You should think twice before you snap and share that office selfie or group photo at work. Hackers are trolling social media for photos, videos, and other clues that can help them better target your company in an attack.
Social media posts are a goldmine for details that aid in cyber attacks. What you find in the background of photos is particularly revealing–from security badges to laptop screens, or even Post-its with passwords. No one wants to be the source of an unintended social media security fail.
The first thing you may be surprised to know is that 75% of the time, the information hackers are finding is coming from interns or new hires. Younger generations entering the workforce today have grown up on social media, and internships or new jobs are exciting updates to share. Add in the fact that companies often delay security training for new hires until weeks or months after they’ve started, and you’ve got a recipe for disaster.
Knowing this weak point, along with some handy hashtags, allows hackers to find tons of information they need within just a few hours.
So, what exactly are they looking for in these posts? There are four specific kinds of risky social media posts that a hacker can use to their advantage.
Posting a photo of you and your office besties, whether it’s on a lunch break, doing some sort of social activity, or otherwise, may be revealing more than you imagine. Think about the types of posters or whiteboards that are up in shared areas of the office. A poster about “Team Softball League Starting Soon” means you won’t be suspicious if a hacker sends you an email with a link to the latest team schedule. Trust us, it won’t be a link you would want to click.
This may seem obvious, but you’d be shocked to know how many times new employees post close-up shots of their company security badges, particularly on the first day or last day at the office.
Knowing what a company employee badge looks like makes re-creating one a breeze. Hackers can copy, paste, and print an identical one with their own face swapped in within just a few minutes. While this badge may not work for access, you’d be surprised how easy it is for me to simply flash a badge and a confident smile to tailgate my way through the doors of a company.
Day in the life
When an employee decides to video-blog their entire day at a company, you’ve hit the hacker jackpot. From knowing the building layout and badge-protected areas to whiteboards revealing company plans, this type of view is almost as good as breaking into the company in real life.
Not only that, but laptop screens reveal the types of security tools and software being used, which can be used to tailor an attack by creating custom malware disguised as a fake software update.
In today’s review-driven culture, even your own company is on the chopping block. Whether through Glassdoor, job boards, or social media sites, learning what issues are currently making employees tick can help hackers craft a phishing email that plays to their complaints and desires.
After hearing some of these examples, you may wonder why a hacker would want to get into your office in the first place. In short, being within the four walls of an office gives you the keys for gaining trust and access. From shared credentials on whiteboards to Wi-Fi passwords posted in plain sight, being onsite breaks down the walls that divide them from your company data and secrets. Social media posts can even reveal enough that they don’t need to actually visit your company to get the information.
So, before you click share on that next work-related post, think to yourself, “What’s in this post that I wouldn’t want a hacker to know?”