(866) 410-1356 sales@totalcloudit.com

Over the last few years there have been a few, very significant breaches that have had a profound effect on how organizations started to look at security and data breaches. Among others, Equifax in 2017 was a direct attack on consumers financial profiles. Hefty fines ($575M) and penalties forced Equifax to take major internal action. In 2018, Facebook was challenged with not securing over 3M users accounts and leaving them exposed for over 4 years. Suffice it to say, in 2019 Facebook was levied a record breaking penalty from the Federal Trade Commission (FTC) for $5B due to charges that the company deceived users about their ability to control the privacy of their personal data.

Now comes 2020 and on top of everything we have had to face, another large breach was taking place. It is important to understand that as attacks and breaches have evolved, so has the attack vector – social media. Social Media is so well established, we are not seeing the exponential growth of attacks, but because the amount of data that is shared across those networks it makes them a continued green field for bad actors.

Here are some interesting facts about how prevalent social media use is: 

  • The average user spends 1/3 of their waking lives using the internet

  • Out of the 4.2B internet users worldwide, approximately 3.2B are social media users (76%)

  • Facebook accounts for 57% of all social content sharing, and they add about 6 new users every second

  • Snapchat stories are viewed 10B times a day

  • There are 500M tweets every day

  • Due to current social distancing rules, children are communicating via social media at an increasing rate.

In August of 2020, a technology research group exposed the breach of over 235 million Tik Tok, Instagram and YouTube user accounts due to an unsecured database. This database was then “scraped”  and made available the users’ personal and demographic information. This also included business accounts using these platforms. Although Personally Identifiable Information (PII), email and passwords were not exposed, this data, in the hands of cybercriminals, can be used to create synthetic identities (fakes ones that include pieces of real information). These fake identities can lead to accessing more personal information and targeting of personal and business contacts through social engineering, such as phishing and/or sold on the dark web.

This prompts consideration of how you are currently using your technology and what you can do to keep yourself, your family, and your company safe from social media identity theft and a corporate breach. 

 

  • Control what you share – limit the amount of personal information you share. Also be wary of social posts and ads that appear in your timeline. Don’t accept request from people you don’t know.

  • Separate your personal and business data. By separating it, you can “containerize” a threat that comes from a personal app, but doesn’t infiltrate any of your business apps.

  • Change your password more often or move to a 16 or 28 character that includes three different types of characters –   Almost half of Americans, 47%, use the same passwords over and over again, according to PCI Pal. This can cause problems in a data breach: Only one account may be compromised, but if you’ve used that same password in several places, you’ll need to change all of them.

  • Enable Multi-Factor Authentication – Users should use two-factor authentication to log into their accounts, which generally requires users to not only enter a password, but also confirm their identity by logging onto their phone or entering a code texted or emailed to them  

Our social media accounts, if not protected, can serve as a gateway for cybercriminals to steal personal information, leading to identity theft and financial loss. At home, at work, and on-the-go, we are transmitting data and PII via social media. As we continue to work from home, use personal devices across the personal and business boundary, the potential that a personal hack turns into a business breach grows exponentially. The best defense is to be proactive with protecting your identity.
 
Be smart and be safe.

 

George Phipps,  

President | COO