Ever had that panic moment when you get a “please verify your device” email…or a “here’s the access code you requested” text? And you know you didn’t try to sign in anywhere? That’s the feeling of someone poking around your accounts.
Recently, a friend posted an item for sale on Facebook Marketplace. One interested buyer asked to continue the conversation over the phone. After sharing the number, our friend started getting suspicious texts and then those dreaded “here’s the access code you requested” messages. It’s a perfect example of how your personal digital habits (like posting a phone number online, reusing passwords, or not thinking twice about account security) can turn into a full-blown headache.
We talk a lot about cyber hygiene in business, but here’s the kicker: personal digital hygiene can make or break business security too. While no damage appears to have been done to our friend, it illustrates how important even personal cybersecurity is, especially to business owners.
Another infamous example of this occurred a couple of years ago at Cisco. This breach began when an employee’s personal Google account was compromised. The employee had enabled the Chrome browser password syncing, which ended up exposing his corporate credentials. Once hackers got those corporate credentials, it took a few more simple steps to access and steal TONS of Cisco data. One small personal habit spiraled into a massive business incident.
Here are 6 Ways Personal Habits can result in Business Breaches
1. Personal Email Hack
An employee gets a phishing email on their personal account, clicks a malicious link, and reuses that password on their work email or sets up secret forwarding rules. Considering that 44% of employees use the same passwords across personal and business accounts, this risk is hugely significant for business owners.
Or, think of that Cisco example above. Password management via internet browser is a massive security risk, and can easily allow a personal breach to become a much larger business breach.
2. Compromised Home Router or IoT Device → VPN Snooping
Smart cameras or routers at home with default passwords get infected. If the employee connects to work via VPN, attackers can snoop traffic and capture credentials. With the rise in all kinds of remote work situations and EVERYTHING IN YOUR HOUSE connected to your network, you have many entry points and digital doors to close. If you or your employees engage in any kind of work-from-home situation, personal network security is important for your business.
3. Personal Cloud Storage = Exposure of Business Files
Work files are stored in a personal Google Drive or Dropbox. Credentials are stolen, and attackers access sensitive business data. Dropbox, in particular, has had many problems over the years, so you must pay attention to where and how files are stored.
4. Social Account Takeover → Supply Chain or Fraud Attacks
A business’s social media account is taken over via reused passwords. Attackers impersonate them to trick vendors, staff, or partners. The hacked posts urge the audience to click on spam links or phishing sites, or in some cases, just run the classic (and highly successful) “buy us digital gift cards for a good cause” scam.
5. SMS/SIM Swap → Bypassing 2FA
Publicly posted phone numbers (or numbers accessed by mechanisms like our initial example above with Facebook Marketplace) are “ported” by attackers. Without getting too technical, hackers take easily accessed information like DOB, address, and phone number, and use that to get your service changed away from your own phone. Then, any SMS-based 2FA is bypassed to take over personal or, potentially, corporate accounts (depending on what accounts the phone number is connected to).
6. Oversharing on Social Media Leads to Targeted Phishing
The hack: Vacation posts, photos of company equipment, or job titles give attackers the info needed for realistic phishing. Or, even consider innocuous information sharing, like DOBs, addresses, and phone numbers in church bulletins. Criminals can use this information for a variety of criminal activities, whether digital or not.
Bottom line:
Cyber hygiene isn’t just a business problem. Your personal digital habits (and those of your employees) are the front door for attacks that can reach your company. Think twice before posting that phone number, reusing passwords, or skipping MFA. A little personal discipline goes a long way to keeping Drama IT out of your life.