Vancouver cybersleuth Derek Manky says if you wouldn’t share personal information in a waiting room, you shouldn’t be sharing it on social media.
"A best foot forward is a zero-trust environment,” Manky said. "There's too much trust online."
He said the more information you post on social media platforms like Facebook, Instagram and Twitter, the greater the chances that a cybercrook can profile you and target you to be scammed.
“Would you discuss this in a physical environment?” is the question Manky suggests people should ask themselves about personal information they post online.
“Most people would say not. When it comes to posting it online, most people wouldn’t think twice.”
So what kind of stuff is Manky, FortiGuard’s chief security strategist and vice-president for global threat intelligence, talking about?
Your birthday, for one.
“I never put my real birthday on,” Manky said.
Other personal information that should be kept private should be kept under wraps.
“Anything that relates to or identifies you,” said Manky, who does not have a Facebook account.
And don’t go geotagging photos (physically identifying a location), indicating where you are.
Addresses, passwords, financial information — all no, Manky said.
Don’t be telling people when you’re going on holiday, he adds. Not only does it reveal your plans, it also says when your home will be empty.
So, what can a cyber bad guy do with the data?
Manky said it comes down to social engineering. Bad guys can learn who you are and what you will react or respond to. That means they can target you with scams, frauds that look very legitimate because they know a lot about you.
What else? Information about your job, your employment blueprint or description of where and how you work, those you work with; information about new technology you have — including internet of things devices or routers.
Don’t post pictures of your ID such as a driver's licence or passport. (Don’t laugh; he’s seen it.)
B.C.’s Office of the Information and Privacy Commissioner has several guidances for people to learn from.
“Don’t give out more information than you have to: Avoid sharing too many personal details with large numbers of people; for example, by allowing open access to your social media pages,” said a Grades 9-12 suggested privacy lesson plan. “Familiarize yourself with the privacy settings of your favourite social networks and adjust them according to your comfort level.”
The plan tells teens that when posting information online it’s worth thinking about who might see it, apart from their intended audience.
“Would the things you write or the pictures you post cause embarrassment in real life?” it asked. “How would you feel if your current or potential employer saw what you posted?”
The office also has a privacy tips guide for seniors covering online and many other areas that should be guarded.