CISO Perspective: Using Social Media Safely

By Robert Eastwood | Published: August 2022

Social media is a great way to connect with friends and family, share news, pictures, where you are visiting, you name it. We are quick to tap that button and share what's going on!

While social media can be fun and a great tool for personal and professional use, it needs to be used properly to keep you, your friends, and your company safe.

Did you know that someone can collect your location information from a picture you post? It's a little thing called metadata that imbeds your longitude and latitude coordinates right in the picture. If you are using a mobile device with GPS, turn off your GPS before you take the picture.

You might say, “well I keep my settings private when I post.” And that is an important practice. Social hackers will try to friend you or your friends to learn more about you. If the hacker can connect to enough of your friends, you may be more likely to accept their friend request believing that they are truly “friends of friends.”

Attackers target professional social media sites to gain as much information about a business they wish to target. If you think about it, it is easy to search for a list of employees, see what positions they have with the company, and collect email addresses for targeted phishing attacks.

Ever have your password guessed? If you, like many people, create passwords based on things that are familiar to you like a family or pets name, where you work, or favorite place to eat, it’s likely in one of your posts. Social media hackers collect this information to try and guess your passwords. If you aren't using multifactor authentication...you could be compromised.

So, what else can hackers do with the information they have gathered?

Lots of bad things! They can contact a business and trick employees into providing sensitive information. If the attacker has gathered enough information about the company, they can seem completely legitimate.

Phishing attacks are another easy way hackers can trick you into clicking a link that could steal your password or infect your company with malware. In some cases, hackers can modify malware that is customized to breach your company's data because they have collected enough information about the business operations.

Here are a few tips to remember:

• Manage your social media privacy settings. These settings change relatively frequently so make sure to set them to your preference.
• Turn off GPS when taking pictures that you intend to post to social media.
• Use strong and unique passwords.
• Use multifactor authentication where and whenever possible.
• Review and narrow down your social media “friends” to reduce fake friend requests.
• Watch out for “catfishing.” This is when a fraudster creates a false online identity to trick you into associating with them or doing business with them for the purpose of stealing or victimizing.
• Limit what personal information you post to social media. The more you post the easier for someone to steal your identity.
• Report fake accounts or harassing activities to the site administrator.

Always be mindful of what and how you post on social media. Take time to research best practices for safe social media use. Remember, once it is out there...it is out there.

That is a CISO perspective.

---

About the Author – Robert Eastwood
Robert Eastwood is Senior Vice President, Chief Information Security Officer at WSFS Bank. He has more than 24 years of experience in the information security field, including nearly 20 years at WSFS, most recently as Vice President, Information Security Officer, where he developed and executed a multi-year strategic plan for Information Security. He also holds a number of professional certifications and memberships in the Information Services, IT and financial services fields.