Online dating has become one of the most widely used ways to meet and date. Pew Research Center reported that 27 percent of Americans between the ages of 18 and 24 have used online dating services. Chances are good that a substantial portion of your workforce falls into this category.
But don’t just blame younger employees — the same study revealed that 15 percent of American adults have used online dating sites and/or apps. These dating services may open the door for cyberattacks, particularly if employees use them at work.
Understanding Online Dating Security Risks
Online dating security risks fall into two broad, overlapping categories: people and systems. Cybercriminals know how to exploit the emotional investment associated with these services. This enables them to push unsuspecting users toward malicious sites and apps that spread malware or seek personal information through social engineering ploys.
The allure of finding the perfect match can make even the most jaded professional jump at a chance to connect. Users may lower their defenses as they get to know a potential match through a dating site’s chat feature. Unfortunately, the person on the other end could be more interested in collecting personal information. As users become more comfortable and invest more time and emotional energy into a relationship, they are more likely to talk about their work and volunteer small yet critical fragments of information.
Social engineering is just the most recent incarnation of spying in which a romantic relationship is used to gather information. Dating sites and chat functions, combined with big data and analytics, bring the game into the 21st century. Determined efforts can connect cybercriminals with multiple people within an enterprise, each of whom delivers trickles of information that can be automatically collected and sorted to form an accurate set of information about the company. Attackers can use this data to gain access or perpetrate blackmail.
Some online dating sites have clear financial goals based on membership fees, but other, less honest systems have hidden motives. When registering for a dating service, users are asked to answer questions that range from age and sex to more probing questions such as income level, job title and company name.
Users are not always able to discern which services are safe and can unknowingly connect to sites that either request private information or host malware. Most enterprises devote a lot of energy to defend against malware, and they are likely to deflect intrusions that arrive through website injections. The cyber landscape changes daily, however, and access to these sites presents another unvetted avenue through which threats can enter.
Creating a Safe Environment
It’s unlikely that employees will curtail their online dating activities completely while at work, but companies should take steps to provide guidance and safeguards to protect both individual users and the enterprise. Here are three high-level actions IT leaders should take to boost online dating security:
- Educate employees about the practice of social engineering and how their seemingly innocuous conversations can be aggregated and analyzed to deduce confidential information that can damage both the company and individual users.
- Either advise employees to eliminate their online dating activities on company devices or provide guidelines to help them determine whether dating sites are trustworthy. Most importantly, implore users to refrain from providing job-specific information.
- Double down on cybersecurity practices: Research online dating sites to determine which are malicious and add them to the network blacklist if necessary.
It may be impossible to completely eliminate the use of online dating services at work, but good practices and diligence can reduce the danger they present to the enterprise.