• United States




Are you leaking too much of your real life online?

Mar 05, 20134 mins
CybercrimeData and Information SecurityPhishing

Thieves and predators constantly search Facebook, Twitter, and Google+ for telltale information. Think before you post!

I live in Key Largo, Fla., a fishing and diving destination. One of my friends recently posted a picture of his custom, handcrafted fishing poles on Facebook for all his friends to see. He even included a great picture of the new hanging racks in his garage where he stored them. They were stolen later that night while he slept upstairs.

Another friend advertised the great New York vacation his family was taking. They came back to an empty house. Even the food and the garbage cans were gone. You may be able to trust your Facebook friends, depending on how you define “friends,” but can any of us trust all of our friends’ friends?

[ The Web browser is your portal to the world — as well as the conduit that lets in many security threats. InfoWorld’s expert contributors show you how to secure your Web browsers in this “Web Browser Security Deep Dive” PDF guide. ]

Are we leaking too much of our real lives into our online lives?

Heck, the whole idea of spear-phishing is that you’ve revealed something about yourself, usually in a public place, which hackers then use to trick you into doing something you otherwise wouldn’t. Hackers have tools that scour websites and news stories, then bring back links relating to people. Many of the biggest APT attacks have occurred because the attacker sent an email that referenced a story or project that was buried in a company’s public website.

Look, I’m a pretty happy, optimistic guy. I don’t think everyone is a criminal or a sexual predator. But I also think that a little common sense about what you reveal online can decrease the risk of maliciousness in the real world.

What you should and shouldn’t do

What’s my advice? Start with being aware that not everyone who can see your online information has your best interests in mind. There are predators. There’s a reason why we have jails and prisons.

Second, practice a little self-censorship. Keep daily routines, locations, and whereabouts to a minimum. If you go on a trip, reveal everything you want to, but save it for after your travels. Everyone will be just as excited after you’ve returned — except, that is, possible criminals.

Now’s a good time to review the information you expose in your online life. Declaring what city you live in is fine, but letting everyone know your mailing address is asking for trouble. Review your information and remove anything that can be used against you, according to your own risk threshold. For example, some people have no problem telling everyone where they work, while others think that’s an invitation for stalkers or spear-phishing attacks.

Review the privacy settings for each of your social networking sites. Privacy settings change often with little notice — and when they do, they rarely increase privacy. Think about what you post and how your post. For example, on Facebook, I consider the audience for each post: Public? Friends only? A customized list? The greater the potential privacy invasion a post has, the smaller the post’s audience should be.

If your company doesn’t offer privacy advice like this as part of employee education, consider adding it. Remember, you’re protecting your employees and your business since criminals often steal personal credentials with the intent of cracking into work accounts.

This is such a commonsense post that I’ve avoided writing it for years. But now that oversharing has resulted in two friends suffering burglaries, I felt it was high time to adress the topic. Sometimes, when you’re paranoid, they really are after you!

This story, “Are you leaking too much of your real life online?,” was originally published at Keep up on the latest developments in network security and read more of Roger Grimes’ Security Adviser blog at For the latest business technology news, follow on Twitter.


Roger A. Grimes is a contributing editor. Roger holds more than 40 computer certifications and has authored ten books on computer security. He has been fighting malware and malicious hackers since 1987, beginning with disassembling early DOS viruses. He specializes in protecting host computers from hackers and malware, and consults to companies from the Fortune 100 to small businesses. A frequent industry speaker and educator, Roger currently works for KnowBe4 as the Data-Driven Defense Evangelist and is the author of Cryptography Apocalypse.

More from this author