Online dating has become one of the most widely used ways to meet and date. Pew Research Center reported that 27 percent of Americans between the ages of 18 and 24 have used online dating services. Chances are good that a substantial portion of your workforce falls into this category.

But don’t just blame younger employees — the same study revealed that 15 percent of American adults have used online dating sites and/or apps. These dating services may open the door for cyberattacks, particularly if employees use them at work.

Understanding Online Dating Security Risks

Online dating security risks fall into two broad, overlapping categories: people and systems. Cybercriminals know how to exploit the emotional investment associated with these services. This enables them to push unsuspecting users toward malicious sites and apps that spread malware or seek personal information through social engineering ploys.

People

The allure of finding the perfect match can make even the most jaded professional jump at a chance to connect. Users may lower their defenses as they get to know a potential match through a dating site’s chat feature. Unfortunately, the person on the other end could be more interested in collecting personal information. As users become more comfortable and invest more time and emotional energy into a relationship, they are more likely to talk about their work and volunteer small yet critical fragments of information.

Social engineering is just the most recent incarnation of spying in which a romantic relationship is used to gather information. Dating sites and chat functions, combined with big data and analytics, bring the game into the 21st century. Determined efforts can connect cybercriminals with multiple people within an enterprise, each of whom delivers trickles of information that can be automatically collected and sorted to form an accurate set of information about the company. Attackers can use this data to gain access or perpetrate blackmail.

Systems

Some online dating sites have clear financial goals based on membership fees, but other, less honest systems have hidden motives. When registering for a dating service, users are asked to answer questions that range from age and sex to more probing questions such as income level, job title and company name.

Users are not always able to discern which services are safe and can unknowingly connect to sites that either request private information or host malware. Most enterprises devote a lot of energy to defend against malware, and they are likely to deflect intrusions that arrive through website injections. The cyber landscape changes daily, however, and access to these sites presents another unvetted avenue through which threats can enter.

Creating a Safe Environment

It’s unlikely that employees will curtail their online dating activities completely while at work, but companies should take steps to provide guidance and safeguards to protect both individual users and the enterprise. Here are three high-level actions IT leaders should take to boost online dating security:

  1. Educate employees about the practice of social engineering and how their seemingly innocuous conversations can be aggregated and analyzed to deduce confidential information that can damage both the company and individual users.
  2. Either advise employees to eliminate their online dating activities on company devices or provide guidelines to help them determine whether dating sites are trustworthy. Most importantly, implore users to refrain from providing job-specific information.
  3. Double down on cybersecurity practices: Research online dating sites to determine which are malicious and add them to the network blacklist if necessary.

It may be impossible to completely eliminate the use of online dating services at work, but good practices and diligence can reduce the danger they present to the enterprise.

More from Data Protection

How to craft a comprehensive data cleanliness policy

3 min read - Practicing good data hygiene is critical for today’s businesses. With everything from operational efficiency to cybersecurity readiness relying on the integrity of stored data, having confidence in your organization’s data cleanliness policy is essential.But what does this involve, and how can you ensure your data cleanliness policy checks the right boxes? Luckily, there are practical steps you can follow to ensure data accuracy while mitigating the security and compliance risks that come with poor data hygiene.Understanding the 6 dimensions of…

Third-party access: The overlooked risk to your data protection plan

3 min read - A recent IBM Cost of a Data Breach report reveals a startling statistic: Only 42% of companies discover breaches through their own security teams. This highlights a significant blind spot, especially when it comes to external partners and vendors. The financial stakes are steep. On average, a data breach affecting multiple environments costs a whopping $4.88 million. A major breach at a telecommunications provider in January 2023 served as a stark reminder of the risks associated with third-party relationships. In…

Communication platforms play a major role in data breach risks

4 min read - Every online activity or task brings at least some level of cybersecurity risk, but some have more risk than others. Kiteworks Sensitive Content Communications Report found that this is especially true when it comes to using communication tools.When it comes to cybersecurity, communicating means more than just talking to another person; it includes any activity where you are transferring data from one point online to another. Companies use a wide range of different types of tools to communicate, including email,…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today