Are you or your employees giving away IT secrets or sensitive information on social media?
Most of us have seen a fun question posed in a similar fashion to the following:
These are good for a laugh and it rarely fails to make a goofy combination. As per above, “Walter Thunderbird” or “David Beetle” or “Amber Impala” are an admittedly silly but satisfying diversion. Once one person shares and jumps on the bandwagon, there is often a long list of folks that tag in and take part as well. Why not? What about any of this would be giving away IT secrets? It’s just harmless fun, right?
Maybe not. There may be an ulterior motive that most folks aren’t considering. These could be asked in a quite purposeful manner with the intent to trick people into giving away secret information.
The primary issue is that these are often the same kinds of questions that are asked for security questions when creating an account or resetting a password for financial institutions, business accounts, and many other places most folks would rather bad actors not hide out, hang out, or have access to.
Slyly, these are disguised as simple fun. It is unlikely one would willingly submit a random questionnaire to a public forum with these odd questions on them. Yet, folks post them to social media without much thought (and often unknowing who has access to see the posts).
Security questions are already a weak cybersecurity defense but do, at least, attempt to make some effort to ensure authenticity of identity in a less-intrusive manner. Some questions are better than others, though, as some can be researched or found in a person’s historical data on social media.
Some of the most common questions include:
- What is your mother’s maiden name?
- What is the name of your first pet?
- What was your first car?
- What elementary school did you attend?
- What is the name of the town where you were born?
- What road did you live on as a child?
Unfortunately, some of these may also often the easiest to find. Researchable legal documents or previous document breaches may indicate mother’s maiden name and place of birth. If a thief knows a person’s place of birth, there are then limited options for elementary school (generally speaking, as of course there is a possibility that one moved at a young age). First car and first pet name are more difficult, but, perhaps not-so-coincidentally, are common asks during the “innocuous” social media posts as described.
Luckily, there are often better (i.e. more obscure) options for security questions. One key is the ease one will remember the answer: a security question does no good if it is likely to change over time or will be forgotten. Questions regarding childhood memories and dreams, persons you took to your senior prom, specific people (that one would remember) from past job positions, and other similarly unique questions are more difficult to find for a malicious criminal with an eye on identity theft. Choosing questions like this will result in less giving away secrets and more, well, security for your security questions.
Unless, that is, you’ve already told them on your Facebook page.
Need some help with your IT security? We are experts in the field. CONTACT US and see if we can help you like we’ve been helping our customers since 1999!