How Oversharing Online Creates Serious Cybersecurity Risks for Organizations​

Social media platforms have become an unavoidable part of our lives. While they may help us feel more connected, the ease of sharing information online can also pose significant risks to both individuals and organizations. One of the most concerning issues is the potential for oversharing, which can expose sensitive data that helps adversaries focus their resources on worthy targets or compromises security directly with blatant disclosure of sensitive information. For example, the guy who was interviewed on television with passwords on sticky notes in the background. [1]

Business Impacts to Oversharing Online

When employees share personal information on social media, they reveal a vast trove of data they may not even consider confidential that can be exploited by malicious actors. This information can be used to target individuals and organizations for spear phishing attacks, identity theft, or can even lead to physical harm. Competitors can also leverage publicly available information on social media to gain a competitive advantage or reduce the advantage you’ve been enjoying. For example, if an employee posts about a new product or project (even in the background of an awards ceremony photograph), it could reveal sensitive information that others can exploit.

And then there are the fines. Many industries are subject to strict data privacy and security regulations. Unfiltered sharing on social media can put organizations in those industries at risk of non-compliance and hefty financial penalties. 

One social media platform most popular among professionals is LinkedIn. While it can be useful for networking, job searching, and being recruited, LinkedIn also has a much less talked about dark side.

Recently, I came across a LinkedIn profile sharing sensitive security clearance information. I pointed out to this person that the “TS/SCI” next to his name on his LinkedIn profile might not be a good idea.

Here’s why: 

• Sharing phone numbers, email addresses, or physical addresses can make individuals vulnerable to scams and harassment. 
• Posting about upcoming business trips or vacations can alert potential criminals to empty homes or opportunities for theft. You’re also giving the adversary great information that could be leveraged for social engineering purposes – like where to “bump into you” for that after-conference drink.
• Sharing information about a high security clearance, as in the example above, creates significant risk. This type of information can be used by malicious actors to target individuals for social engineering attacks or to find an avenue to compromise classified information. The National Counterintelligence and Security Center reminds us that social media platforms are used by foreign intelligence [2] to “develop relationships with people who have access to valuable information.” 

Mitigating the Risks of Oversharing with Cybersecurity Best Practices

Before sharing anything on social media sites, it’s a good idea to refresh yourself on the promises you’ve made, like Non-Disclosure Agreements (NDAs), and the organizational policies you’re expected to follow. Most organizations have developed clear guidelines that outline acceptable social media usage, and they universally prohibit the sharing of sensitive company and customer information. It’s always a good idea to check your corporate handbook and Human Resources policies before you post. 

Real-World Examples of Oversharing Causing Online Cybersecurity Risks

The reality is that foreign intelligence agencies and cybercriminals are constantly on the lookout for individuals with access to sensitive facilities, information, and systems. Sharing a security clearance online can make you a prime target for recruitment or exploitation. And it’s not just the intentional leaking that can cause harm to our organizations or ourselves.  

Newsweek published a story [3] back in 2017 about how the Russians were using LinkedIn to advance their policies, spread disinformation, and to target or neutralize their adversaries. In 2024, we have an explosion of AI-assisted threats. It’s not farfetched to think our enemies may be using the rich data at LinkedIn and other social media sites to identify and socially engineer potential targets into insider risk activities. If you’ve advertised your Top Secret clearance on LinkedIn, posted your beer consumption and favorite hangouts on Untappd [4], and poured your heart out to your ex-girlfriend on Instagram, do you think a foreign intelligence service might see you as an opportunity? It’s more likely than you’d think.  

This problem isn’t specific to just the United States, either. Earlier this year, China’s Ministry of State Security (MSS) warned its own citizens and employees [5] about careless and unintentional leaking of information. Their concerns were about sensitive military and government sites and unauthorized disclosure of state secrets. Russia banned social media for its soldiers [6] after several operational disclosures [7] that we’ve seen in the news in recent years. (opens a new window)

Their soldiers continue to post selfies and visual “war trophies,” [8] handing intelligence services data needed to sort through the information warfare campaigns originating in official Russian channels, including geolocation information embedded in photo metadata.  

Social Media = Convenience at a Cost

The convenience and connectivity of social media platforms come at a cost. Oversharing personal information can have serious consequences for both individuals and organizations. By understanding the risks and taking proactive measures to protect themselves, individuals and organizations can help ensure their online safety and security.

Oversharing can cause serious online cybersecurity risks. Protect your data and employees with tailored solutions to safeguard your organization, request a demo today.

References

[1] Hacked French Network Exposed Its Own Passwords During TV Interview (opens a new window)

[2] NCSC Intelligence Threats Social Media Deception (opens a new window)

[3] Russia Putin Bots Linkedin Facebook Trump Clinton Kremlin Critics Poison War (opens a new window)

[4] Military Personnel Exposed by Unlikely Social Media App (opens a new window)

[5] Global Times - China's Ministry of Sate Security Warning (opens a new window)

[6] No More Selfies or Some Updates Russian Soldiers (opens a new window)

[7] Russia Instagram Ukraine Metadata (opens a new window)

[8] Trench Selfies Tracking Russia Military Frontline Social Media (opens a new window)