Social Media Pitfalls
Tyler Cohen Wood CISSP
Keynote Speaker | Host Our Connected Life podcast | CEO & CoFounder Dark Cryptonite | Top 30 Women in AI | Cyber Woman of the Year Finalist | Top Global Cybersecurity | Board Member | Fmr DIA Cyber Chief | AI security
By Tyler Cohen Wood
A friend got her Twitter account hacked. Once in her account, the hacker changed her password and the email address associated with the account. The hacker sent some tweets from her account. The hacker’s tweets were not in line with Twitter’s Terms of Service and Twitter closed her account.
She got an email from Twitter that her password had been changed but her legitimate email account was no longer associated with the account and she was given the run around by Twitter about getting her account restored. It was an uphill battle for my friend to get her account back.
Here’s the first problem: businesses and influencers use their social media accounts to get business. Think about it—before many people try a new restaurant, they look it up on Yelp, Google, or other sites to see how many stars it has and what the reviews say. And the reviews, number of followers, social media content, etc. can make or break a business. Each day a person’s account is locked, they are losing money.
But what I don’t understand and (problem number 2) is with all the tracking and pattern-of life-algorithms social media platforms use, you would think that it would be simple for social media providers to determine that someone else was using a person’s account. For example, if you allow location tracking, social media providers can see where a person posts from. They can collect the device IDs each of us use, IPs, and Exchangeable Image File (EXIF) data from any photos posted. Think of EXIF data as identifying information about the camera that took the photo. EXIF data will show things like the camera or smartphones IDs/serial numbers, mobile operating system version and a lot of other information. But most importantly, it shows the exact location of where the photo was taken. And when you post pictures with EXIF data on, social media algorithms should be able to figure out where a person lives, works, etc. Information gathered also shows whether we use our phone or computer to post, what types of topics we post, the words a person uses, OS fingerprint, browser fingerprint and more. When you put the whole pattern together, you get a very distinct profile of a person.
I would think that it would be quite simple for Twitter to ascertain that my friend’s account was taken over and used by a hacker because the profile and posting pattern would be significantly different than normal. But that isn’t what happened. Why? Is the AI not as good as I think? Is there just too much data?
Regardless of why, we have a big problem in that social media platforms can make or break a business, or a person’s career, especially when someone is an influencer and social media accounts are their livelihood.
So, what can we do? Here are some ideas:
· Always use the highest security settings allowed by the platform.
· Always enable multi-factor authentication if offered.
· Do not use the same passwords for all your accounts. Also look into getting a password manager.
· Turn off location tracking if you don’t want EXIF data in your photos.
· Have a date with your phone. Grab a glass of wine or whatever and go through all of your phone’s setting so that you know what each app has access to.
· Have your own incident response plan that you can enact
· If hacked, always immediately change all passwords and run any anti-virus, anti-malware, software to make sure that the hacker didn’t leave any little surprises
· Always expand links before going to any site that you don’t know.
10X CIO Innovation Mastermind Community: Offense and Defense Peer to Peer - Leadership, Strategy, Security, Mindset, Innovation & Exponential Technologies. Using Pareto and 80/20 to Dominate Complexity
4 年Good suggestions! I'd also add, even going as far as using a screenshot of a picture that you'd like to post instead of the original photo so that the data attached to the picture file is changed.
Entrepreneur & coach. Building an investment banking platform as a service. Digital Securities & Tokenization OG. Top 20 Proptech Influencer, Top 25 Blockchain & Crypto Speaker; Top 100 Woman Blockchain Influencer
4 年this happened to me too
Member of Camara Internacional da Indústria de Transportes (CIT) at The International Transportation Industry Chamber
5 年Tyler, Outstanding tips here shared with my other Professors at the University and also Board Members at APICS.ORG and WorkSource.? ?Many thanks for sharing my friend here! Warm Regards from the air, Bill Stankiewicz President Savannah Supply Chain Office: 1.404.750.3200 [email protected] https://www.youtube.com/watch?v=cBu5urd-8fM?
Cybersecurity Executive Search
5 年Very wise post.? "Have your own incident response plan that you can enact" (great idea - TY!)
Vice President of Engineering & Development
5 年AI for Cybersecurity Market Research | Status & Trend Report by 2023 Top 20 Countries Data ?????? ???????? ???????????? ?????????? : https://bit.ly/2N1xM7c Worldwide and Top 20 Countries Market Size of AI for Cybersecurity 2013-2017, and development forecast 2018-2023 Main manufacturers/suppliers of AI for Cybersecurity worldwide and market share by regions, with company and product introduction, position in the AI for Cybersecurity market Market status and development trend of AI for Cybersecurity by types and applications Cost and profit status of AI for Cybersecurity, and marketing status Market growth drivers and challenges Major Key players For AI for Cyber security: Symantec FireEye Cynet Check Point High-Tech Bridge IBM