Home
  • >
  • Sophos
  • >
  • The danger of the internet to the data and overall security of users
Read time: 3 minutes

The danger of the internet to the data and overall security of users

By , ITWeb
29 May 2018

The danger of the internet to the data and overall security of users

The release of confidential information to untrusted sources continues to make headlines all over the world.

We reiterate the issue of general threats that users face when they share data with firms and individuals.

The main concern is the risks that social media and internet users are exposed to with/without their knowledge in this age of data, internet and Artificial Intelligence.

This concern stirs up questions such as how dangerous is it the internet to the data and overall security of users? What are the potential threats users can be exposed to?

Generally, the social media threats can be split into two camps

1. Information volunteered by users – either deliberately or inadvertently

2. Social networking attacks

The first type of threat, information from users, is by far the simpler – because it is all about an individual's direct actions. Revealing sensitive information on a social networking site is a big threat. This information can be made public both deliberately or, most commonly, inadvertently. Often lax privacy settings mean that when you think you are sharing information with just a select group of people it is actually visible to wider groups, including complete strangers.

By their nature, social networking sites want to encourage sharing and openness, and this is reflected in the default settings. However, from a security perspective, this is a dangerous approach and opens up a huge security hole.

The other element, social networking attacks, is much more complex as it has now become real big business. Social networking accounts are valuable to hackers.

Social networking attacks can be split into three main categories:

• Social Media Spam – Unsolicited commercial posts, the equivalent of the spam email that comes to your inbox.

• Social Media Phishing – Criminals trying to trick people into revealing sensitive information.

• Malware – Malicious software, including viruses, Trojans, worms and other threats. Many people say computer viruses when in fact they are referring to a range of different malware.

The end-goal for most hackers is to get personal data because personal data is money.

Once they have the data there are many ways criminals can use it to make money. For example, they can:

• Steal your money directly e.g. use your details to access your bank accounts or purchase items using your funds

• Sell your data so others can steal your money (as previous)

• Trick your friends and family into supplying personal data in order to steal their money e.g. the criminals pretend that they are you and get those close to you to hand over sensitive information like their bank account details.

• Sell your identity so other criminals can pretend to be you – and then incur financial and legal liabilities in your name.

• Use your accounts to spread spam, malware and more data theft scams!

What should concern social media users with regards to security?

Using social media safely should be the top priority. We suggest these top tips to avoid opening the door on data loss, identity theft and malware infection.

1. Use secure passwords

What's behind a password? Your life! If it's cracked, your life is for sale. Make it really secure - use at least 14 characters and mix in upper and lower case, numbers and symbols.

2. Check default settings

Social media sites have large numbers of connected users. Make sure you check each site's default settings, so your details aren't on public display and minimise the amount of personal information you provide.

3. Be picture prudent

Be careful what pictures you show and try to avoid adding compromising or embarrassing images that might harm you.

4. Beware of Big Brother

Using social media sites as a diary is OK if you want family, friends (and enemies), your boss and anyone else to know everything about you.

5. Secure your computers

Your life is valuable, so is your data! Hackers want you and your data. Stay out of harm's way – only use computers with up-to-date security software.

6. Think before you click

Never click on links just because you know the sender – some malware takes control of a user's account and then automatically sends infected messages to all the user's contacts in an attempt to infect them. If it looks dodgy it probably is.

7. Stranger danger

Be wary of spammers trying to get your details by sending unsolicited invitations. If you don't know the person, the best thing to do is to ignore the request.

Data mining

Social media platforms are constantly mining data to design adverts, users need to know the thin line between data mining and breach

Any kind of non-consensual data mining should be treated as malicious mining and Sophos strongly advises that our default position should be to stop it.

So, is it really possible to use the internet and stay safe from data breach?

The internet and its social networks are driven and shaped by how we use them. However, like any technology, the internet and the software that runs on it has plenty of bugs, and there is much that could be fixed or improved in the service of keeping people safe online.

We advise on using devices with best of security solutions installed. In addition, there are three things that you should do for your social networks to stay safe from data breach.

1. Turn on two-factor authentication- It keeps your account safe and secure even if your password is guessed or stolen. In exchange for putting up with the minor inconvenience of entering a one-time code alongside your password when you log in, you'll get an instant, permanent security upgrade that makes your valuable accounts much harder to hack.

2. Behave yourself- Follow the top tips that we shared earlier

3. Log out -Logging in when you start and logging out when you've finished is a little inconvenient, it's true, but it stops two kinds of attackers in their tracks. The first is the kind of person who pretends to be you by sitting at your desk when you're not there, or by stealing your phone if you leave it somewhere. The second is a hacker using an attack called a Cross-Site Request Forgery (CSRF) to trick you into doing something bad, like giving them access to your account, without you realising

* By Pieter Nel, Country Manager, Sophos

Daily newsletter