SIMPLY sharing innocent holiday photos on social media could be enough to fall prey to sinister cyber criminals, according to an expert.
Founder of Bahrain-based cyber security firm CTM360, Mirza Baig, delivered the warning yesterday during a conference in Manama.
He said people who post too much information online risked being targeted, adding that many users did not understand the risks of being overly liberal with their personal details.
“When people post things on social media, they have to be aware of what the risks are and what it can mean,” he said.
“If they are aware they will be more careful with what they post, but right now the biggest issue is that they don’t understand the risks.
“I never put out when I’m travelling or where I’m travelling.
“For me it’s very important, for others it might not be. But for me, if I’m putting this information out there, someone can use it to scam my own staff.
“If you’re a senior manager, you should not put that information up.”
In referring to cyber criminals “scamming” his staff, he was referring to the possibility of fraudsters deliberately targeting a company when they know the boss is away.
He explained the likelihood of someone illegally gaining access to a firm’s sensitive information, or misleading company employees, increased when there was reduced oversight.
“There should be a social media hygiene practice, so people know when and how to put out information, what it can lead to and what the risks are,” said Mr Baig, who urged companies to hire “white hat” hackers – ethical hackers who can identify and keep pace with threats.
Mr Baig
In an article for Fast Company, ethical hacker Stephanie Carruthers warns that even a simple social media post during a lunch with colleagues carried risks.
“Posting a photo of you and your office besties, whether it’s on a lunch break, doing some sort of social activity, or otherwise, may be revealing more than you imagine,” said Mrs Carruthers, chief people hacker at X-Force Red – a team of veteran “white hat” hackers.
“Think about the types of posters or whiteboards that are up in shared areas of the office.
“A poster about ‘Team Softball League Starting Soon’ means you won’t be suspicious if I send you an e-mail with a link to the latest team schedule. Trust me, the link I send you won’t be one you want to click.
“This may seem obvious, but you’d be shocked to know how many times I see new employees posting close-up shots of their company security badges, particularly on the first day or last day at the office.
“Knowing what a company employee badge looks makes recreating one a breeze. I can copy, paste and print myself an identical one with my own face swapped in within just a few minutes.
“While this badge may not work for access, you’d be surprised how easy it is for me to simply flash a badge and a confident smile to tailgate my way through the doors of a company.”
Such issues are being highlighted in Bahrain at the SmartSec Cyber Security and BlockChain Conference, which started yesterday and continues until tomorrow at the Gulf Hotel Bahrain.
Preventing cyber attacks, developing a cyber security ecosystem, cloud security, cryptocurrency challenges and cyber warfare are topics being discussed in an event jointly organised by Bahrain Technology Companies Association (BTECH) and WorkSmart For Event Management.
It is being held under the patronage of Electricity and Water Affairs Minister Dr Abdulhussain Mirza, who said children needed to be learning about cyber security from a young age.
Hacking
“This conference comes in line with Bahrain’s efforts to protect data and digital information, because now it is not just the organisations that are in danger but people too,” he said.
“Your iPhone can be hacked and can be used to send messages in your name that implicate you in illegal matters, or get you in trouble in other ways.
“Right now people need to be more prepared for hackers. It should start in schools, these days children know more than adults about technology.
“This is the first generation in history when the children know more than their parents.”
The GDN reported last month that Bahrain was stepping up cyber security, after more than 50 million attempts to breach government systems were registered in 18 months.
The iGA is in the process of deploying advanced technology that will act as an early notification system to detect and contain threats and protect sensitive government data.
iGA chief executive Mohamed Al Qaed told the GDN at the time that since February last year the authority had foiled more than 5m viruses and 2.7m spam e-mails, along with over 50m data breach attempts.
Parliament chairwoman Fouzia Zainal and several MPs have also submitted a proposal to set up a unified GCC Cyber Security Centre.
ghazi@gdn.com.bh
&uuid=(email))