Have you ever just had one of those Fridays when you know your looking good? Hair is perfect, new outfit, and maybe even down a few pounds? You’re in a great mood, and no one can get in the way of your weekend shenanigans. This leads you to use the front camera on your phone to take a photograph of yourself — the office selfie.  What’s the office selfie have to do with cybersecurity?

Consider the Risk of The Office Selfie

The improvements of smartphone capabilities and the quality of camera installed in them, basically makes anyone a photographer. Even crazier than that, in less than one minute that photo can be shared with the entire world thanks to the numerous platforms of social media.

That can be great for business — improving the brand, marketing, and staying connected with your audience.

Now imagine the scenario of an employee who was feeling good on a Friday and takes a selfie at his/her cubicle. The photograph will be posted on Snapchat with a caption “TGIF”. No harm no foul, right?

Your Employee Hasn’t

Have you ever considered the information in the background of this photo? Your employee hasn’t. There are a couple major risks that employers and employees should be aware of — and include in their ‘Acceptable Use Policy.’

Physical Background

By nature, most people only focus on themselves in a picture.

When a photograph is posted on social media its likely the poster (your employee) never even checked the background. The background can include various types of sensitive information — information on the computer screen, customer logos, a whiteboard brainstorming session with product roadmaps, credit cards…if any of your employees still have sticky notes with passwords on them, the background might even include a password to your business network.

At this point you might as well write your username and password on your forehead.

Metadata

Pictures taken with a phone keep a lot of metadata — you may notice that iphones now can sort photographs my location or using a person face. The metadata includes exact GPS location, longitude and latitude, of where the picture was taken. It also includes the date the picture was taken, and more information like make and model of the phone.

Photo by rawpixel on Unsplash

A real life example that we hear weekly is some version of this — someone emails another employee masking as an employee, and asking for sensitive information, a bank transfer, etc. The actual employee obliges, and company information or money is lost forever. These attacks are successful because bad guys use information readily found somewhere like social media — so if a bad guy knows you’re traveling for business, using a certain device, etc. it can be used in a social engineering attack and gain access to your system.

Protecting Yourself, Protecting Your Business

First and foremost — be aware of your surroundings, and raise awareness with your employees. You can’t stop them from using a mobile device at work, but you can help them understand the risks involved and how to mitigate those risks — one of the easiest ways is to just check what’s in the background before you post a selfie!

Secondly you can protect yourself online by turning off some of what’s tracked when a picture is taken on a phone — it’s pretty easy — Turn off Metadata on the iphone by going to Settings>Privacy>Location Services>Camera should be turned off.

Smart Selfies

Selfies/pictures taken with phones can be valuable to your business for branding, marketing, and more, but it comes with its own risk. Reduce risk by creating a culture of awareness in your organization.

Employee Cybersecurity

Wuvavi is an employee awareness platform that makes every employee in your organization an active participant in cybersecurity. Wuvavi focuses on the human side of cybersecurity through information security training and simulated phishing attacks.