The need to think carefully about the information we share on online and how it can be utilised by cybercriminals has been a key recent discussion point of Redscan’s Chief Technology Officer, Andy Kays.
Writing in International Business Times, Andy stresses the need for individuals to think twice before posting personal and/or corporate-sensitive information on social media sites such as LinkedIn. ‘When you view LinkedIn through the eyes of a cybercriminal, you quickly see how its features, and more importantly your data, could be used against you’, he notes.
Recent reports about Facebook’s ‘secret file feature’ have reignited the debate about how much information social media companies are holding on account holders. People using the platform’s archive feature to export their personal usage history have expressed concern at the wide range of data being gathered, which typically includes message and chat histories, locations checked into, sensitive documents, and even details of details of financial transactions.
‘People have a right to be concerned about the data that companies like Facebook hold on them,’ Andy told Newsweek. ‘More often than not, however, users are complicit when sharing personal information via social media and rarely consider the long-term consequences of their actions.’
Minimising security risks on social media
To reduce the risk of personal information being used by hackers to compromise accounts and inform social engineering attacks, Andy recommends that users regularly evaluate the reasons they use online services and establish the minimum amount of information that needs to be divulged to obtain value and or enjoyment from each respective platform.
“Do you really need to post information about where you were born, for instance – a common security question used by many websites?” he asks.
Locking down privacy settings to ensure that only connections see sensitive details and declining contact requests from strangers are additional pieces of advice to reduce the risk of sensitive data falling into the wrong hands.
Improving cyber awareness and training
Initiatives such as Safer Internet Day, held on February 7th, are hugely important in helping encourage responsible use of technology. Teaching safe and positive use of digital technologies from an early age is vital, Andy told Computer Business Review.
The announcement of the UK Government’s Cyber Skills Immediate Impact Fund, designed to help organisations ‘develop, scale up, or refocus cybersecurity training initiatives’ is also welcomed.
Under the pilot (CSIIF) scheme, organisations will be offered awards of up to £50,000 to build a sustainable supply of home-grown cyber skilled professionals, an objective Andy believes is important to help bridge the IT security skills gap.
He told the New Statesman: “Too many organisations seem to think that their cyber security problems can be solved with technology, and while utilising the latest tools is important, there is no replacement for well-trained staff and the expertise of experienced cybersecurity professionals.