We're Hiring
Contact
Insight

Is your on-line profile making your business vulnerable to Cyber Attack?

Posted on: 
December 3, 2018

The staggering amount of information that is available and shared online is making you and your business increasingly vulnerable to those that know how to combine the data and use it in a cyber-attack.

An incredible 2.5 Quintillion bytes of data is being created every day in 2018[1]. This includes millions of images, videos, locations and messages; never has it been so easy for ‘interested others’ to piece together our lives. Whilst the intention behind combining this data is usually innocent enough, the ways in which it is being exploited is anything but. Criminals, competitors and even neighbours are interested in using information about us for their own means.

3SDL cyber expert Jon Webster, knows all too well how easy the internet has made investigating people: “In the past, I had to trawl journals, death and marriage records, telephone books, and the electoral roll to get information about a person. Now I can just search the internet, and instantly get everything I need”.

Building a picture about someone has become so easy.

In isolation, each piece of information shared online may appear trivial, but when used in conjunction with other sources such as Companies House, Social Media, and fitness tracker websites they quickly add up to something much more interesting. “It’s about building a big picture. Small snippets can piece together to become exploitable information for a range of different reasons” explained Jon. “The information gleaned can be used for intelligence gathering, scams and extortion, all of which can make you, your business, or the people you know vulnerable. The potential for reputational damage is huge”.

Not only is the information more readily available, so too are the tools to collate and analyse it. Simple search engines like Google, and online directories such as 192.com are an easy starting point, but more sophisticated tools are available even to the normal everyday user; there are hundreds of easy to use tools available on-line to help map personal connections and their ‘pattern of life’. These tools are so effective that from one tweet it is possible to find someone’s home address, work address, preferences, friends and more in just a few minutes.

Even posts that appear to contain no personal details can provide valuable clues. The analysis of geotags and the assessment of other people and objects in images quickly lead to logical deductions about an individual’s location and their activities.

It’s not just spies and criminals that are doing this…

You might hope that your friends are interested in your news when you post online, but it isn’t just the people you know personally that are keen to know what you have been up to.

“Businesses have enemies too” says Jon. “Competitors want to know what you are doing, who is involved and how you are doing it – working out your team structure and current projects can be very useful”.

More worryingly, where a person or business or organisation works within Government or sensitive supply chains, it can sometimes be foreign intelligence agencies that take an interest, not just competitors. The theft of Intellectual Property (IP), including from academia, costs the UK millions of pounds a year and gives advantage to those that may wish to do us harm.

Criminals also use internet intelligence to carry out Social Engineering attacks, knowing that small details can give real credibility to their attacks and make them much more difficult to spot. And think about the security questions used to prove your identity – how many of the answers have you already published on-line? Mother’s maiden name (Birth certificate available on-line), date of birth (that 18th birthday post), name of pet (probably on your Facebook timeline), and first girlfriend (Facebook)...

Finally, Media and press outlets will always look to exploit information that has been shared with the public. Particularly, what they can find on social media to either generate, illustrate or embellish a story they already have.

Everyone is a target…

“It doesn’t matter if you are the quietest person online – if you are using the internet, you have links to other people. Somebody you know may be of interest, and your online presence becomes a potential way to reach the real target.”

Jon stresses that every single internet user has value; your data will be interesting to someone, somewhere; “intelligence agencies will focus on the target’s friends to get information”. And this works in reverse, if your friends and colleagues are over-sharers then they can make you vulnerable too.

Personal routine is of particular interest to criminals; if you let everyone know you are on holiday, or away from home for a period, you may come back to an empty house and an insurer that won’t pay!

5 simple steps to reduce exposure

Against this understanding of the threats that are out there, Jon has the following key advice and guidance for people when sharing information:

  1. Think before you post – ask yourself if you need to share this information with everyone. Perhaps you can still share an update, but leave out that photo or location tag, and only share with your friends.
  2. Think about what you share.Would you be happy to see the post you are about to upload on a billboard as you walk down the street? If the answer is no, don’t post it. Remember that nothing you post online is truly private, and a lot of websites will include the rights to use your data in their Terms & Conditions.
  3. Check your settings, regularly. Check your Social Media account settings to see who is able to see your posts. Updates from Social Media sites can sometimes cause your settings to be changed, so check regularly. Make sure only people you know are able to view your updates.
  4. Tighten up the privacy on your wearables – are your smart watches, fitness trackers, and cameras giving away your location? Sharing your sporting achievements is great, but by publishing your regular routes and routines you are giving away so much more including your home or work address, where you visit regularly, and your routine. Keep this data for your own reference only, rather than available for anyone to see.
  5. Search yourself. Preferably get somebody else to search for you (search engine algorithms make searching yourself less effective), to see what information is available about you. Check online registers holding your data and tighten them up. You could consider having your telephone number as ex-directory, and not being on the open electoral roll register. If you are listed on Companies House, use your business address instead of your home address. It can be very difficult to remove information once it is published online, but you can secure website accounts and profiles.

And of course, should your business or organisation feel that it needs further specialist advice and support to help identify and counter vulnerabilities through online information sharing, cyber security experts like 3SDL are available to help. Our team of professionals have years of experience in all of the areas that Jon has discussed in this article, and we’d be delighted to talk to you about how you can manage the cyber risks that we all face every time we use and share information through the internet. Please contact us at 3sdl@3sdl.com

[1] https://www.domo.com/learn/data-never-sleeps-5?aid=ogsm072517_1&sf100871281=1

Find out more about:
No items found.

Other

Insight

September 24, 2019
Insight

Emerging and evolving C4i systems technology – is it ‘Fit and Ready’ for Link 16 Modernisation?

Read

September 23, 2019
Insight

Insights from DSEI 2019 - Getting Fit and Ready for Link 16 Modernisation - Part 1

Read

September 19, 2019
Insight

Insights from DSEI 2019 - Getting Fit and Ready for Link 16 Modernisation - Part 2

Read

September 9, 2019
Insight

Diving deeper into Link 16 platforms - Are you considering the true through-life costs?

Read