All too often we are seeing one security breach after another in the news. Since cyber protection isn’t always easy we wanted to share our thoughts on how you can protect yourself and your organization with some basic common-sense tips and insights. So, what is your digital footprint? How complex or common are your username and passwords? How many social media accounts do you have? And what data is open for public consumption? How selective are you in letting acquaintances or total strangers access to your information? In the last 10 years or so, there has been a huge push to get online and be social. Using social media to stay connected with family, friends, and colleagues. These social platforms seemed innocent at first, you were only sharing photos of your kids with family right? Well now, these platforms track trends in your activity so that they can push pinpointed marketing to your feed. With everyone having a DVR at home and skipping television commercials marketing firms have found a firm grip on social media.

Big Data Gets Bigger

With every mention, click, like, reaction, or hashtag social media companies and thier partners are collecting huge amounts of data on you to enrich your online experience. So much information, that this has become extremely valuable to the darker side of the web. Here are some insights on how much data is stored on common social media outlets.

Facebook

According to the Washington Post, here is a 2016 list of all the indicative data Facebook has on its users:

1. Location
2. Age
3. Generation
4. Gender
5. Language
6. Education level
7. Field of study
8. School
9. Ethnicity
10. Income and net worth
11. Homeownership and type
12. Home value
13. Property size
14. Square footage of home
15. Year home was built
16. Household composition
17. Users who have an anniversary within 30 days
18. Users who are away from family or hometown
19. Users who are friends with someone who has an anniversary, is newly married or engaged, recently moved, or has an upcoming birthday
20. Users in long-distance relationships
21. Users in new relationships
22. Users who are newly engaged
23. Users who are newly married
24. Users who have new jobs
25. Users who have recently moved
26. Users who have birthdays soon
27. Parents
28. Expectant parents
29. Mothers, divided by “type” (soccer, trendy, etc.)
30. Users who are likely to engage in politics
31. Conservatives and liberals
32. Relationship status
33. Employer
34. Industry
35. Job title
36. Office type
37. Interests
38. Users who own motorcycles
39. Users who plan to buy a car (and what kind/brand of car, and how soon)
40. Users who bought auto parts or accessories recently
41. Users who are likely to need auto parts or services
42. Style and brand of car you drive
43. Year car was bought
44. Age of car
45. How much money user is likely to spend on next car
46. Where user is likely to buy next car
47. How many employees your company has
48. Users who own small businesses
49. Users who work in management or are executives
50. Users who have donated to charity (divided by type)
51. Operating system
52. Users who play canvas games
53. Users who own a gaming console
54. Users who have created a Facebook event
55. Users who have used Facebook Payments
56. Users who have spent more than average on Facebook Payments
57. Users who administer a Facebook page
58. Users who have recently uploaded photos to Facebook
59. Internet browser
60. Email service
61. Early/late adopters of technology
62. Expats (divided by what country they are from originally)
63. Users who belong to a credit union, national bank or regional bank
64. Users who investor (divided by investment type)
65. Number of credit lines
66. Users who are active credit card users
67. Credit card type
68. Users who have a debit card
69. Users who carry a balance on their credit card
70. Users who listen to the radio
71. Preference in TV shows
72. Users who use a mobile device (divided by what brand they use)
73. Internet connection type
74. Users who recently acquired a smartphone or tablet
75. Users who access the Internet through a smartphone or tablet
76. Users who use coupons
77. Types of clothing user’s household buys
78. Time of year user’s household shops most
79. Users who are “heavy” buyers of beer, wine or spirits
80. Users who buy groceries (and what kinds)
81. Users who buy beauty products
82. Users who buy allergy medications, cough/cold medications, pain relief products, and over-the-counter meds
83. Users who spend money on household products
84. Users who spend money on products for kids or pets, and what kinds of pets
85. Users whose household makes more purchases than is average
86. Users who tend to shop online (or off)
87. Types of restaurants user eats at
88. Kinds of stores user shops at
89. Users who are “receptive” to offers from companies offering online auto insurance, higher education or mortgages, and prepaid debit cards/satellite TV
90. Length of time user has lived in house
91. Users who are likely to move soon
92. Users who are interested in the Olympics, fall football, cricket or Ramadan
93. Users who travel frequently, for work or pleasure
94. Users who commute to work
95. Types of vacations user tends to go on
96. Users who recently returned from a trip
97. Users who recently used a travel app
98. Users who participate in a timeshare

While this list is exhaustive to read, I think it makes a great point, that so much content is tracked and stored. If you want to see more, Facebook even provides more current details here.

Google

Companies like Google might have more data if you are a Chrome and/or Android user as they know what you’re browsing, who your calling, and whom your texting. Just think of all the activities you do on your phone or web browser. Google saves this data through these platforms.

