This article first appeared in Digital Edge, The Edge Malaysia Weekly on April 24, 2023 - April 30, 2023
“Sharing is caring”, the well-known phrase, has a nice ring to it but in the digital realm, it can take on a whole new meaning and severely backfire.
According to a recent report, Asia-Pacific retained the top spot as the most cyberattacked region in 2022 for the second consecutive year, accounting for 31% of all incidents remediated worldwide. And social media plays a key role, especially with cybercriminals viewing users as an unquestioning and even naïve audience that can be influenced to carry out actions without thinking of the potential consequences. In fact, bad actors use social media to exploit the trust factor associated with human relationships and then launch attacks via other channels.
In Malaysia, the number of social media users at the start of 2022 was equivalent to 91.7% of the total population. That’s a lot of people to educate on the dangers of sharing too much information online. And, without proper cyber awareness, millions of Malaysians are at risk of having their personal data, such as name, phone number, address, and even their location stolen and used for identity theft or the creation of fake identities. How is this possible?
Social media is primarily about sharing information related to both our personal and professional lives. We share everything from our birthdays and anniversaries to our children’s names, our friends’ and co-workers’ names, what we like, what we are doing at work and lots more. In essence, people overshare information in the public domain.
The term “sharenting” — derived from the words “share” and “parenting” — refers to parents who frequently post photos and other details about their children online. This practice is concerning not only for the parents and their children but also for their employers.
Sharing photos of children’s birthdays and special moments can pose real and direct security risks to parents, children and others in their immediate personal and professional circles, including their colleagues and employers.
For example, if a parent posts a photo of a child’s birthday outfit outside their school, it reveals information about the child’s age, location, the school they attend and more, which cybercriminals could potentially access and use in their attacks. Or, if a parent posts a picture of their “take-your-child-to-work-day”, anyone watching would suddenly have multiple data points about that parent, which could be weaponised by threat actors to improve their attack methods.
As per Mimecast’s State of Email Security 2023 Report, 77% of respondents believe their organisation is at risk of an employee making a serious security mistake because of oversharing on social media.
So how can individuals and organisations be mindful of the risks associated with social media oversharing?
Information that would usually be hard to find is laid out in the open for cybercriminals to access because of our tendency to share every detail of our lives, thus exposing us to much more danger. This makes it easier for cybercriminals to create profiles of their targets as more personal information is shared on the internet, which is then utilised to create and carry out sophisticated social engineering and other types of cybercrimes.
Such attacks have the potential to jeopardise the cybersecurity of not only the individual but also the people around them, including their employers. Our research found that eight out of 10 respondents believe their company is at risk due to inadvertent data leaks by careless or negligent employees.
One of the great dangers of sharing information online is that, once something exists in digital format, it “lives forever” and is largely out of one’s control. This makes it more likely that, at some point, the information will fall into the wrong hands.
In the case of photos and other information shared on social media, all it takes is for threat actors to develop online personas that can connect with a person’s social media profiles, giving them full access to the inner workings of the person’s life.
Given the risks involved with online sharing, internet users should take note of these tips:
• Never reveal intimate personal details about where they live, where they work or where their children go to school.
• Avoid posting photos from an office that can provide insight into the company’s security measures, as threat actors could use this information to circumvent the company’s defences.
• Always remember that the internet doesn’t forget. Your digital footprint lasts forever and anything posted online is likely to remain there indefinitely. Take care therefore to consider whether that photo or social media post could create risks to you or those in your immediate circle, including your employer.
With the rise of social media, the line between the personal and business worlds is blurring. Posts on business-oriented sites are becoming more “social” and employees and organisations are inadvertently leaking sensitive business and personal information. For example, a job advertisement for a firewall engineer with very specific requirements reveals to a cybercriminal important information about your choice of security vendors and where there are gaps in your cyber skills, information that they can’t easily obtain elsewhere.
Information that is freely shared on social media channels creates ammunition for cybercriminals to launch attacks on consumers, businesses and public infrastructure.
Organisations therefore need to prioritise regular and ongoing cyber awareness training that can equip employees with the necessary knowledge to avoid risky online behaviour.
Stanley Hsu is the regional vice-president of Asia at Mimecast, an email security company that provides services to protect email from threats such as spam, malware and phishing
Save by subscribing to us for your print and/or digital copy.