We hear a lot about social media and security in the news, but usually that’s talking about things like advertising. But how could your personal Facebook profile possibly pose a risk to your business? The simple answer, is that your profile gives hackers a glorious number of clues to the passwords you choose, if you have weak ones.

Why we shouldn’t use personal information for passwords

When people create passwords, we tend to pick things which are easy for us to remember for convenience. Popular password topics include:

  • Children’s names
  • Popular holiday destinations
  • Favourite sports teams
  • Dream cars

And for those passwords which insist upon using a number and a symbol, they often end up looking something like this:


Easy to remember, and fulfils the password requirements so it gets used across everything for speed, including that person’s email address – job done.

But what happens when a hacker matches the picture of you on your business website, with the picture on your profile picture and sees that you’re wearing a Fulham shirt, with a banner that says ‘I LOVE FULHAM’?

They try logging into your email account using the word Fulham in different combinations of capitals and lowercase letters, and then they try adding common number and symbol combinations to the end.

It doesn’t seem like quite such a good idea now, does it?

How to protect yourself against being hacked in this way

  • Don’t use personal information for passwords, even if you think you’ve been clever about it
  • Check your Facebook privacy settings – make sure anything you post is private only visible by friends, and make sure that the people you add as friends are known to you in real life.
  • Enable multi-factor authentication (MFA) on any logins, especially your email. This could stop a hacker in their tracks, even if they do manage to guess your password.
  • Use strong passwords, and make them unique to every single account you have (don’t worry about having to remember them, you can use something called a password manager to keep everything in order)

It’s important to remember though, that even if your profile is completely private with a profile image that doesn’t even include your face – have you ever used a profile banner to show your allegiance to a particular football team? The info you added back in 2009, is that still visible? There are so many little things that you might not even consider as something that’s giving away information about yourself, but those looking to commit crimes won’t miss them.

If you’d like help making sure your business password strategy is robust, and you’re protected against staff creating easy-to-guess passwords when required – please get in touch. Just give us a call on 01373 768024 or send your query to hello@clearskyit.co.uk. Never enough time? Just book a call into our diary – at your convenience!