All it takes is one careless moment and suddenly you have put photos or videos online where passwords and production facilities, or even notes about current projects or personal matters, are there for all to see in the background. Because this can all happen very quickly, cyber criminals specifically seek out such photos and recordings online. The more of this valuable information that attackers can amass, the higher the threat to creators and companies. Social networks are important to perpetrators in this respect too, as they are a good place to find more details about their victims.

If current processes, colleagues and general areas of responsibility or ways of addressing one another within a company are known, this information can be used to generate customised phishing e-mails, for example. Such knowledge has also led to what is known as CEO fraud being carried out successfully in recent times. Numerous companies have lost large amounts of money because Accounting department employees were addressed specifically, with information that had been well researched, and instructed to make payments by people claiming to be directors or suppliers. But personal information can be useful to criminals as well: who is often away from home, for example?

Follow these three tips to protect yourself and your environment -- both professional and personal:

1. Exercise caution. Before posting anything, take a moment to think whether that information should be public knowledge. Once photos, videos and other content are online, even if they are available to only a small circle of people initially, they can fall into the wrong hands -- including unintentionally, of course. If hackers have access to a name, employer or date of birth, that makes it much easier to steal a person's identity.
2. Choose the right image. You should be particularly cautious when it comes to using social media in your workplace. Find out what the rules are and follow them: is it permitted to take photos and videos in the workplace using personal devices (and if so, where exactly)? What do you need to keep in mind?
3. Regularly review and refresh your awareness. Companies should keep reminding their employees of the risks inherent in handling information. Staff can then use this knowledge to think about their behaviour and tighten up the settings on their personal online profiles too. It can also be a worthwhile exercise for both sides to view the latest hits that come up by searching for their own name or the company's name online.

Additional information

• For further reading about social media & social networks, and how they can be used successfully and securely in a professional context, we recommend the BSI recommendation on cyber security.
• Has your personal data already been stolen? The BSI offers private individuals help to help themselves in dealing with identity theft.
• For more tips and practical advice for consumers on using social media and their associated apps, please see the website of the Consumer Advice Centre for North Rhine-Westphalia.
• For more specific tips on how companies can protect themselves against employees inadvertently disclosing information, see the eco website.

Drawn up with the help of:
Verbraucherzentrale Nordrhein-Westfalen e.V. (Consumer Advice Centre for North Rhine-Westphalia)
eco - Verband der Internetwirtschaft e.V. (eco, Association of the Internet Industry)