Insights for Organisations
Preeta Ghoshal
07.02.2023
BeReal, the newest photo-sharing app has taken social media by storm. The French-based app was first released in 2019 but it was three years later that it saw a widespread surge in downloads, registering 73 million monthly active users in August 2022 and an estimated 20 million daily users. Demographics of BeReal users are almost evenly split between the age groups of 16-25 and 26-44.
How does the app work?
The USP of BeReal is its hyper authenticity. Users of the BeReal app are sent a ‘Time to BeReal’ notification at random times throughout the day and within two minutes need to take a selfie in their current surroundings and share it with a network of friends. The app captures images of both the front and back cameras and true to its name, aims to provide an engagement platform that is filter-free and ‘real’ – a refreshing change from the painstakingly curated reality of Instagram posts.
However, as the popularity of BeReal continues to rise, it throws up some serious security concerns unless users are careful of what they’re posting. This is especially true for people using the app to post images of themselves at work who can inadvertently reveal sensitive company information that hackers can use against them.
With the threat of cybercrime on the rise businesses need to constantly review and update their digital usage policies for safeguarding their privacy and to protect against data theft. In 2022, a staggering 15 million data records were exposed worldwide through data breaches.
For Safer Internet Day 2023, we want to look at the potential security risks that BeReal poses in the workplace. We’ll also share tips on posting best practices to safeguard personal and company data privacy.
What kind of data could be compromised?
When posting a selfie at their desk or monitor, employees might be unknowingly disclosing confidential information and putting themselves and the company at risk. The following data can be severely misused by hackers:
Email addresses
When users post selfies in front of their work computers, the image may reveal their email addresses. Scammers can use email addresses for a number of malicious activities ranging from identity theft to financial fraud. Hackers can use a person’s email address to send them phishing emails to access their accounts. They can get a user’s password by sending emails designed to trick them into sharing their account information or logging on to a fake website, where the scammers can steal their log-in credentials.
Scammers can also use a person’s email address to target their personal and professional contacts. They can forge the user’s original email address with minor changes like hyphens that are tough to spot and use this to send messages containing harmful malware to their contacts. Sophisticated hackers can make forged email addresses look so legitimate that they manage to bypass the spam filters on most email accounts.
Work emails in particular contain sensitive information that can be seriously compromised if an employee’s email account is hacked.
Phone numbers
Similar to email addresses, BeReal posts in the workplace can reveal phone numbers which can be misused by hackers in similar ways. Most users have multiple online accounts linked to their mobile phone numbers. Hackers can use mobile numbers to get easy access to all of these accounts.
Hackers can use a ‘SIM swap’ to call the mobile phone provider of the person whose phone number they’ve got, impersonating them and requesting to transfer the phone number to a different SIM card. Once they have control over the number, hackers can send and receive messages pretending to be the original user.
Former CEO of Twitter Jack Dorsey became a victim of identity theft in 2019 when hackers used his phone number to gain access to his social media account and post offensive messages.
Private chats
Open tabs of private chat windows that get captured on BeReal posts can often reveal confidential information that could be potentially harmful for a company’s reputation. For example – a person’s BeReal selfie may reveal a private chat of a negative exchange about the company or other colleagues.
Confidential documents and post-it notes on the desk
Besides screen captures, BeReal selfies in the workplace can also reveal physical documents in the user’s immediate surroundings that may be confidential. Users could also accidentally get another colleague in the shot.
Posting any information that could potentially reveal the identity of a person is a violation of data protection laws. This could put both the employee and the company at risk.
How do companies Guard against BeReal
As businesses struggle to stay on top of their privacy and data protection best practices, here are some actions they can take to mitigate data breach risks caused by workplace use of social media platforms like BeReal:
Ensure company policies are up-to-date
Businesses need to ensure they have a robust social media policy in place that is regularly updated. This should include:
- Guidelines of social media use both inside and outside the workplace with an awareness of not posting anything that may cause reputational damage to the company
- Protection of intellectual property and confidential company information
- Rules of appropriate social media use during working hours
- Guidance on content that is deemed offensive or discriminatory
- Overview of how the social media policy connects with other policies – disciplinary and equal opportunity policies
Educating and communicating with employees
In addition to putting these policies in place, companies should issue clear communication to all employees so they are aware of the regulations. This includes educating employees about the risks associated with a data breach like a careless photo posted on BeReal that reveals sensitive information. According to a survey by IBM 95% of data breaches are caused by human error.
Employees should also be educated on the definition of what constitutes confidential as not just ‘top secret’ company data but having a broader implication. For example – posting a picture of a colleague without consent is a breach of data protection obligations.
Businesses should set clear guidelines of what is deemed appropriate and inappropriate posting with a pre-defined outline of consequences for any breaches.
For BeReal specifically, the ideal situation is to avoid posting while at work. However, if this can’t be avoided, then employees should be provided guidance of what not to post. For example:
- Do not post photos of your desk and/ or computer screen
- Minimise all windows
- Do not post pictures of colleagues without consent
- Do not post on Discovery. Everyone all across the globe can see what you are doing!
Data protection and safeguarding digital privacy is an uphill battle for organisations. Every precautionary measure is met with a more advanced cyber onslaught by hackers. With BeReal and other social media apps, the threat of data breaches is stronger than ever. Cyber security isn’t the IT department’s sole domain.
By implementing the right security and social media policies and educating employees about the risks of data theft, companies can mitigate risks and any potential financial and reputational damage.
Read our related posts:
