The “10 Concerts” meme spread like wildfire on Facebook last week, with millions of users listing nine live performances they had actually attended and one they made up, then asking friends to guess which one was fake. But as The New York Times cleverly wrote, “It’s all fun and games until someone’s password security question gets hacked.”
Technology experts pointed out that an inherently personal post like the 10 Concerts list could expose sensitive information: a person’s age, behavioral preferences, income level, and even religious affiliation. It isn’t quite on the same level as standard security questions like “What street did you grow up on?” or “What was your first car?” But the bigger threat comes from potential social engineering scams.
Defined as the practice of manipulating unsuspecting computer users to steal confidential data, cybercriminals deploy social engineering to convert readily accessible info into illicit access. Take the 10 Concerts meme—listing out nine of your favorite bands can reveal quite a bit about your tastes. Combine that with easily accessible Facebook profile information and even an unskilled hacker can craft quizzes, fake news posts with too-good-to-be-true headlines, and other enticing “malvertising” to pique your interest.
All it takes is one click on one of those illicit links, however, to install damaging malware or spyware that can scrape your computer for sensitive data or install keylogging software to record passwords and other login info. These kinds of social engineering scams are much easier for hackers to execute, compared to more complicated Adobe Flash Player and Java exploits identified by CMIT Solutions earlier this year. Those can be particularly dangerous since Flash and Java are used on millions of websites across multiple operating systems and browsers, allowing for custom “backdoor” access to higher-level networks, Microsoft Exchange email servers, and content management systems.
But with nearly two billion active users each month, Facebook represents the holy grail of targets for hackers. That’s why, even if the 10 Concerts meme doesn’t represent a direct security threat yet, it provides an urgent reminder that Internet users must protect themselves, especially in a social media context. Even the most inconspicuous piece of information can be used against someone.
How Else Can You Protect Yourself and Your data?
1) Antivirus, anti-spyware, and anti-malware software are important. But many hackers change their tactics faster than even the best software can keep up. And in the case of Facebook memes and other social engineering scams, it’s user error that provides access to hackers. That’s why a good anti-virus solution deployed properly by an IT provider can provide a certain level of security, but…
2) Comprehensive network security can make the difference. CMIT Solutions uses heightened security tools that analyze Internet traffic for malware, botnets, and phishing attempts before they affect your system. By identifying targeted attacks, blocking threats both on local networks and mobile devices, assessing the viability of plug-ins and software updates, and enforcing acceptable use policies through content filtering, the proactive monitoring or “umbrella” approach can deliver an unprecedented level of security. Of course, no one layer of security provides surefire protection, which is why we also specialize in…
3) Critical backup and disaster recovery. In a worst-case scenario, the only way to prevent data loss is if your information is backed up by a remote, regular, redundant, and easily retrievable solution. Users who are infected by malware or ransomware and don’t have a solid backup and disaster recovery plan in place have been forced to pay hundreds or even thousands of dollars to retrieve their data. Users who do have a reliable data backup, however, can resume operations in hours and even minutes, preventing a loss of productivity and efficiency.
Social media is meant to be fun, but don’t let a laid-back attitude allow your data to be hacked. Cyberattacks, exploits, and other security compromises are constantly coming at us from all directions. That’s why CMIT Solutions is dedicated to helping businesses survive and thrive in today’s complicated IT world. No security solution is 100% effective, but the more layers you put between your systems and cybercriminals looking to infiltrate them, the safer you’ll be.