Blogs • Cyber security

Oversharing is a #bad-idea

Published 18 December 2020

Oversharing on social media can backfire badly, both personally and professionally. Read our tips for safer social networking.

Transparency, candour and openness are all admirable traits that cultivate trust, and thereby help to form new bonds and strengthen existing relationships. We know this instinctively, and so we share little titbits of information to develop a rapport with others. Individuals do this, and so do organisations: the goals and methods are essentially the same.

Admirable as these traits are, in the online world they can become vulnerabilities to be exploited. Once information has been posted, it becomes difficult to control who sees that information. Possible consequences could include socially engineered attacks to steal identities or even to coerce or manipulate people into unethical behaviours.

Safe travels online

Sharing your good times with friends, family and colleagues is undeniably fun. In addition to the pleasure of the moment itself, you may get a dopamine buzz from the kudos from your online friends.¹ That sounds like a win-win situation, but if you’re posting photos in real time, then you’re broadcasting not only your current location, but also the fact that you’re not at home.

Similarly, if you’re travelling, live updates could alert strangers to the fact that you’re not at home, and your photos could inadvertently display compromising details in the background. Photos of boarding passes are particularly problematic as they contain a lot of personal information, as well as itinerary details. Sharing all that information via social media could set the stage for identity theft – which may not be discovered until after returning from overseas – or even a physical robbery while far from home.

A far better option is to save your photos and share a carefully curated collection after you’ve returned safely.

Keep your personal and professional lives separate

Be especially wary of sharing selfies and other candid photos from your workplace. It’s very easy to overlook details in the background that could compromise personal or organisational confidentiality.

How safe is your online identity?

If you’re someone who works in healthcare, you are part of a professional group that is an important and well-respected part of our community. This elevated status may make you or your organisation a tempting target for identity theft, which in turn could enable bad actors to impersonate you to access sensitive information, operate accounts, obtain loans, and more.²

Review how much personal information you make available in online CVs on professional sites like LinkedIn. Do you really need to provide your full work history?
Be careful what you post, to ensure you don’t inadvertently share sensitive information.
Be on the lookout for things that seem too good to be true – for example, online “personality” quizzes are very popular, and may seem like a harmless way to decompress after a hard day but some have more a nefarious purpose.³ One warning sign to look for is questions that could be used to establish your online identity, such as your mother’s maiden name, your date of birth, and so on.

Who are you connecting to?

Are you connecting with people you have actually met in person, or complete strangers? If a stranger wants to make your acquaintance, ask yourself why. Their interest might be genuinely benign or it might not. A modest amount of suspicion is perfectly healthy, and may keep you out of trouble.

Additionally, if you have access to sensitive or “insider” information, it is very important that you don’t openly broadcast your access. This could make you a target for foreign spies who are skilled at manipulating people to obtain sensitive information.

Reputations are fragile

Flippant remarks in online forums could endanger professional reputations years later, especially if taken out of context by a malicious rival. Review your professional association’s social media policy and its obligations, and consider checking your digital footprint regularly to reduce this risk.

General tips for safe social media use

These are just some of the risks that you might run into while using social media. Our recommended safe social media practices include the following:

Control who sees your information

Only accept friend requests or connections from people you know.
Set your page or profile to private to limit who can see your bio.
Don't use options such as “sign in with Facebook” when signing into new services or accounts.
Check each social media platform’s terms of use to see what data the social media companies are collecting.
Don’t overshare information that might compromise you or your organisation.
Disable location sharing on social media platforms.
Think before you click “post” (consider what you share).
If using social networks for business purposes, be sure you have read and understand your organisation’s social media policies.

Report suspicious approaches

You may find that someone you don’t know approaches you via social media to invite you to participate in some sort of scheme. Consider the following:

If the offer seems “too good to be true”, it probably is.
On the other hand, if the approach involves an element of coercion, e.g. they claim to have compromising information, cooperating with them is likely to make things worse rather than better.

Either way, your best course of action is to report the situation immediately to the Australian Cyber Security Centre. They have the resources and expertise to either help you directly, or to forward your case to the agency best equipped to address your specific circumstances. You can also contact IDCARE, a not-for-profit organisation that provides support and assistance to victims of identity theft and other cybercrime.

For more information

The Australian Cyber Security Centre’s Security Tips for Social Media and Social Networking Apps provides guidance for both business and personal use of social media.
IDCARE provides a range of fact sheets, including guidance about common social media platforms.
Health practitioners should also check the Australian Health Practitioner Regulation Agency’s guidance on Social media: How to meet your obligations under the National Law.

SITNBoston: Dopamine, Smartphones & You: A battle for your time
Scamwatch: What scammers do with your personal information
Bustle Digital Group: It’s not just Facebook – online quizzes also collect data about you