Online dating has become one of the most widely used ways to meet and date. Pew Research Center reported that 27 percent of Americans between the ages of 18 and 24 have used online dating services. Chances are good that a substantial portion of your workforce falls into this category.

But don’t just blame younger employees — the same study revealed that 15 percent of American adults have used online dating sites and/or apps. These dating services may open the door for cyberattacks, particularly if employees use them at work.

Understanding Online Dating Security Risks

Online dating security risks fall into two broad, overlapping categories: people and systems. Cybercriminals know how to exploit the emotional investment associated with these services. This enables them to push unsuspecting users toward malicious sites and apps that spread malware or seek personal information through social engineering ploys.

People

The allure of finding the perfect match can make even the most jaded professional jump at a chance to connect. Users may lower their defenses as they get to know a potential match through a dating site’s chat feature. Unfortunately, the person on the other end could be more interested in collecting personal information. As users become more comfortable and invest more time and emotional energy into a relationship, they are more likely to talk about their work and volunteer small yet critical fragments of information.

Social engineering is just the most recent incarnation of spying in which a romantic relationship is used to gather information. Dating sites and chat functions, combined with big data and analytics, bring the game into the 21st century. Determined efforts can connect cybercriminals with multiple people within an enterprise, each of whom delivers trickles of information that can be automatically collected and sorted to form an accurate set of information about the company. Attackers can use this data to gain access or perpetrate blackmail.

Systems

Some online dating sites have clear financial goals based on membership fees, but other, less honest systems have hidden motives. When registering for a dating service, users are asked to answer questions that range from age and sex to more probing questions such as income level, job title and company name.

Users are not always able to discern which services are safe and can unknowingly connect to sites that either request private information or host malware. Most enterprises devote a lot of energy to defend against malware, and they are likely to deflect intrusions that arrive through website injections. The cyber landscape changes daily, however, and access to these sites presents another unvetted avenue through which threats can enter.

Creating a Safe Environment

It’s unlikely that employees will curtail their online dating activities completely while at work, but companies should take steps to provide guidance and safeguards to protect both individual users and the enterprise. Here are three high-level actions IT leaders should take to boost online dating security:

  1. Educate employees about the practice of social engineering and how their seemingly innocuous conversations can be aggregated and analyzed to deduce confidential information that can damage both the company and individual users.
  2. Either advise employees to eliminate their online dating activities on company devices or provide guidelines to help them determine whether dating sites are trustworthy. Most importantly, implore users to refrain from providing job-specific information.
  3. Double down on cybersecurity practices: Research online dating sites to determine which are malicious and add them to the network blacklist if necessary.

It may be impossible to completely eliminate the use of online dating services at work, but good practices and diligence can reduce the danger they present to the enterprise.

More from Data Protection

Communication platforms play a major role in data breach risks

4 min read - Every online activity or task brings at least some level of cybersecurity risk, but some have more risk than others. Kiteworks Sensitive Content Communications Report found that this is especially true when it comes to using communication tools.When it comes to cybersecurity, communicating means more than just talking to another person; it includes any activity where you are transferring data from one point online to another. Companies use a wide range of different types of tools to communicate, including email,…

SpyAgent malware targets crypto wallets by stealing screenshots

4 min read - A new Android malware strain known as SpyAgent is making the rounds — and stealing screenshots as it goes. Using optical character recognition (OCR) technology, the malware is after cryptocurrency recovery phrases often stored in screenshots on user devices.Here's how to dodge the bullet.Attackers shooting their (screen) shotAttacks start — as always — with phishing efforts. Users receive text messages prompting them to download seemingly legitimate apps. If they take the bait and install the app, the SpyAgent malware gets…

Exploring DORA: How to manage ICT incidents and minimize cyber threat risks

3 min read - As cybersecurity breaches continue to rise globally, institutions handling sensitive information are particularly vulnerable. In 2024, the average cost of a data breach in the financial sector reached $6.08 million, making it the second hardest hit after healthcare, according to IBM's 2024 Cost of a Data Breach report. This underscores the need for robust IT security regulations in critical sectors.More than just a defensive measure, compliance with security regulations helps organizations reduce risk, strengthen operational resilience and enhance customer trust.…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today