Online Vulnerability Assessments explained

online vulnerability.jpg

The BBC recently published a news article entitled “'Sharenting' puts young at risk of online fraud” (click here to read the article).  The text outlines the problems potentially faced by youngsters who, having had their early years documented and shared on social media by enthusiastic yet naïve parents, must then advance into adulthood with an unknown amount of private information about them already freely available in the public domain – published without their consent.

Whilst parents could argue that they would never post anything that could harm their offspring later in life, given the rate at which technology is advancing and the ever increasing number of data breaches, hacks and corporate scandals, it is becoming very easy to imagine a future where even birthdays that have been celebrated online could go on to provide fraudsters with details needed to build an online portrait of a person, a portrait that can be used to create a false identity or even for blackmail.

This idea is one that also crosses over into the corporate world, albeit without the pithy name. When a business takes on a new worker, they are gambling that the candidate has no skeletons hiding in their online closet – no potentially embarrassing pictures or guilty secrets that could leave either the individual or the employer vulnerable to corruption or public scandal.

An Online Vulnerability Assessment (OVA) is a tool available to employers that is designed to combat exactly this scenario. Whilst the use of social media screening to prevent bad hires from entering the business is increasing, OVA’s can be used to identify any potential threats to current or even prospective employee’s online safety and security, and by extension the employer too.

An example of the real-world benefits that checks like this can provide can be found in the financial or insurance sectors:

Mike has recently started working at a high street bank. He has used the internet since his teens.  In 2003 he was one of the first users of MySpace, creating a profile and chatting with other users.  As time went on, he moved to Bebo, retaining his old username so friends could still find him – even creating an email address that incorporated it.  Later he adopted both Facebook and Twitter to stay updated with friends and family around the globe.  He would later post pictures of his holidays, share the birth of his first child, wish his wife a happy birthday - tagging her in a location update at their favourite restaurant, and share the news of his new position at the bank.  In a car owner’s forum, he asks about the best place to get finance for his dream car – mentioning that he doesn’t have a large deposit.

If the information that Mike has published over the years were to be collected and viewed together, along with information found in popular directories and mapping websites, it would be possible to not only identify Mike, his family and children, but also locate their address, possible ways of contacting him personally and anonymously and, finally that he now works in the banking industry but might still be susceptible to a form of corruption.

An OVA highlights any potential risks or vulnerabilities that may be present in a person’s online history, presenting them in a structured format that allows employers the opportunity to protect themselves and their employees from needless risk.

For more information on the OVA check, contact The Advisory Bureau at Security Watchdog.