Be careful before you post that photo!
Modern cameras are a marvel.
The quality of image that a new mobile phone camera can capture would be almost unthinkable a few short years ago. However, this quality makes it easy to accidentally reveal sensitive information when you post a photo to the Internet.
An image you post to Facebook or your company blog might look like this one of Jeffrey Wong, of the Hawaii Emergency Management Agency:
It is only when that image is downloaded off the Internet and viewed at its full resolution that the true extent of the data breach is revealed:
The password isn’t the only thing revealed in this photo. The software used on the computer, the phone numbers posted on the wall, the placement of the camera in the carpark, and the graphic design of ID badges are all valuable information to an intruder.
There are many other ways that photos can reveal private and confidential information that can be severely detrimental, particularly to a business. By having emails open on a computer, this can give hackers insight into the company and its correspondence and with this information a hacker can choose a suitable attack vector to leverage the additional insight such as an email phish. These will appear more genuine and thus more chance of being successful as you are less likely to suspect an email is fraudulent if it appears to be coming from someone you know, looks like something you have seen and is in context to a previous conversation that they copied from your screen.
If there are customer or supplier details and information either in documents or electronically in the background of your images you may be at risk of breaching their privacy and even your contracts with them by revealing information without their written permission which also puts them at risk.
If what you see in the isn’t bad enough, what you cannot may also reveal more than you expect it to with EXIF data added by modern cameras.
This data can be used to find other photos on the Internet taken by the same camera, potentially revealing more information about the company and the camera’s owner than anybody involved could have expected.
Geotagged images also have been the bane of fugitives and the U.S. Army, and they might pose a risk for your business too. Images taken at the boss’s house Christmas party and tagged with its location could put their home at risk of burglary or them at risk of stalking. Images taken offsite could reveal your customers or service providers, both avenues by which your business can be attacked. It is also very important to receive permission from all people and businesses that are within a photo before uploading it just to cover all your bases, as businesses have legal rights over their logo that means you cannot post photos (even those taken in public places) that have their logo within them without their consent and could face legal action for doing so.
So be careful before you post a photo online. Consider using a camera with ‘portrait mode’ enabled to blur things in the background or resize/crop the photos you take and make sure you review them before you upload. Social media websites tend to strip away EXIF data automatically, but you might need it to do it yourself with a free tool if you’re uploading the photo to your company website.