Why data over-sharing is making you an easier phishing target

We live in a world where sharing too much data – or the wrong data – is like asking to be hacked. It’s bad online security practice, particularly as phishing is on the rise, growing to nearly 41% in 2018. But data sharing, whether it’s with social media companies or engaging in unsafe behaviors like using unsecure Wi-Fi networks, is usually the result of a negotiation where you, the owner of valuable data, receive something for free, like a less cumbersome login process or a free internet connection.

Before you hit ‘save my password’ on your web browser, check the research on how some practices aren’t worth the negotiation when it comes to data sharing. Here’s four places to start:

  1. Stay up to date on phishing and cyber awareness training offerings from your company. Becoming compliant with corporate policies and procedures will go a long way towards maintaining information integrity within your organization and is critical to overall security. When trained employees serve as a human firewall, they create an additional defensive barrier, which can tip the balance between an impenetrable business or 92 million in data breach costs, according to IBM research. Enabling users with comprehensive training packages will strengthen your overall cyber awareness and cement best practices.

 

  1. Avoid using too many file-sharing services. Cyber criminals are adept at exploiting human engineering and using these services to collect sensitive credentials, as well as spread malicious attachments. Unfortunately, file-sharing services are an easy target – most cyber security tools have finite understanding of the files within, so they can’t always provide adequate threat detection. This leaves organizations vulnerable to attacks, from minor annoyances to massive data disclosures.

These platforms also instill a modicum of trust in users, since they’re familiar companies with high engagement, and criminals are skilled at hiding in these giants’ shadows, leveraging well-known domains and credible logos. This allows them to bypass scanners and spam-blockers, successfully infiltrating inboxes and engaging with employees, and seriously compromising security. It’s important for users maintain enough cyber awareness. According to Security Research Engineer Sevtap Duman, users need to “identify and flag fraudulent URLs and malicious attachments before they do harm.”

 

  1. Delete all unsecured Wi-Fi hotspots stored on your devices, making sure you avoid unwanted connections. Another opening cyber criminals hope to capitalize on is Wi-Fi security, something that’s become more prevalent as increasing numbers of employees work remotely.

 

According to Spiceworks, 61% of organizations report employee use of public Wi-Fi networks on company devices, and many of these connections are completely unprotected. Though convenient, these networks are very popular with hackers, with easy-to-intercept credentials and plenty of space to distribute malware. To combat this, don’t connect to any Wi-Fi hotspots unless you know they’re viable and trustworthy, and make sure they’re completely off when the device is not in use.

 

Most importantly, employ a solid VPN, or Virtual Private Network. Its encryption allows you to access the internet from the VPN’s network, essentially forming a connection via a secondary server.

 

  1. Protect against social engineering. Social media also offers a wide variety of opportunities for criminals to take advantage. According to Security Boulevard, around 42% of the global population, or 3.2 billion people, use some form of social media. Phishing in particular is a high-frequency threat vector – small screens allow URL stuffing, people trust the platforms they’re using (much like with file-sharing services), and are commonly linked to monetary apps, such as for wire transfers and gift cards. Methods like impersonation, creating dummy web pages, and posting sensitive information for fun are all easy to perform and replicate.

 

Cyber awareness is the keystone to staying alert and vigilant against these threats as criminals continue to prowl the ever-growing social media landscape. Though threat vectors are continuously evolving and mutating, it’s not out of employees’ hands to establish a safe-haven within a corporation.  

 

Cyber awareness training serves as a guide to understand the various players and weapons in and around a network. Limiting use of file-sharing platforms, unsecured Wi-Fi, and social media creates a barrier that protects not only you, but your entire organization.

Want more great articles like this?Subscribe to our blog.

Get all the latest news, tips and articles delivered right to your inbox