The vulnerability of social media

Many individuals and businesses use social media to draw attention to themselves and to keep up with the latest trends in their field. Furthermore, social media is a great communication channel between companies and customers, creating a framework for informal and quick communication.

But is this the safest way to market your business - in terms of cybersecurity?

A vulnerable platform

Most people don't think about their social media usage and what information they give the platforms rights to. But we should be aware of it. Social media platforms, such as Twitter, Facebook and Instagram, collect data to personalize the content that is shown to you. This can be anything from personalized ads to images that match your interests.

Businesses can also purchase sponsored ads and posts so that their images and posts reach a larger and targeted audience - and potential customers. In order to do this, social media needs to use specific data sets. You might think that you haven't agreed to allow them to collect this much information, but you have. It's in the platforms' terms and conditions - that you have to accept or reject when making a profile - we often accept without reading them because we want to start using the platform.

There are just under 5 billion people worldwide using social media. SoMe are great tools for connecting with people, networking and sharing your life. This applies to both individuals and businesses.

But with so much activity on social media, devices are becoming more vulnerable to cyber attacks.

The hacker exploits public information

One of the biggest hacking methods used in cybercrime is social engineering. These are tricks that the hacker uses to their advantage. The technique plays on:

• Authority
• Intimidation
• Social acceptance
• Time pressure
• Scarcity
• Positive evaluation

All of these emotions and social engineering techniques help us fall into the phishing trap - which is also the reason for basic awareness training. Phishing is often done via email, but it is increasingly moving to SMS (cf. smishing) and social media messaging.

The downside of this is that you typically can't check the link in messages sent on these platforms without clicking on them - and that's the last thing you should do when you receive a message asking you to click on the link.

The problem with social media is that you often have to provide various personal information in order to create a profile. And this information is stored on the platforms, which are ultimately as vulnerable as so much other technology and software.

Therefore, it's important to remember that the more information you share on social media, the more information a hacker can steal and exploit. This applies to both profile information, but just as much to the information you post in the form of text, photos and videos.

You should therefore keep this in mind when using social media on work phones and devices, as you can expose not only yourself to cyber attacks, but your entire company. Some of the phishing methods that hackers can perform with this information, are:

• Spear phishing is all about targeting specific people - they have information that allows them to direct the phishing specifically to one person. The likelihood of falling into the phishing trap is higher with spear phishing as it is personalized.
• Whale phishing involves the hacker impersonating a high-ranking executive in a victim's company. People are more likely to follow instructions if they come from an authority figure - this is exploited by the hacker.

The cyber threat to businesses

If the hacker has their eyes open and looks at the details, they can pick up on a variety of information such as:

• Contact details
• Location and sites
• Connections to friends and family
• Connections to customers
• People tagged in a post
• Facial recognition (using images from the platforms)

As mentioned above, hackers can exploit the information we post on social media whether we realize it or not. If the hacker gets access to contact information or anything else, they can perform phishing, which is much harder to spot than the regular phishing they send out to hundreds of people.

The hackers can also use the developed AI to collect data and create convincing phishing. It can, just like the hackers, utilize data that both private individuals and companies share on social media if the hacker asks it to do so.

This has caused a stir about the use of AI, but also about the credibility of the various platforms, which have millions of users worldwide.

TikTok: the controversial platform

In March 2023, there was a critical focus on the popular app TikTok - especially their handling of user data was criticized. Essentially, TikTok can collect a wide range of data that users agree to in the terms of use when they sign up to the app. The problem is that many companies use TikTok to draw attention to them and attract customers. We have written an in-depth blog post about the criticism of TikTok, where you can read more about the circumstances and consequences behind the use of the app.

When it came to light that user data was compromised by TikTok and its developers could collect so much different data from the app's users, many - especially public institutions - ended up deleting the app from employees' work phones.

The Danish Center for Cyber Security recommended that Danish institutions delete the app from work phones because it posed a cyber risk. Danmarks Radio (The Danish Broadcast Network) was the first news agency in the world to have their employees remove the app. This was followed by the BBC, among others, as they also believed that their data security was at risk.

This is just one example of how social media can hide things that can put your and your company's data at risk. Therefore, we recommend that you think twice before installing social media on your work or home phone - and if you do, consider what personal and company data you provide on the app.