Published 5th Mar, 2023

By Tarinipre Francis

“Mention two surnames that brought you into this world, let’s find your cousins.” “What’s your favourite colour?” “What’s your favourite meal?” “Write the name of your best friend, let them find you.” “What’s a pet name you used to be called when you were younger?” “Enter your birthday and find your birthday mate.”

Typically presented as fun and harmless quizzes on social media, maiden names, favourite colours, and the likes, are sometimes just enough information to put one at risk of cyberattacks.

Social media has become a way for individuals, businesses and governments across the world to be more connected. Like every other technological innovation, however, it comes with its risks.

FIJ saw that a number of people willingly responded to questions that asked for personal details, posed to them as fun quizzes on social media.

Jafta
Ndzombane pic.twitter.com/ic0cSxza8W
— Pee-Jay (@MsPee_Jafta39) December 23, 2022

This could be because people don’t usually perceive this kind of information as sensitive, and as a result, are not opposed to making it known publicly.

Oftentimes, they tend to think of personal and sensitive data like bank details, home addresses, phone numbers, passwords and login credentials only as confidential documents.

However, oversharing personal information exposes us to serious security risks, and these “less-sensitive” information can expose people to cyberattacks.

In 2021, IBM reported that 95% of cyber breaches were results of human errors.

More recently, in 2022, Verizon, in its Data Breach Investigations Report, also disclosed that 82% of cyber breaches were caused by human errors.

These errors were either by means of people responding to phishing emails, clicking on unsecured links, over-exposing themselves, sending sensitive information to the wrong people, etc.

WHAT DO THE EXPERTS HAVE TO SAY?

According to Dejan Kosutic, cybersecurity strategist and CEO, Advisera Expert Solutions Ltd., non-sensitive information usually makes up the required security detail used for account and password recovery.

Such information absolutely constitutes cyber risks, according to Kosutic, and leaving a trail in public makes you vulnerable to cyberattacks and gives hackers easy ammunition to access your sensitive information.

Kosutic told FIJ that these attacks could be costly, adding that the bigger the financial reward, the more danger they could portend. He said the risks were relatively low, with lesser financial rewards.

“A hacker would do more damage if he can get access to a corporate account than an individual account of a teenager for instance,” he said.

“If someone has gained access to your email account by using this personal information for access recovery, they could gain access to any other app that you opened with this email account.

“They can do so by simply entering in an app, ‘I lost my password’ and they will receive an email for resetting the password to this email account they now control.”

By Kosutic’s estimation, 95% of the time, people cannot foresee these attacks, but they can take measures to protect themselves.

The best way to protect yourself, according to him, is to not divulge personal information at all.

Furthermore, he encouraged the use of complex passwords, and two-factor authentication to buff up security.

Share on Social Media