QA | 28 January 2013
The concept of “Egosurfing” used to have negative connotations, but in the context of Cyber Security, it has never been more important to understand what information you are making available
A little over a week ago, whilst live-tweeting our Cyber
Security event (
), I realised that not only has there been a
significant cultural shift in terms of Google etiquette
over the past 10 years, but also that we have a responsibility to
maintain this new status quo.
Back in the mid 90s, Googling yourself was a "guilty pleasure" - a social faux pas that secretly most people did because of the fresh novelty of the internet - but didn't talk about for fear of seeming narcissistic or deeply uncool.
After the millennium, the internet was established as a tool which was, with rare exception, available to all. The internet became an acceptable part of dating, recruitment, research... both our personal and professional lives benefitted enormously from being able to Google someone prior to meeting them.
And then, almost 10 years later came Erasing David . David Bond helped bring the terrifying vulnerabilty of the world we live in to the mainstream and Googling oneself in order to protect oneself became a very necessary evil.
So what kind of information is typically online?
If you are a member of a social media site, then you are searchable on Google.
Let's put it to the test. Being a Social Media expert, I am obviously a member of Facebook, LinkedIn, Twitter, Pinterest, Google+ and YouTube - and naturally my profile on these sites are the first sites that will appear in the search results.
After page 1, a bit of backtrack leg work is required to keep digging but one could ascertain that I not only have two blogs of my own, I also write regularly for QA, Culture Vultures, The Huffington Post, Observer Food Monthly at The Guardian... you can find comments that I have contributed to other blogs or forums from The Guardian and LinkedIn to Everyday Sexism, Buzzfeed and Mashable. You can find interviews I've given about Social Media and Feminism... I live a rather public life.
The Googlability of my name is enhanced by the sheer volume of my contributions. My food blog has almost 500 recipes, each one a stamp against my own name. I've written 50 blogs for QA, sent almost 37K tweets... my digital fingerprint is in a lot of pies.
This is by choice - the nature of my job requires me to have a credible online presence, and for my personal interests, the promotion of my food blog is something I do across many platforms.
Is the information available about me - a willingly public person really that different to anyone else though? If you use just one social media site, or blog under your own name instead of a screename - your links to everything from your Amazon wishlist to your Last.FM account are easy to find, and if it's easy to find it's easy to abuse.
Social Engineering involves building a profile about a person, and Google makes that a cinch.
If someone wanted to steal my identify, it would be easy to research me in order to craft a phishing email based on my personal and professional interests and if I were stupid enough to use the same password for all of my social media sites (or indeed if I were stupid enough to use any password that was easy to guess instead of using randomly generated passwords stored in a secure piece of software) it would also be easy to hack me at this level.
If someone got hold of my bank card and were to ring telephone banking - all they would need in order to transfer my money to their own account would be my mother's maiden name, my birthday and the details of a recent transaction on my account.
Whilst my own maiden name is easy to find, my mother has a different married name to my maiden name and she doesn't use social media anyway so that's fairly easy to keep secret. My birthday may be easy to find on social media, but as I deliberately don't opt to "share" my exact purchases on Facebook or Twitter or Google Plus (although I may talk about them indirectly) I can at least ensure that my financial transaction aren't a public record.
But these share options exist and I see people tweeting their purchases every day! I see them checking in to locations on Foursquare too and wonder "if I were to steal their bank card, how easy would it be to fudge my way through telephone banking security by saying "I just bought a cinema ticket at Cineworld, it was about £8"...
No one should be arrogant enough to say that they are invulnerable - Social Engineers are frighteningly good at what they do - but one can at least minimise the risks by being selective about their output.
Have you ever Googled yourself? Do you know how vulnerable you are?
Find out more about protecting yourself and your business at www.qa.com/ia , and also check out www.staysafeonline.org