Social media can be a great way to connect with people. It can also be a great way for us to become connected to the cybercriminal world. Consider all of the information that we display in what is a public forum when we complete profiles on Facebook, LinkedIn, or Twitter. We post status updates on our days, how our kids are doing, where we are going or did go on vacation, and we even display where we work and often our roles and responsibilities. This is how the cybercriminals take advantage of us.

Phishing and spear-phishing are rampant and it doesn’t take a rocket scientist to perpetrate a phishing scam. In fact, various scams come wrapped up for sale in neat little packages these days. They can attempt to get online account credentials using forms that pop up on a screen or download malware to your computer in the background just because you clicked a clever link on Facebook. They can also spear-phish for W2 information or convince someone to wire money to a criminal’s bank account.

Image of a cloud with social platforms in itAlways be aware that these scams and attacks are taking place all the time. If someone gets a password from a social media account, significant damage can be done. You’ve likely seen warnings from friends that their accounts were “hacked” and whatever that last embarrassing post was, it really wasn’t from them. But, that is the least of the trouble that can ensue. Consider what can happen if someone takes over one of your social media accounts and sends a malicious link to everyone connected to you? Not only will it annoy your friends and colleagues, but it’s also a very efficient way for ransomware, for example, to affect a lot of people.

In February, the company Thycotic conducted a survey at the RSA Security Conference in San Francisco. It found that 53 percent of users of social media websites had not changed their passwords in over a year. Even more startling was that 20 percent had never changed them at all. On top of that 25 percent change their work passwords only when they are reminded or required to do so. In 2016, over three billion sets of user credentials and passwords were stolen. That calculates to around 95 every single second.

Changing passwords should be part of everyone’s regular routine, like changing batteries in the smoke detectors; only more often. Doing this will prevent them from being reused later in case of a release of old data, for example. Yahoo announced a couple of different breaches last year. If your password is changed often, then you won’t be caught by situations like that.

In addition, always make sure you don’t include personal details in your passwords and that each one is unique to a corresponding online account. Password reuse really does happen and is being blamed more often these days. It was blamed for the UK National Lottery breach last year as well as incidents with the music streaming service, Spotify and the income tax company, TaxAct.

Unfortunately, the security industry isn’t necessarily practicing what it preaches. The same Thycotic Survey found that approximately 30 percent in that field are still using birthdates, pets and kids’ names, and addresses for their work passwords.

Donovan B. Fox © Copyright 2017