Data privacy is in the headlines again as social media giant Facebook comes under scrutiny for the way in which it protects user data. It also highlights another issue; how are third parties using our data?
With the vast majority of people and organisations using social media accounts, there is a tonne of information easily accessible. Businesses use it to advertise their products and individuals connect with their friends and families to create a wealth of data.
Social Engineering practices have been used by malicious individuals since social media came into existence. Unsecured social media profiles can make a hacker’s job a lot easier if they can glean certain details. They can learn who the best people in an organisation are to target with spear phishing attacks or learn employee job roles, addresses and contact information.
You can reduce these types of threats by securing your profile correctly. Never share sensitive information in any posts and be sure to restrict who can see them. Ideally, your social media profile should be set so that only the people you trust can view it. Posting phone numbers, addresses or pictures of your workplace should be avoided at all times.
For organisations using social media for marketing purposes, they should avoid posting any sensitive information and should keep a close eye on their profile(s) for any signs of hostile reconnaissance taking place.
This latest news story, however, raises the wider issue of third-parties and social media platforms. Facebook has long utilised third-party apps such as games and surveys.
Most third-party apps ask permission to gain access to an individual’s profile including their contacts. Many apps claim they need to do this in order to provide the user with a better experience, but this is difficult to verify.
As in the case being reported in the mainstream media, a third-party organisation was able to harvest millions of profiles via the use of a third-party app and is accused of allegedly using illegally gathered data to target political messages at specific accounts.
Incidents of third-party plugins and apps being used for dubious reasons was highlighted earlier in the year with the news that many websites from around the world were affected by a malicious code called Coinhive being injected into a website plugin called Browsealoud. The plugin is used to help visually impaired people use websites. For more on that story click here.
It’s not just third-party apps on social media that you need to be aware of. Many of the apps available for smartphones also glean data from their users and require access to your contacts and other details which could potentially be used for malicious purposes.
Want to learn more about how XQ CyberScore can help secure your business? Visit our website at www.xqcyber.com/cyberscore and if you want to give yourself the very best protection against cyber security threats try our Cyber Score software for free now.