by Dr. Daniel Osafo Harrison, DCS, C|CISO, CISM, CISA, Security+

The explosive rise of social media has inundated web users with an abundance of information. Social media platform provides the avenue for people to interact with each other, share ideas, and consume information. Although social media can be a great way to connect with family, friends and others.it can also pose many dangers. Let’s explore these dangers of social media.

Introduction

The proliferation of the internet coupled with the rise of social media has changed how we communicate over the digital media. While Facebook, Instagram, Cafemom, Classmates.com and other social media sites provide a platform to interact with each other, build relationships with people we meet on the web, and enable us to stay in touch with our friends and families. This new-found socialization can be detrimental in the bigger picture. For example, when people air their entire life on social media because they think it’s cool, this action may come with a hefty price: your intentional or un-intentional actions may lead to exposing sensitive information that can be utilized by cybercriminals to cause grave damage to your organizations.

Living your entire Life on Social Media

Avoid revealing too many details about life on social media. Where you work, your families, your political views, your religious views and so forth can be used to harm you, your family, and the organization you work for. Details learned about you on social media can be used against you.

  • Giving away your cognitive password to hackers on social media

Use of a cognitive password involves answering challenge questions such as “what is your mother’s maiden name, the name of your dog, childhood nickname, city you met your significant other and so forth”. Be care about posting how wonderful your dog “spike” is and how you met Stacey at a bar in Des Plains Illinois”, I hope you get the picture. You just provided the entire world with the clues to your cognitive passwords. I guarantee you that hundreds of hackers are so happy to have you as their social media friend. Now all they must to do is use this information to gain access to your system and possibly your company network since you are either using the same credential for all your social media accounts or a variant of it.

  • Use of your stolen credentials to gain access to your home or company system

According to a British newspaper “The Daily Mail” December 5, 2013 edition, hackers may have compromised 326,000 Facebook accounts; 60,000 Google accounts; 59,000 Yahoo accounts and 22,000 Twitter accounts. These stolen credentials were found on a server used to control a network of hacked computers called ‘Pony botnet’. Details learned about you on social media can be used against you. Things you post can attract cybercriminals to you, and this information can be used to guess your credentials. Most people prefer to use the same password across many social media sites and use the same password for their corporate system. Avoid using the same social media login password for your work computer as you do for personal accounts.  Such negligence can lead to data breach which can have an adverse impact on your organization.

  • Using your account against you and your organization

Now that the attackers have your credentials, they can inflict a lot of damage to you in many ways. For example, a hostile attacker can encrypt all critical proprietary information, such as research and development documents, engineering design documents, key performance indicators documents, project management documents and deny all access to these documents unless you or the organization pays a huge sums of money. This type of behavior allows the hacker to hold the information for ransom.

  • Identity Theft

Your personally identifiable information can be stolen just by having social media accounts. Criminals can use your stolen credential to access your bank account, steal your hard-earned money to buy a car in your name, and even get a job with employment history and education (pretending to be you). Additionally, criminals can impersonate you and/or your friends on social media.

Using your account against you and your organization

Now that the attackers have your credentials, they can inflict a lot of damage to you in many ways. For example, a hostile attacker can encrypt all critical proprietary information, such as research and development documents, engineering design documents, key performance indicator documents and project management documents. Attackers can deny all access to these documents unless you or the organization pays a  huge sums of money. This type of behavior allows the hacker to hold the information for ransom.

Everything can be traced back to you

Nothing is private on social media. What you post, like, share, or view can be traced back to you. Remember that deleted posts are recoverable. Be careful while on social media sites and don’t participate in posts that could put you in an ethical dilemma.

Conclusion

In a nutshell, social media brings us the ability to socialize from our keyboard using smart devices, but it also comes with a hefty price if care is not taken. Socialize wisely, protect yourself, your love ones and your job against social media dangers

References

Pierluigi Paganini (2013, Dec). Two Million Social Media Credentials Stolen by Cybercriminals. Retrieved from http://securityaffairs.co/wordpress/20219/cyber-crime/two-million-credentials-stolen.html

About the Author

Dr. Daniel Osafo Harrison, DCS, C|CISO, CISM, CISA, Security+

Dr. Harrison is a Doctor of Computer Science in Information Assurance, Cybersecurity Manager/ISSM for Industrial Control Systems and Laboratory Information Systems at Bechtel Nuclear Security & Environment. Dr. Harrison is also a member of the Cyber Security Team at Pueblo Chemical Agent-Destruction Pilot Plant for the Department of the Army.

Dr. Harrison functioned across the enterprise as a subject matter expert and lead technical liaison between governance and information assurance, regulatory compliance and managed cyber-security solutions. Dr. Harrison can be reached at daniel@docharrison.org, and https://www.linkedin.com/in/dr-daniel-harrison-dcs-cciso-cisa-cism-sec-38459015/