Why BeReal poses security risks at work

This story was first reported on, and published by, Digiday sibling WorkLife

Close the tabs on your computer first. 

That’s the advice that workforce experts have given to employees who are using BeReal, a new photo-sharing social media app that prompts its users to snap a pic at randomly chosen times of day, then share it with a network of friends. However, if that notification appears while a person is in front of their work computer, it could lead to a serious privacy breach for a company, security experts have warned.

That’s because the app simultaneously captures their surroundings on the front and back camera. A quick scroll through the BeReal app is enough to see that during the work week, it’s not unusual to see images of people’s computer screens with their email inbox on display or an assignment that person is currently working on, in the background.

Part of BeReal’s appeal and its differentiation from other social media platforms is the spontaneity and lack of planning for what is shared. But that presents its own challenges, namely, if a person isn’t being mindful of what sensitive company details their camera may pick up, it could leave employers vulnerable to fraudsters.

“Any place where people can share content, people are going to make mistakes or they’re going to make not-great decisions sometimes,” said Josh Yavor, chief information security officer at email security platform Tessian. “There will be folks who are there to take advantage of that, and for what purpose – that really depends.”

Some users are already savvy to this potential privacy breach. ”I make sure nothing crazy is up, and if it is I will switch the tab,” an BeReal user, who agreed to speak with WorkLife on condition of anonymity. They added that they hadn’t received guidance from their employer but figured it was the responsible thing to do. 

Employers will have to hope that the majority of their employees who use the app, are as mindful. “There has to be some element in any social media policy that you have responsible, smart people who have common sense who are employed at your company,” said Mae Karwowski, CEO of influencer marketing agency Obviously. “You have two minutes to capture that BeReal, you can minimize that window.”

It wouldn’t be the first time hackers have taken advantage of the rise of remote working and any technology weak spots that have surfaced as a direct result. Earlier this year, security experts warned that hackers were infiltrating Zoom and Microsoft Teams meetings to eavesdrop on commercially sensitive information and scam employees. And while there haven’t been any reports of individuals using BeReal to learn company information, it may only be a matter of time.

Yavor believes it is inevitable that individuals will take advantage of users if they find a weak spot – on any platform, not just BeReal. He said a good rule of thumb is to ask yourself whether you would be content to have people looking over your shoulder to see what you’re working on, in an airplane or hotel lobby, for instance. Would whatever is on your screen cause risk or harm to the company or its customers?, he added.

“The good news is that many, if not most, consumers have a decent understanding of what it means to use social media,” said Yavor. “With many things in security, the fundamentals are what matter the most and they are continuously true across all platforms of social media.”

Personal responsibility is one thing. However, there are things that companies can do to help, including updating their social media policies and educating their staff on them. When a new app like BeReal rolls around, that’s an especially good time to remind your staff about social media and a company’s protocols.

Plus, October is Cybersecurity Awareness month, making it even more timely to go over policies with staff.

“To create the most effective guidance and expectations, organizations need to communicate their requirements and needs as businesses, but also listen to their workforces and make sure it’s clear and the policies are understandable,” Yavor added. Once that guidance is outlined, it should be shared and paired with a session to go over it in depth.

BeReal users who are taking pics when they’re in the office, need to be doubly vigilant because their pics may capture others in the office – who may not be comfortable with it. Yavor stressed that individuals must be mindful of that, and ask themselves questions like: “How can I be real using this platform, while also being a good friend, a good colleague, a good coworker in respecting boundaries that may exist and building good habits and taking the appropriate action.”

Karwowski said when she got the BeReal notification to take a pic during a work meeting, she simply asked if everyone was okay with her taking a picture. “I think that disclosure is really important,” said Karwowski. “It’s courteous and an important part of working at a company.”

At the end of the day, now is the perfect time for a company to revisit the basics. That means updating social media policies, putting one in place if you don’t already have one, ensuring users are protecting their account with multi-factor authentication, educating against phishing, and more. 

“Any time something like this happens where there’s a new, distinct way of producing social media content, it’s always a good time to come back to the fundamentals,” added Yavor.

https://staging.digiday.com/?p=469506

More in Media

NewFronts Briefing: Samsung, Condé Nast, Roku focus presentations on new ad formats and category-specific inventory

Day two of IAB’s NewFronts featured presentations from Samsung, Condé Nast and Roku, highlighting new partnerships, ad formats and inventory, as well as new AI capabilities.

The Athletic to raise ad prices as it paces to hit 3 million newsletter subscribers

The New York Times’ sports site The Athletic is about to hit 3 million total newsletter subscribers. It plans to raise ad prices as as a result of this nearly 20% year over year increase.

NewFronts Briefing: Google, Vizio and news publishers pitch marketers with new ad offerings and range of content categories

Day one of the 2024 IAB NewFronts featured presentations from Google and Vizio, as well as a spotlight on news publishers.