How to avoid being a hacker's next target when using social media

When you use LinkedIn and other social media accounts for professional reasons, there are important factors to consider about securing your personal data. Learn how to protect yourself from a hacker.

linkedin.jpg

Image: Natee Meepian/Shutterstock

I wrote about social media quizzes in September, explaining why it's a bad idea to participate in these would-be fun events because you might inadvertently reveal personal data such as the city of your birth or your birth month. This data might then be used by hackers to obtain access to your identity or accounts utilizing information you've revealed which may also represent your answers to security questions.

SEE: Google Chrome: Security and UI tips you need to know (TechRepublic Premium)

While the context of my article involved recreational social media, it's just as critical to protect yourself on business social media such as LinkedIn. 

Adrien Gendre, chief product officer at Vade, a cybersecurity company, said, "The risk of oversharing on social media lies not only in what you share publicly, but also what you share with the platforms privately. For example, when setting up a social media account, you might include your birthdate, which helps hackers since many people include their date of birth in their passwords."

Users also share their personal interests on social media. Gendre added. "For example, if you care about human rights and social justice, you're a perfect candidate for a phishing campaign asking you to donate to a cause that doesn't exist." 

Gendre added that no amount of personal information is safe to share on social media. "Data breaches are often followed by phishing and spear-phishing attacks. When social platforms are breached, all those personal details can be used to create highly targeted attacks," he said. "Hackers might not have your bank account number, but they know your birth date, your children's birth dates, the city you live in, where you work ... the list goes on and on. There is no limit to the damage that can be done with such personal information. This isn't to say that you should never use social media; but users should be aware of their own vulnerabilities."

How to be a social media minimalist

In the context of business social media such as LinkedIn, operate from a minimalist's perspective and only provide the information needed to represent yourself to your network and prospective employers. Make sure everything you list is accurate and truthful. Avoid listing your home address, and never share the names and contact information of your references as those should only be made available on a private basis upon request.

SEE: Password breach: Why pop culture and passwords don't mix (free PDF) (TechRepublic)  

If you list the name of an academic institution you attended, never use that institution's name as an answer for any security question you must fill out. In fact, compare all of your existing security answers against your social media profiles to ensure none of these are obtainable, and if they are, change the answers right away. Always remember you don't have to answer security questions accurately (you could put down "clown college" if asked what school you attended) but it's essential to store whatever answers you give in a secure password manager.

I also recommend not listing the dates involved with your educational endeavors such as stating you graduated from a university in 2010. Not only might a hacker might infer you were born in 1988 (seeing as how college graduates are typically 22 when they leave school) revealing your birth year, but someone with your name might then capitalize upon your degree by stating to a prospective employer that they earned that academic credential. It sounds far fetched, but an employer that doesn't do their due diligence in verifying academic degrees might simply confirm that an individual with your name did indeed receive that degree and award a job to someone without merit.

Furthermore, steer clear of listing recreational pursuits if the opportunity to add these to your profile comes up. It's tempting to come across as a well-rounded person who enjoys kayaking, bicycling or Ford Mustangs, but this information might help an attacker glean your password or security answers, such as "What was your first car?"

The same principle applies to your family. For a business social media profile picture, I recommend a simple photo of yourself in professional attire. We all want to show off our spouses and children, but doing so might expose revealing information about you. You should especially avoid posting any tributes to your family on their birthday (and avoid specifying your own) for obvious reasons.

Last but not least, never make disparaging comments about your employer (present or past) or anyone else for that matter when using business social media. As that saying goes, what we post online is forever, and there are numerous stories of people who destroyed their own careers via ridiculous and inappropriate social media posts. Furthermore, engaging in vitriolic discussions with others draws negative attention which might then provoke malicious actors to try to take action against you such as the frightening act of doxxing whereby your personal information might be publicly revealed in order to harm you or, worse, urge others to do so. Always act on business social media as you would act in the office: professional, courteous and polite to all. 

Also see