Bad share - bad security

With the current media hype surrounding cyber-security, data hacking and viruses, we wanted to share a recent potential security risk we identified that happened through the best of intentions.

Far from being an attempt to infiltrate the Volcanic platform, this security issue was caused by sharing a published article from a well-respected website. Critically, this website is built in Wordpress and does not have SSL certification, because a risk assessment did not identify the need for it. It is a low risk site in terms of security, because it’s a freely-available information-sharing resource operating for the benefit of the recruitment industry. The site does not handle data transactions, process payments nor operate user tracking systems, and therefore would not seem to require security certification.

However

When sharing content on social channels, the default behaviour of these channels is to pull preview content and imagery from the source that has been linked to. At Volcanic, our web scoop then pulls through our latest social posts to publish them on our website.

Once the content from the website was shared across Volcanic’s social media channels, linking to the source, it was then pulled through and published on the Volcanic website. The lack of security in this content was instantly identified and alerted to Volcanic through a change in our site’s security status.

Our recommendation

At Volcanic we take web platform security and compliance very seriously. This occurrence demonstrates the efficiency of our team in rapidly identifying, isolating and securing any possible breach.  

Check source security before you share

To find out more, download our free eBook: The Recruiter’s Guide to Cyber Attacks, Data Protection and Systems Security.