The growth of social media has brought about many benefits, providing a way for people to connect, communicate and organize. It's obviously also had negative impacts. It's enabled the rise of fringe movements and beliefs galvanized by social media activity, for example. Another, lesser understood issue around social media use is the cybersecurity risk it introduces.

The cyber risk posed by social media doesn't just affect individuals – as an employer, your employees' social media habits pose a significant risk to your organization. It's important to understand the ways in which bad actors gather information from social media sites about your employees, particularly with digital artifacts, relationships and personally identifiable information aggregation across platforms.

Everyone's information has value

Once you create a digital profile, your information is available for everyone to see. That makes it available to be harvested by malicious actors. People tend to be creatures of habit, using similar images, usernames and email addresses to log in to different platforms. They also use those email addresses for other, more sensitive things, such as bank accounts. Every time you put a piece of information online, it puts you at greater risk.

A shocking number of people think their online information isn't of interest or value to bad actors. That's completely wrong. The money that you have in your bank account is of interest to criminals; your computer can be compromised and used as a resource to target other people of interest to criminals. There's not a single person who doesn't hold some level of interest for a criminal.

Aggregation: Bad actors collecting crumbs

Every piece of information is a potential intelligence source, but it's not just coming from the content you share. Social media memes and quizzes are just a couple of examples. People are pre-disposed to some degree to answer some of these quizzes. It's a fun diversion to respond to memes like "Your movie star name is your first pet's name plus the first car you owned."

Think about this: what are the security questions that are asked to recover passwords? For many sites, it's these same types of questions – first pet, first car, favorite color etc. It's even been shown that some of those quizzes are put out by people with malicious intent to gain access to your online accounts.

Cybersecurity
A person works at a computer during the 10th International Cybersecurity Forum in Lille, France, Jan. 23, 2018. PHILIPPE HUGUEN/AFP/Getty Images

With this, attackers can aggregate little bits of information. One or two bits aren't likely to be dangerous, but if you become the target of an attack, the bad actor will look for more crumbs of information across your social accounts. Any content that's publicly available is of potential risk.

Relationships can be leveraged for information

It's not just the content you share or that's shared with you that poses a potential risk. It's also your social media connections. The Cambridge Analytica scandal provides a clear example. When you post something and your friends like it, comment on it or reshare it, that's now a relationship that's exposed if that post is publicly available.

There's still risk if your social accounts are private. Let's look at Facebook as an example. Your profile image is public and some of your connections can comment on your profile image if you've changed it recently. Even if you don't divulge your location, education history or interests, an attacker can conduct life pattern analysis or pattern analysis across relationships. They can derive information about you just from your relationships, whether you share it or not. This is one tactic attackers can derive the most value from.

LinkedIn and cross-platform aggregation

Facebook tends to get the most flak when it comes to privacy issues. A Facebook app aggregated the personal data of its users and the users' network of friends, then gave that data to Cambridge Analytica. Approximately 270,000 app users resulted in the data collection of 87 million individuals.

It's not the only social platform that users need to consider with respect to data privacy. In fact, the first platform that attackers check is LinkedIn. The professional networking platform tends to be skipped over when people think about high-risk platforms; however, it's a huge target for bad actors.

People share far too much on LinkedIn. Users have a perception of value about the data that they share on the platform. They list every place they've ever worked, every place they've gone to school and a wealth of location information. People use this information for recruitment or to develop professional relationships and they've decided (whether overtly or subconsciously) the value they'll get out of the platform is a fair trade-off for sharing so much personal information.

Awareness is key

The first step to solving a problem is recognizing it. More than 90% of cyber espionage attacks are enabled by publicly available digital content. There's no easy answer when it comes to social media safety. Employers certainly have their work cut out for them in terms of the next steps. But understanding the security risks and what's posing the biggest issues creates a hugely important foundation.

(Aaron Barr is the CTO of PiiQ Media)