Cyber Security Today – Don’t help hackers get into your firm

Don’t help hackers get into your firm

Welcome to Cyber Security Today. It’s Monday August 5th. I’m Howard Solomon, contributing reporter on cyber security for ITWorldCanda.com.

Today’s a civic holiday in many Canadian provinces, so if you’re enjoying a day off, thanks for listening.

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

Posting wonderful events about your job on Facebook, Twitter and other social media sites may be great for your friends and relatives, but if you don’t lock down your privacy settings these snippets are also great for hackers. Proof comes from a recent blog on the site Fast Company by Stephanie Carruthers who works for an IBM team hired to test the cyber security of companies. You might think penetration testers look for vulnerabilities in routers, switches, servers and software to hack their way in. And they do. But like criminals, they also want to see if employees are vulnerable to being suckered. Social media postings can be used as weapons against you and your company.

Think about this: Carruthers says lots of information she finds for her security tests comes from interns or new hires who are too eager who share news about their luck. They’ll post anywhere, including on sites with hashtags that starts “firstday,” “newjob,” or “intern.”

What could be a threat? Here’s a few examples: Posting a photo of you and your new colleagues in the office. In the background is a poster announcing an event — say, an upcoming company softball game. A hacker would use that to craft an email to anyone on staff with a convincing message, and include a link to malware. Worse, that notice on the bulletin board could be a shared password.

Some employees proudly post photos of their spanking new ID card. Now a criminal can make a copy. People post photos of their desk. That lets criminals see computer screens that tells them what software the company uses and helps them craft attacks. People do video blogs toting a camera through the halls of where they work. That lets criminals know the layout.

Don’t complain about the company online in a forum. Even if you don’t use your real name it lets a hacker craft sympathetic email messages to make employees think she’s one of them — and include a malicious link.

Companies need to warn new employees about the dangers of posting as soon as they are hired, and not wait a couple of weeks for them to get settled, or for the next scheduled security awareness meeting.

And you, listener, need to think carefully about what you post.

That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cyber security professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening. I’m Howard Solomon

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

ITWC podcast network

Subscribe to ITWC podcasts and never fall behind on the conversation in technology again. Our daily podcasts are perfect to add to your smart speaker’s daily briefing or to your favourite podcast app on your smartphone. 

Cyber Security Today Podcast

#Hashtag Trending Podcast