In the midst of posting your name, pictures, and background on social media sites, did you ever consider who your information reaches, beyond your family and friends?
Just last week I posted a picture on my Facebook account. It was a picture of my childhood dog and me. I posted the old photo with the caption, “Me and Charlie.” I watched the likes pile up; it is hard to just scroll past a dog as cute as Charlie without showing some sort of appreciation. Since this is the type of content I am regularly posting on Facebook, it’s silly to think that if I was hacked, a hacker could have anything to gain from a picture of a young boy and his dog. A hacker does not use the Internet with the same innocent intent that most people do. Someone who has just obtained my childhood photo and read the caption can now answer the security question, “What was your first pet’s name?” A correct answer to a security question is a first step to accessing more valuable information. A credit card can be canceled in a quick phone call. Even your social security number can be changed if your original number has been stolen. The “small” information that has been obtained from Facebook, like your first pet’s name, is information that can never change.
The Internet has brought us forms of entertainment, communication, and convenience that seemed unthinkable a couple of decades ago; the newest season of your favorite TV show is at your fingertips, your friend who lives an ocean away is easily accessible from your pocket, and even something as important as banking has been reduced to just a few clicks. Unfortunately, like all major advances in society, the Internet has its own setbacks, which we are recently discovering have major consequences.
Information security has been in the news recently due to Facebook’s massive breach. The data, including name, gender, birth date, relationship status, religion, location, and recent search history, of 14 million Facebook users was obtained from the breach. An additional 15 million users were affected on a smaller scale, only their names and contact information had been obtained. This is no insignificant breach; a combined 29 million people using Facebook had their information obtained. As of 2010, the three largest cities in the United States; New York City, Los Angeles, and Chicago, have a combined population of slightly over 15 million people, only a little more than half of the amount of Facebook users whose information was obtained.
It may seem like the information obtained, while personal, is not exactly valuable. After all, it is not like bank account, credit card, and social security numbers were taken. To the untrained eye, only a small amount of information is being taken. What obtaining information from social media really provides for a hacker is information that is nearly 100% percent accurate since the users are entering it themselves. Unfortunately, the information taken was not as trivial as most people believe.
Data is going to be an ever-growing part of our society, but data breaches do not have to be. The options for data privacy are growing along with our data. One of the easiest and most important steps to take towards privatizing your data is building awareness of cyber security within your company. Whether your company is centered around dealing with large multinationals, or even smaller organizations, educating your employees on just how valuable even the simplest information can be would open their eyes to just how serious a breach in company data can be for both employees and customers.
It is important that every employee who is dealing with data is involved in protecting that data. If an employee is handling data, they should know exactly how to encrypt the data. Generating strong passwords and properly storing data are the essential methods that should be taught to all employees. Something as simple as a strong password and a multi-step identification system can keep hackers at bay, since they know there are companies that are much less prepared, thus being more prone to having their data stolen.
It may not be popular around the office, but limiting the type of websites that can be viewed on company computers is a highly effective way of preventing data breaches. Websites that do not relate to an employee’s daily activities may contain malware. An employee’s personal email account may receive a link from an unknown sender. If your employee is ignorant to data breaches and clicks on the link, it may put the whole company at risk.
Hiring a cyber security specialist is the best practice for a company dealing in data of any size. They will come to your office and give presentations on the importance of protecting the company’s data. Properly educating your staff is your best chance at avoiding a data breach and protecting the security of your company and your employees.
Written by Jim Bachert, Director Compliance Learning – West Coast US, Interactive Services.
For more information contact Becky Murphy (firstname.lastname@example.org), Client Engagement Manager, Interactive Services.