Posting wonderful events about your job on Facebook, Twitter and other social media sites may be great for your friends and relatives, but if you don’t lock down your privacy settings these snippets are also great for hackers.
Proof comes from a recent blog on the site Fast Company by Stephanie Carruthers who works for an IBM team hired to test the cyber security of companies. You might think penetration testers look for vulnerabilities in routers, switches, servers and software to hack their way in. And they do. But like criminals, they also want to see if employees are vulnerable to being suckered. Social media postings can be used as weapons against you and your company.
Alot of information comes from interns or new hires who are too eager who share news about their luck. They’ll post anywhere, including on sites with hashtags that starts “firstday,” “newjob,” or “intern.”
How can this be a problem you ask? Consider the following:
-Posting a photo of you and your new colleagues in the office. In the background is a poster announcing an event — say, an upcoming company softball game. A hacker would use that to craft an email to anyone on staff with a convincing message, and include a link to malware. Worse, that notice on the bulletin board could be a shared password.
Some employees proudly post photos of their spanking new ID card. Now a criminal can make a copy. People post photos of their desk. That lets criminals see computer screens that tells them what software the company uses and helps them craft attacks.
Companies need to warn new employees about the dangers of posting images from their desk and workplace
I remember the time the internet went wild when Mark Zuckerberg conducted an interview from his office. Apparently. his laptop was in plain view and he had a piece of tape covering the laptop camera. This lead people to conclude that even he was concerned about privacy and hackers.