Online dating has become one of the most widely used ways to meet and date. Pew Research Center reported that 27 percent of Americans between the ages of 18 and 24 have used online dating services. Chances are good that a substantial portion of your workforce falls into this category.

But don’t just blame younger employees — the same study revealed that 15 percent of American adults have used online dating sites and/or apps. These dating services may open the door for cyberattacks, particularly if employees use them at work.

Understanding Online Dating Security Risks

Online dating security risks fall into two broad, overlapping categories: people and systems. Cybercriminals know how to exploit the emotional investment associated with these services. This enables them to push unsuspecting users toward malicious sites and apps that spread malware or seek personal information through social engineering ploys.

People

The allure of finding the perfect match can make even the most jaded professional jump at a chance to connect. Users may lower their defenses as they get to know a potential match through a dating site’s chat feature. Unfortunately, the person on the other end could be more interested in collecting personal information. As users become more comfortable and invest more time and emotional energy into a relationship, they are more likely to talk about their work and volunteer small yet critical fragments of information.

Social engineering is just the most recent incarnation of spying in which a romantic relationship is used to gather information. Dating sites and chat functions, combined with big data and analytics, bring the game into the 21st century. Determined efforts can connect cybercriminals with multiple people within an enterprise, each of whom delivers trickles of information that can be automatically collected and sorted to form an accurate set of information about the company. Attackers can use this data to gain access or perpetrate blackmail.

Systems

Some online dating sites have clear financial goals based on membership fees, but other, less honest systems have hidden motives. When registering for a dating service, users are asked to answer questions that range from age and sex to more probing questions such as income level, job title and company name.

Users are not always able to discern which services are safe and can unknowingly connect to sites that either request private information or host malware. Most enterprises devote a lot of energy to defend against malware, and they are likely to deflect intrusions that arrive through website injections. The cyber landscape changes daily, however, and access to these sites presents another unvetted avenue through which threats can enter.

Creating a Safe Environment

It’s unlikely that employees will curtail their online dating activities completely while at work, but companies should take steps to provide guidance and safeguards to protect both individual users and the enterprise. Here are three high-level actions IT leaders should take to boost online dating security:

  1. Educate employees about the practice of social engineering and how their seemingly innocuous conversations can be aggregated and analyzed to deduce confidential information that can damage both the company and individual users.
  2. Either advise employees to eliminate their online dating activities on company devices or provide guidelines to help them determine whether dating sites are trustworthy. Most importantly, implore users to refrain from providing job-specific information.
  3. Double down on cybersecurity practices: Research online dating sites to determine which are malicious and add them to the network blacklist if necessary.

It may be impossible to completely eliminate the use of online dating services at work, but good practices and diligence can reduce the danger they present to the enterprise.

More from Data Protection

Why safeguarding sensitive data is so crucial

4 min read - A data breach at virtual medical provider Confidant Health lays bare the vast difference between personally identifiable information (PII) on the one hand and sensitive data on the other.The story began when security researcher Jeremiah Fowler discovered an unsecured database containing 5.3 terabytes of exposed data linked to Confidant Health. The company provides addiction recovery help and mental health treatment in Connecticut, Florida, Texas and other states.The breach, first reported by WIRED, involved PII, such as patient names and addresses,…

Addressing growing concerns about cybersecurity in manufacturing

4 min read - Manufacturing has become increasingly reliant on modern technology, including industrial control systems (ICS), Internet of Things (IoT) devices and operational technology (OT). While these innovations boost productivity and streamline operations, they’ve vastly expanded the cyberattack surface.According to the 2024 IBM Cost of a Data Breach report, the average total cost of a data breach in the industrial sector was $5.56 million. This reflects an 18% increase for the sector compared to 2023.Apparently, the data being stored in industrial control systems is…

3 proven use cases for AI in preventative cybersecurity

3 min read - IBM’s Cost of a Data Breach Report 2024 highlights a ground-breaking finding: The application of AI-powered automation in prevention has saved organizations an average of $2.2 million.Enterprises have been using AI for years in detection, investigation and response. However, as attack surfaces expand, security leaders must adopt a more proactive stance.Here are three ways how AI is helping to make that possible:1. Attack surface management: Proactive defense with AIIncreased complexity and interconnectedness are a growing headache for security teams, and…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today