Over the last decade, some of the biggest security threats have come from the use of social networking. The rapid growth of these technologies lets millions of users each day post on Facebook, Twitter, and many other networks. What type of information are they posting?
■ Personal information
■ Location information
■ Friend information
■ Business information
■ Likes and dislikes
The danger of making this wealth of information available is that a curious attacker can piece together clues from these sources and get a clear picture of an individual or a business. With this information in hand, the attacker can make a convincing impersonation of that individual or gain entry into a business by using insider information.
Before you post any type of information on these networks, ask yourself a few questions:
■ Have you thought about what to share?
■ How sensitive is the information being posted, and could it be used negatively?
■ Is this information that you would freely share offline?
■ Is this information that you wish to make available for a long time, if not forever?
Social networking has made the attacker’s job much easier based on the sheer volume of data and personal information available. In the past, this information may not have been as easy to get; but now, with a few button clicks, it can be had with little time investment. Going back to our earlier exploration of footprinting as part of the attack process, you learned just how powerful unprotected information can be. When employees post information on social networks or other sites, it should always be with a mind toward how valuable the information may be in the wrong hands and whether it is worth posting. It is easy to search social networks and find information that an individual may have shared to too wide an audience.