Following our previous post in which we were able to demonstrate how one could get into the private life of an individual thanks to the information the latter has provided about him/herself on various social networking platforms, this second instalment of our demonstration shows how a hacker can use this information as a starting point for a foray into the targeted person's company information system.
3 strategies have been exposed in this video. All 3 scenarios selected are straightforward in order to prove that everyone is potentially concerned. However, a myriad of other scenarios can be devised, all depending on hackers' skills and mainly their powers of imagination. Our aim is not to disparage social networking tools let alone the Web 2.0 in general both of which remain great tools. One just has to play by the rules if one wishes to use such tools correctly and safely and make sure things don't get out of hand. Take a chain-saw for instance, noone would deny it's a great wood-cutting tool, but it would be really foolish and dangerous to use it wrongly. Web 2.0 is just like that too. As a consequence, don't disclose personal information undiscriminatingly!
Mind you, I don't mean that you shouldn't communicate to the outside world. On the contrary, over-communicating can be a viable strategy in order to influence the market or even to ensure that your competitors are buried in search engine results. A bit of risk assessment should do the trick, not much more is required to keep danger at bay. Yet, proper risk assessment should take all available information into account in order to better anticipate hacking techniques which could target your organisation or yourself.
Information security extends way beyond IT security, it must encompass the whole spectrum including the human factor, i.e. the human beings who create, process and transform information. Hence a simple technical IT security audit cannot suffice to provide a comprehensive view of all security issues. Similarly, an organisational audit isn't sufficient either. A holistic approach is required, and the human factor must be taken into account. Today's hackers and crackers actually do this, hence why not mimic them when trying to protect your information.
The next step after these short demonstration videos will be devoted to the actions that can be taken to mitigate the risk in social media, such as:
- how to erase unwanted information or information which needs be hidden
- or, depending on your strategy, how to use social media tools not just to protect but to master, manage and lead.
_