Common Business Usernames & Passwords

It is very common for organizations to have standard usernames and passwords. Certainly, when there is either a large amount of hardware to support, the admins/users frankly want something they can memorize, or they stick with default usernames and passwords. Here are the top 10 usernames:

 

Username	Count	Percent
administrator	77125	34.87%
Administrator	53427	24.15%
user1	8575	3.88%
admin	4935	2.23%
alex	4051	1.83%
pos	2321	1.05%
demo	1920	0.87%
db2admin	1654	0.75%
Admin	1378	0.62%
sql	1354	0.61%

Here is a 2016 compilation of common usernames & passwords:

Password	Count	Percent
x	11865	5.36%
Zz	10591	4.79%
St@rt123	8014	3.62%
1	5679	2.57%
P@ssw0rd	5630	2.55%
bl4ck4ndwhite	5128	2.32%
admin	4810	2.17%
alex	4032	1.82%
…….	2672	1.21%
administrator	2243	1.01%

The other interesting piece of this data is the country of origin:

country	country code	count	percent
China	CN	88227	39.89%
United States	US	54977	24.85%
South Korea	KR	13182	5.96%
Netherlands	NL	10808	4.89%
Vietnam	VN	6565	2.97%
United Kingdom	GB	3983	1.80%
Taiwan	TW	3808	1.72%
France	FR	3709	1.68%
Germany	DE	2488	1.12%
Canada	CA	2349	1.06%

Source: The Attacker’s Dictionary

The Overshare

People love to post beautiful vacation pictures online. But do you post these publically while you are still out of town? If people are strolling thru online profiles, they will know that you just left and your home is potentially empty. Think twice when using location services and such as that get embedded in photos and saved by social media sites. Make sure you check your photo settings because sometimes mobile devices will have location services automatically turned on.

Kids

Now, this is where it gets creepy. Do you post photos of your kids and their names? Predators are constantly online using social media looking to target their next interest. Are you posting a consistent pattern for example “Tuesday night at the Park”? This alerts whoever is looking, a consistent pattern of where you will be and plan on going. By posting the child’s name, the predator already knows them by name and can say “Hi Billy, I’m your dad’s friend Jim.” and the child’s stranger defense is already lowered. The FBI’s Criminal Division’s Crimes Against Children Unit is a great resource for tips. Parents think they are safe if they don’t post names or school locations; but in your feed do you check in a church, and then later in the week your son is in a Bruin’s uniform? Using these two data points it’s easy to cross reference “local high schools mascot bruins, near First Baptist Church” and BOOM the details are confirmed.

HIPPA Concerns

If you’re in the medical field and active with social media during work (even if you leave it in your locker), the data is collected by IP addresses, wifi networks, locations, there is actually a risk of accidentally identifying clients who are protected by HIPPA. So here’s how that happens, you’re online, clients or patients are also online while they wait for their appointment. Social media finds pairs the WiFi location of these innocent activities and then all of a sudden you might have a friend suggestion “Sally Smith, visits Horizon Health frequently too, Do you know her?  tag a location and then show up as suggested friends with the provider being the friend in common. A way you can verify this is just look at some of the “suggested” connections that the social media companies recommend. Do you sometimes see co-workers with no friends in common and just scratch your head why do they connect us? Maybe it’s because of your locations.

Stay Connected but Not Exposed

Social media and being online can be fun and highly productive (not to mention addictive for some). Data can only be breached when it’s shared, so it makes sense that security starts with the person sharing the data, and the first risk exposure is when the data is transferred to another person or location. By keeping your information secure or unshared there is less exposure in the event of a security breach. Companies are constantly trying to provide richer user experiences and intuitive user experiences that might make us feel like it’s made just for us, but at the same time, they need to protect the customer’s identity and data. In previous posts, we have talked about the mixing of OPM data and state-sponsored targeting. Criminals of all kids are trying to target financial data, personal data, whatever as so much is just being shared online without any thought of the risks. Mitigating these risks are key to keeping it being online fun and safe. Limit who can see and access your data and certainly limit personal data going out to acquaintances and their friends. The longer the friendship chain goes, we can assume that there is a higher risk of breach. Not all 5 degrees of separation lead to older actors who play music; Kevin Bacon.

So what now?

Social media platforms have the ability to limit your posts in various ways; did you know you can even exclude individual people in each social media post? Platforms like Twitter and Snap chat have security features but they are not as robust as Facebook. For a time Instagram was probably thought about as just pictures what’s the big deal, but I think now people know that visual data (Instagram) is probably just as meaningful as written data (Twitter). The bottom line is to be careful what you share, how often you share it, and with whom. Here a quote that might stir some thoughts:

Let’s face it, television is an invention where you’re entertained in your living room by people you wouldn’t have in your house. ~ Michael Landon, 1975

So now instead of us watching TV, we’re watching our social media feeds, and letting others watch the intimate details of our lives through their tiny screens. Maybe it’s just time to think about what we share, and why we share it.