As the saying goes, “it all starts at home.” Cybersecurity and risks do too. A recent study by Tessian has released shocking details on the reality of the lack of caution by workers. Over 93% of workers casually overshare personal information online.
What’s the big deal? They’re just useless social media posts. Believe it or not, the information your workers may be posting is not useless at all to a con artist or a keen hacker.
What is a Social Engineering Attack?
There was a 15% increase in social engineering attacks during the last half of 2020 according to Tessian. It’s important we know about these types of attacks due to the alarming increase in recent months.
Social Engineering Attacks is a term used when a would-be hacker uses psychological manipulation through human interactions to trick someone into providing sensitive information.
How does a social engineering attack happen?
It can happen to anyone. It can happen to your workers who overshare online and more specifically social media. Here are some hard cold facts published by Tessian.
- 84% of people post on at least 1 social media platform a week.
- 42% of those people post at least once a day.
- 50% share sensitive information about their children, such as names and pictures.
- 72% of people willingingly share birthday information. (parties, cakes, celebrations, etc)
- Over 55% of people who use facebook have it set to public.
- Only 33% use private Instagram profiles.
- 93% of people surveyed make some sort of update about their job status. (eek!)
- 36% of those 93% share info about where they work.
- And 26% of those 93% share information about their co-workers or customers.
As you can see by some of these figures, it is quite easy for someone (a hacker) to infiltrate your social circle.
If you have a public profile and make a status update on facebook that you are out for a few drinks with Mayra from accounting, how easy would it be for a hacker to create a social media account and add you on facebook claiming they know Mayra?
It’s quite easy after a hacker realizes someone from your organization overshares information on social media. They could potentially have access to your daily routines, your birthday information, name of children, partners, friends and coworkers.
After they have built up a pretty decent profile on you, the attack happens. They could either befriend you or a friend or coworker and once the trust is secured, they will manipulate you or others to give up sensitive information.
Let’s talk about your Out of Office Email
One of the worst practices is putting way too much information on your out-of-office email auto responder.
It’s exciting to set one up on Friday right before taking off on your family vacation. Most of the time, you’ll set it up so that you provide an alternative contact within your organization. Or maybe provide an emergency contact phone number which is your personal phone number most of the time.
The reality is, you’ve just given a potentially malicious person access to where you’ll be, for how long and contact information for someone who actually exists within your organization. They can easily use this information to leverage information from you or others within your company while you’re out on vacation.
Oversharing Online Awareness
The report mentions that less than 54% admit to actually checking where the email is coming from before making clicks or downloading attachments. This could become a huge security concern for you and your organization.
It’s important to spread awareness within your organization on how “insignificant” a birthday post, a new job announcement or a nice outing with friends may seem but can be just a small piece to a larger picture with a hacker, who has nothing but time on their hands to find their next victim.
It may also be a great idea to teach your workers on the importance of privacy on social media platforms and how to set them up correctly to lower risks of sensitive data being leaked publicly.