You might know the phenomenon in which people are posting their new job on all social media platforms and in some cases adding a high-resolution photo of their workplace badge. It is obviously a great thing that people managed to find a new job and share their news with friends through social media, but including a photo of your new badge can have serious consequences.
Symantec’s Cyber Security Services shared a blog post by Brian R. Varner warning of the dangers of this so-called “badge bragging”. The problem with this phenomenon is that hackers have access to digital tools that can process large amounts of information from posts on all social media platforms in a short period of time.
The blog post contains an example of how badge bragging could pose serious problems. The following quote is a small part of that example.
An employee badge photo could end up being a treasure trove of information to an attacker. This hospital badge had Richard’s full name, his level of education (including his degree), the name of the hospital, the branch name and the department Richard worked in. In Richard’s social media post, he proudly named his first day in the caption of the post, and the hospital badge even included its expiration date. With that information, an attacker could learn that the hospital rotates badges every four years, giving an attacker physical access for years. Because Richard took the photo with a smartphone, the high-resolution camera made the bar code in the photo visible. The attacker likely also noticed from the photo that the badge was clipped to fabric, meaning that Richard likely scans his badge via hand-held scanners when he needs access within the hospital. And because the image is a high-quality photo, the attacker could easily make a usable copy of the badge.
This example perfectly shows how dangerous badge bragging can be. Besides being a danger to himself, by providing a lot of information about himself, Richard is a danger for the hospital he works at, because anyone can access the hospital with the bar code visible in the badge.
Varner ended with three of recommendations for organizations to avoid these issues. The first recommendation is that they should create a living policy, which means that they should create a policy, which states that it is not allowed to photograph yourself with the badge. In this case the employees have to sign or demonstrate that they understood this. The second recommendation is that security should be a part of training for new employees, so they know the importance of it and therefore will not photograph themselves with their badge. The last recommendation is that an organization should reinforce good hygiene, so the organization has to keep communicating with its employees and repeating that they should not do this. It is good to give examples of other organizations that got into serious trouble because of badge bragging.
So next time you see someone post that he or she found a new job, congratulate him or her. When you notice this person has added a photograph of their new badge, you may still congratulate this person, but please warn this person about badge bragging. It looks so innocent, but it can have massive consequences.
Sources
http://www.adweek.com/socialtimes/symantec-badge-bragging/629337