Blog & Tools

Social surveys, trendy posts can be social engineering risks

Computer screen receiving likes, hearts and other social recognitions

I didn’t share my senior high school photo on Facebook recently to support the Class of 2020 as they finish out their high school careers at home. Mainly because I was too lazy to search for the physical photo and take a picture of it with my phone — that’s how long ago I graduated high school.

While it was fun to see people showcase the fashion and haircut choices of their senior year, many of them questionable, it was also a reminder of the information hackers can gain by sharing something that is seemingly fun. By searching for #ClassOf2020 or #SeniorPhotoChallenge, hackers could find out your high school, graduation year, hometown, maiden name, best friend, or any other personal details you included.

Why does that matter? Think about the security questions you use to log into your secure accounts. What was your first car? What was your high school mascot? Who was your childhood best friend?

It’s called social engineering. In the context of information security, it’s the use of deception to manipulate people into divulging information that could be used for fraudulent purposes. It’s basically tricking someone to tell you something innocent that could be used to steal an identity or more.

Since mid-March, I’ve been working from home and participating in the education of my elementary school-aged children. Admittedly, we’ve all spent a little more time on our screens during this time: some for work or school, some to fight boredom since we’re not going anywhere. It’s given me the opportunity to have conversations about our Wi-Fi passwords, staying safe online, the cameras on our devices, what is age-appropriate for the kids to access electronically, and an ongoing conversation about why they feel I should allow them on TikTok.

As my own in-home IT person, I don’t claim to know everything I should be doing to ensure our safety as a family or the best way to keep safe the information I share with clients. I recently watched the Cybersecurity For Remote Workers workshop hosted by the Greater Sioux Falls Chamber of Commerce members. Jake VanDewater, vice president of engineering, operations and IT for SDN Communications, shared tips to help with cybersecurity while working from home. He talked about setting up strong passwords and security for your personal Wi-Fi and home office setups.

  1. Cybersecurity Posters v.4
    Helping employees understand cyber threats arms them to protect themself and your business. Download our free posters to print and educate your employees.

Your IT team can set up your network to be secure and protected, but if you open the door to a phishing scam, there’s no telling what information hackers will find and use for nefarious purposes. The details you make public can be used to target you and gain access to your business and personal accounts.

Maybe you haven’t used your high school mascot for any password retrieval options. It’s still important to make sure you’re on top of your security game.

Consider what people can see on your social media profiles. If your account isn’t locked up, hackers can find out a lot more.

Do a “Privacy Checkup” on Facebook. Review who you’ve authorized to see what you share, how people can find you on Facebook, and which apps you’ve authorized to use Facebook as a 3rd-party log-in.

I recently did this on all my social profiles because it had been a while. I thought I had things locked down, but they weren’t as tight as I’d wanted.

Like all of us, I’m looking forward to being more social instead of talking about social distancing. Our natural tendencies as humans are to share information — like senior pictures or listing every car we’ve owned — and be, well, social. It’s a good reminder to regularly think about what you’re really sharing when you’re using social media. If it gives you pause, perhaps pass on that trend.

The jury’s still out on TikTok.