Scott McKinnon, Field CISO EMEA VMware explains how to become an expert in securing your data even without two-factor authentication.
According to recent data from Hootsuite, more than 4.74 billion people worldwide use social media. As a source of news and entertainment, they are now part of our daily lives, which can overshadow theirs pitfalls.
It is essential to keep data safe
As we rely more and more on the internet, people are placing their trust in digital services, for better or for worse, especially social media. However, i consumers who rely solely on social platform managers to protect themselves from cybercriminals are probably playing with their fate. The user experience is changing as social media platforms overhaul their business models to increase subscriptions. The full impact of these new profit tools is not yet fully understood, but the security implications are clear.
Beware of messages or SMS
Due to the allegedly increasing exploitation by malicious actors of two-factor authentication (2FA) via text messages or SMS, Twitter now restricts its SMS-based 2FA services to “Twitter Blue” users only. On the one hand it is reassuring that these platforms are up to date on the attack landscape. On the other hand, this change limits access to comprehensive security for those who don’t have the means or aren’t willing to pay for it. Revoking access with two-factor authentication for non-subscribers highlights a fundamental change for users: we all need to become our own security experts.
Remove authentication levels
Twitter’s decision has been sharply criticized for its security implications. SMS-based 2FA is generally considered to be an effective protective barrier against hacking attempts. As it requires the user’s login to be authenticated through a third-party application that we all have access to: our SMS. While the decision not to grant 2FA via SMS to all users will benefit the company, generating substantial revenue. On the other hand, most social media users will no longer be guaranteed encrypted security.
Keep data safe even without two-factor authentication
For users who have not chosen to pay for the premium benefits, having a safer online experience remains a priority. The latter will have to go it alone., Paying more attention to their account activity, becoming more responsible with regards to the privacy of their data. Also staying vigilant about suspicious activity by taking additional steps.
Friend or foe?
A popular way for hackers to steal your identity is to create fake and convincing profiles to enter personal networks. Unfortunately for many, the last friend request they received may seem authentic. But it could be a hacker posing as a more or less well-known acquaintance. In fact, according to what reported by This is MoneyLloyds Bank has warned that Instagram impersonation fraud is on the rise, with a 155% increase from 2020 to 2021.
On average, a scam results in a loss of £336 per victim. Alternatively, hackers have been known to impersonate a friend, whose account has already been compromised, to send fake links and alerts containing malware. By clicking on them, you enable hacking of your account.
Avoid traps
First of all, to avoid falling for these scams, users need to be careful in their digital interactions. My advice is to trust above all of your instinct. If there is anything suspicious, be sure to verify the identity of the sender and the destination of the resource before interacting. For example, clicking on a video link, and avoid accepting invitations to connect from unknown accounts.
Design your fortress
Hackers also know that most people always use the same password, which opens the possibility for other accounts to be compromised. Including your bank account. However, those who use different passwords, introducing symbols and numbers, and not simply the date of birth, on various sites and apps are much less likely to fall victim to data theft than those who copy and paste their passwords for convenience.
Keep your data safe: beware of passwords
An alternative to creating unique passwords is to use a third-party passcode manager. These services generate and store unique and strong passwords for each account with encryption. They often come bundled with a mobile device, such as Apple Keychain and Google Password Manager. Or they are available for download in app stores.