Social media oversharing is putting organisations at risk

Safer Internet Day is observed every year on the 7th of February and is a day that aims to raise awareness of emerging online issues and current concerns. Since social media is a significant part of our daily lives, it is important to understand the dangers of sharing too much information online. This Safer Internet Day, perhaps it’s time to reflect on whether our propensity for sharing every detail of our lives, and the lives of our children, is putting us, our families, and even our employers and colleagues at risk.

“Sharenting” — the trend of parents sharing photos and other details about their kids online — is of particular concern not only for the individuals and their children but for their employers as well.

With the rise of social media, the line between personal and business worlds has become less clear. Posts on business-focused platforms are becoming increasingly personal in nature, leading to the inadvertent disclosure of sensitive information both by employees and organisations. For instance, a job advertisement for a firewall engineer with very specific requirements can provide valuable insight into an organisation’s security vendors and areas where their cybersecurity skills are lacking. This information can be easily exploited by cybercriminals, as it is freely shared on social media channels, further fueling the cybercrime industry’s attacks on consumers, businesses, and public infrastructure.

To protect against these risks, it is crucial for both individuals and businesses to be mindful of their social media activity. Here are a few tips to help stay aware of the dangers of oversharing on social media:

  1. Weaponising our personal data
    Our tendency to publicly share personal and professional information online can reveal intimate details about ourselves that cybercriminals can easily exploit. This can include our location, date of birth, occupation, place of work, hobbies, and even our travel plans, making us vulnerable to potential threats.

    The widespread sharing of personal information on public platforms makes it easier for cybercriminals to create profiles of potential victims and launch sophisticated cyberattacks using social engineering tactics. These attacks can compromise not only the security of the individual but also their family, friends, and, in particular, their employer. In a recent survey, 89% of Singaporean respondents in Mimecast’s State of Email Security 2022 report expressed concern over employees exposing company information through excessive sharing on social media, resulting in potential security breaches.
  1. Online permanence calls for greater awareness of risks
    Posting information online can have long-lasting consequences, as digital content can persist indefinitely and be easily accessible to unintended audiences. This increases the risk of sensitive information being misused or falling into the hands of cybercriminals.

    The sharing of photos and personal information on social media platforms makes it easy for cybercriminals to gain access to a person’s life. By creating fake online profiles, they can infiltrate and connect with a person’s social media, exposing private details and potentially putting their security at risk.
  2. ‘Sharenting’ poses additional risks
    Sharing photos of children’s birthdays and special moments can pose real and direct security risks to parents, children, and others in their immediate personal and professional circles, including their colleagues and employers. Posting seemingly innocent information on social media, such as a child’s birthday outfit and location, can inadvertently disclose sensitive details that cybercriminals can exploit. For instance, revealing a child’s age, school, and location could potentially leave them vulnerable to cyberattacks.

    Sharing pictures or details about children on social media can unwittingly provide valuable information for cybercriminals to exploit. A seemingly innocent photo from a Take Your Child to Work Day, for instance, could reveal personal information about the parent and the child, including workplace and location. This information can be used to enhance attack methods and even commit identity theft.

Given these concerns, parents — and internet users in general — should:

  • Never reveal intimate personal details about where they live, where they work, or where their kids go to school.
  • Refrain from sharing photos that could reveal details about the company’s security measures, as threat actors could use this information to breach company defences.
  • Always remember that the internet doesn’t forget; anything posted online is likely to remain there indefinitely. Exercise caution when posting photos or information on social media, as it may pose potential risks to you and those in your immediate circle, including your employer.

Organisations must prioritise implementing regular and comprehensive cyber awareness training for their employees, to equip them with the necessary skills and knowledge to avoid engaging in risky online behaviour.