Don’t Play Games with Your Internet Passwords and Social Profiles

The modern internet has turned out to be a blessing for most people, as it has revolutionized everything around us from communication, education, shopping, eating, grooming, and even expanding our knowledge on a wide range of topics.

The internet has also transformed entertainment methods, supplying platforms and activities, for all generations to enjoy. With the endless supply of online games, videos and other exciting adventures, it is impossible to be bored when surfing the web. The World Wide Web plays host to many exciting gaming opportunities and social platforms, which have bridged communications, expanded our network, and supplied a wealth of content for those who take part.

The Internet is filled with an array of social media platforms that many subscribe to and are active members.  Social Media sites like Facebook, LinkedIn, and TikTok have an enormous membership base and members regularly interact and engage throughout their day.

Curiosity, nostalgia, and our quest for knowledge often lead us into collaborative activities that poll us for answers, opinions, and sharing personal details. This collaboration is tempting and entertaining, but users should be cautious. At the forefront of malicious activity is the unauthorized access and theft of user information and personal data. This unauthorized activity does not only happen through a malicious actor hacking a database or data repository within an information system. Sometimes, data is acquired directly from an individual as they unknowingly provide this information through social media platforms, surveys, and other online activities.

Remember, a major part of security includes an individual’s actions, reflecting what you say and do online. As you surf the Internet, you are likely to stumble upon an online survey, a quiz, an exciting game or a meme that polls and collects information about you. Users should be careful and heed warnings as many of these activities are thoughtfully designed to encourage you to share personal information under the guise of entertainment.

What do we mean by this?

Often, security questions for password recovery require you to share personal information, like your mother’s maiden name, the name of your first-grade teacher, the name of the street you grew up on, the name of your favorite pet, or the make and model of your first car. It is no coincidence that online games are positioned in a way to make you think fondly of your childhood and publicly share this information on your profile.

Here are a few examples …

Although these online activities are a fun trip down memory lane, users need to be cautious.

As cybersecurity attacks become more sophisticated, the cyber defense has also grown in complexity and capability.  Password management has seen an increase in the added layer of protection by also requiring stronger complexity, multi-factor authentication, and even biometrics. To supplement the strength of password management is also the convenience for end users to reset their password, using challenge questions, without the help of their technical teams. However, some of the challenge questions used for a password reset are often the same personal details being gathered and collected in these online public-facing games and surveys. It just takes one simple Facebook game where you voluntarily enter the name of your favorite teacher, and suddenly a potential hacker now has the answer to one of your email security challenge questions.

Another common risk to your identity and security is a third-party quiz that is often clickbait in disguise. From IQ tests to learning which Hogwarts house you would be sorted into; these third-party social media quizzes can potentially exploit you into sharing personal data. As you answer questions in the quiz, these results are then shared to your online profile, encouraging your social network to share their data. Upon clicking these quiz links, developers gain access to your public Facebook profile data. These details become puzzle pieces in your identity profile, which can then be used for identity theft and in some cases, sold on the dark web. Furthermore, these links can drive to ransomware or malware, which can infiltrate your networks in a security breach.

So, what does this mean for higher education?
For starters, password safety education across all campus constituents, including students, faculty, and administration needs to be conducted regularly to keep everyone aware of the ongoing risks of their online social activities. Implementing an Identity and Access Management solution can help protect your institution against compromised user credentials and easily cracked passwords.

Higher Ed institutions continue to remain a target of malicious actors and cyber threats. With a wide array of data and a complex campus community group, hackers are finding security gaps and weaknesses that are easily exploitable. Academic freedom, collaborative work environments, and the widespread use and sharing of data, place Colleges and Universities as prime targets for malicious activity.

Are you ready to put more protective measures in place to safeguard your institution? We’re here to talk.

About the Author
The majority of Brian Cornell’s 20-year technology and cybersecurity leadership career has been spent supporting Higher Education Institutions to develop and mature their information security programs. He has extensive experience providing policy guidance, risk assessments, and strategic planning aimed to protect and secure institutional assets. As Chief Information Security Officer at OculusIT, Brian’s deep knowledge of security frameworks and compliance requirements supports our clients in the improvement and advancement of their security goals and initiatives.