “catfishing.” This is when a fraudster creates a false online identity to trick you into associating with them or doing business with them for the purpose of stealing or victimizing.
- Limit what personal information you post to social media. The more you post the easier for someone to steal your identity.
- Report fake accounts or harassing activities to the site administrator.
Always be mindful of what and how you post on social media. Take time to research best practices for safe social media use. Remember, once it is out there...it is out there.
That is a CISO perspective.
About the Author – Robert Eastwood
Robert Eastwood is Senior Vice President, Chief Information Security Officer at WSFS Bank. He has more than 24 years of experience in the information security field, including nearly 20 years at WSFS, most recently as Vice President, Information Security Officer, where he developed and executed a multi-year strategic plan for Information Security. He also holds a number of professional certifications and memberships in the Information Services, IT and financial services fields.
How safe are my passwords? How do I know if my passwords have been leaked? These are questions I get asked a lot. More and more hackers are using leaked passwords to log into websites and apps that you use. They may make purchases, or they may use the information they gather to sell on the dark web or to scammers.Read More
Have you ever lost your smartphone or tablet, or maybe even your laptop? Have any of them ever been stolen? It’s certainly not a good feeling. The number of mobile devices lost or stolen each year is in the millions. Sure, it's easy enough to get a replacement. Sure, they can be expensive to replace, but have you ever thought about the true value that device is worth?Read More
Working in the information security field, I am often asked a rhetorical question like, “is anything safe from getting hacked?” My answer is yes. But it is important to examine this a little closer to ensure you’re taking the proper precautions to protect yourself and your information.Read More
Whether it’s a compromised email, ransomware, mail theft, or other criminal attempt, fraudulent schemes continue to trend upward and can cost businesses and consumers alike. Preventing fraud requires vigilance from every employee to protect your company’s finances and information. Here are some tips to help protect your business and yourself.Read More
Instances of fraud have continued to rise in recent years, and it can often seem like scammers are able to stay one step ahead of their victims. As new schemes continue to emerge, it is important for consumers and businesses to remain vigilant to protect their information and bank accounts. Here are some recent fraud trends and tips to help protect yourself.Read More