In last week’s Behave Series blog, we explored phishing simulations, and how to put them to work in your organization.
This week, we’re staging an intervention. Because you’ve just got to stop revealing so much of yourself to Internet strangers. Oh, and, we’re talking about data—get your mind out of the gutter! So, let’s dive into social media data privacy.
Public social media profiles and posts facilitate cyberattacks. That’s just a fact. But it’s not an inescapable one. By regularly reviewing our social media settings, we can reduce the risk of fraud and identity theft.
Of course, just because something is simple, doesn’t mean people are going to do it. That’s why we’re always going on about how security awareness doesn’t change behavior.
Why is social media so powerful?
As social creatures, we naturally want to connect with others. For the majority of us, coming together to share and communicate is hugely rewarding. And that facet of human nature is the driver behind the success and ubiquity of social media platforms. Social media is our digital watering hole, the center of our social lives—and cybercriminals know it.
Every time we use the Internet, we leave a digital footprint. Each small piece of information may seem insignificant, random, trivial—but it all forms part of an information flow. One that can reveal things like where we live, what we do, our interests, health, marital status, and our position on pineapple on pizza.
And that sort of stuff is priceless to cybercriminals.
Unfortunately, locking down our profiles isn’t that helpful. Why not? Because any content we interact with—be it through a ‘like’, reaction, or comment—keeps us exposed. Case in point, in the 2010s, Cambridge Analytica collected and analyzed data from 50 million Facebook users for advertising purposes—without their consent.
Most people are familiar with the headline, but the details aren’t well-known. Machine learning algorithms sifted through ‘likes’ to glean sensitive personal data like sexual orientation, race, gender, intelligence, and even childhood trauma. The results were used to amplify and inform the campaigns of some notable politicians, including Donald Trump and Ted Cruz.
While Facebook users now have the option to make their ‘likes’ private, how mindful are we of our online activity? Are we still dropping pieces of a puzzle that someone somewhere may be putting together?
What our friends reveal about us–literally
In 2019, a team of researchers set themselves a challenge: could they profile someone based purely on their friends’ Twitter posts and interactions? The team gathered 30 million public posts from nearly 14,000 Twitter users, and set their machine learning algorithms to work.
The results were alarming.
Even if an individual had left Twitter, or had never joined, the algorithm could paint a picture of that person with 95% accuracy—just by looking at 8 or 9 of their friends’ profiles. It knew their favorite products, political leanings, leisure activities, and religion, to name a few. You can read the full study here.
So, should you delete your socials?
While this might be your gut reaction, closing an account won’t delete past interactions. Algorithms can still find them, and they’ll remain part of the unstoppable information flow.
What you can do is take five minutes to review your privacy settings to ensure you drop fewer info-morsels behind as you consume social media content.
There’s no getting away from the fact that we live in an intricately networked society. In such a world, it’s impossible to have total privacy, but we can tread more lightly in online spaces, and raise awareness about the ways social media impacts privacy and security.
Creating room for non-judgmental discussions about social media privacy is a definitive step toward a cybersecurity-minded workforce, and a more secure organization.
To find out more about changing and improving security behaviors, check out our eBook on measuring behaviors.