Author: Gary Hibberd
Date: 26th June 2020
Like many, during Lockdown, we’ve switched our networking activities online and have been hosting our bi-weekly ‘CyberNatter’, with an increasingly diverse audience.
Our CyberNatter events aren’t just for those within the Cybersecurity or Data protection field; We discuss anything and everything related to our digital world, and that world affects us all.
Let’s be Social
Of course, an essential aspect to every business is the use of Social Media, so we wanted to explore what impact this has had on business; What are the good, the bad and the interesting that we see from this form of communication.
Of course, given the current circumstances, many people are using social media more frequently. And although it can serve as a welcome distraction, it can also affect our ability to focus, meaning we are distracted and potentially more at risk from accidentally causing a security incident or data breach.
In our latest session we wanted to explore the following;
– Post, click, share; Social media risks to our businesses
– Trending and tweeting; How can social media benefit society as a whole?
– Work/home balance; How should we manage social media in personal lives and business?
It was one of the hottest days of the year, and our guests certainly felt this was a hot topic!
Social media risks to our businesses
Since the pause in physical socialising began, it’s become an even stronger catalyst for keeping in touch with friends, family and work colleagues. But are there growing risks to the business as a result?
Jason remarked that a cyber criminal’s goal is to obtain names, passwords, financial records and other personal or sensitive information to sell on the dark web. But we often make it easy for them, as we answer ‘quizzes’ and questionnaires on social media platforms, that give away this information. “Have you ever done a quiz where it asks for the name of your pet? Or your date-of-birth? This information can then be used for social engineering, and we’re handing it to them!”
Andrew Cunnington is a Cyberfort Consultant, with a background in the military, and recounted a story of the training they received prior to operations; “I recall a young recruit being asked if the guy taking the course could take his rank, serial number and name (and a photo) and if he’d be willing to be part of the course content. The young lad agreed (not that he had much choice), and two hours later the course leader had used social media and social engineering techniques too;
– Identify the lads home address
– His family background
– The name of his Grandma, and the care home she lived in
They even called the Grandmother and spoke to her (replaying the conversation in the room). They found a whole heap of other information; And all of this came from his name, photo and serial number. What we post online is far more than this, and we’re leaving ourselves open to risk.”
Andy Simpson-Pirie added that even those who are conscious of their own security could often be betrayed by ‘third-parties’; “You might be very careful about what you post online, but your wife or children could easily betray your security and privacy, by excitedly posting upcoming holiday or event comments. People ‘overshare’ and without any firm boundaries in place, you (or your business) could be at risk.”
Stuart remarked how he is regularly asked to give the ‘Cyber Talk’ at schools, where he explains how easy it is to guess peoples passwords, and what ‘good’ looks like, in relation to protecting privacy. Interestingly he added that “Kids will often ask why it’s important for THEM to have secure passwords when their parents don’t!?” It’s a great question, and it is a worrying situation! Perhaps it’s the old adage of “Do as I say. Not as I do!”? But if we’re going to teach our children to be sensible online, shouldn’t parents and business leaders be leading by example?
Stan gave us his thoughts on the importance of leading by example, but not doing things, for ‘things sake’. “Forcing people to change passwords every X days is counterproductive when applying 2FA or MFA (Multi-Factor-Authentication) works better.”
It’s also worth reminding ourselves that what we post online remains with us for a very long time. There have been countless occasions where a ‘tweet’ or comment online has resurfaced many years later and used to embarrass or highlight someone’s younger, less well-informed thoughts and opinions.
How can social media benefit society as a whole?
Our discussions now turned to the benefits of social media, of which there are many, not least-of-which is for increasing traffic to your website. It needn’t cost much, and there’s an endless list of influencers to help boost your brand.
Reputation is everything. Customer feedback is another way organisations can benefit massively from social media. It’s easy and quick for customers to post something positive about your business. Their friends will see this and might share, and then their friends will see that, and so on.
Melanie commented on how, as a student, social media allows her to connect with others in her field, and learn from them. “It’s a great resource for me to learn about a topic I enjoy and connect with people in the same field.”
Social media has been used to great effect when there have been major disasters, especially in places like Australia, where social media has directed emergency services, following bush-fires. The intelligence provided by the crowd on social media has saved countless lives in those events.
How should we manage social media in personal lives and business?
Our final topic covered the way in which people should be looking to balance the use of social media in personal and business lives.
It was stated by many that there is little doubt that the way people will work, beyond Lockdown, has and will change. Both Stan and Jason pointed out that the use of Zoom is increasing, and the evolution of the ‘virtual workplace’ is happening all around us. But we need to ensure we set our own boundaries, as our mental health can also suffer if we find ourselves sat in front of the screen for six, seven or more hours a day.
“Setting out an hour for lunch is vitally important. Even if it’s just to get away from the screen and stand outside. You need to take breaks.” Stan’s comments will possibly ring true of everyone reading this post, as we increasingly use our commute/lunchtime to do yet more work(!)
As always, we ran out of time to cover all we wanted to cover, and there is undoubtedly more that we covered in the event than is covered here.
If you’re interested to know what Andy Hague’s thoughts are on why the Board room needs to pay more attention to Information Security and Data Protection, you should watch the recording of the ‘Natter’.
If you have views and opinions on these topics, then why not sign up to the next event we have? We want to hear your opinions and thoughts. Don’t sit on the side-lines… get involved in the conversation.
See you soon!
What is Consultancy?
Our cybersecurity consultants will assess your infrastructure, systems and networks before devising solutions to protect your business based on your needs.
Why is it important?
Cyber consulting services bring in a broad range of skills, experience and technologies that can be difficult to acquire, develop and retain internally.
How can we help you?
Wherever you are on your cyber journey, we can analyse your business based on our decades of experience, and provide pragmatic advice to help your business succeed and grow.