Understand What You're Sharing
We probably don't have to tell you about how prevalent social media is in our lives. According to Pew Research, 69% of all U.S. adults use at least one social media site. It's everywhere. Because social media use is so pervasive, most people are rather lax about the risks it can present. The social pressure to participate is strong.
It's possible to marry participation with security if you educate yourself about the risks. Below, are outlined several common risks to using social media in general, as well as several tips for how to configure your privacy and security regimen for each platform.
- Essentially assume that everything you post has the potential to become public. Such is the nature of the internet: nothing can be taken back once it's posted.
- Know that it's very easy for people to take comments out of context online. Couple that with the fact that text doesn't often convey emotional subtext, and you can have a recipe for regret if you aren't careful. Think before you post.
- Analyze your online presence from the perspective of prospective employers or clients.
- Most social networks have privacy controls to allow you to control who can view what types of content. Spend some time on each network to set the privacy settings to what you're comfortable with.
- Spam accounts are sometimes very convincing. Once people are in your network, they are often connected to you in numerous ways. Everyone has their own preferred level for connecting with people who they don't know personally, but make sure you're making that choice consciously.
- Social media profiles are fertile sources of personal information that attackers can use hack other accounts, use in social engineering scams, or other things. When sharing, consider how what you're sharing could be used against you.
- Social media can inadvertently be a source of a client confidentiality breach for your work. If your work requires you to maintain confidentiality, remain vigilant that your posts on personal social media sites don't jeopardize that.
Social Media Platforms
- Use the same password practices mentioned above when dealing with Facebook (and all the social networks in this section). You can find this on Facebook under Settings, Security and Login.
- Essentially every settings page in Facebook is worth reviewing to ensure it meets your privacy expectations.
- We recommend restricting your posts to be viewed only by friends. If you do this, consider restricting your past posts to the same privacy group with the "Limit Past Posts" option.
- Check the business pages you have access to. If you still have access to pages you are not currently involved with, remove yourself from the admin access to remove yourself as a potential source of a security breach for the page.
- Review the third-party apps that are authorized to access your LinkedIn account. Remove the ones that are no longer needed.
- Check your public profile, and customize what people can view about you if you aren't connected.
- Decide if you want your contacts to be able to be viewed by the public, people in your network, or only you. We recommend restricting contacts to only be able to be viewed by yourself, to reduce people using my network for sales and marketing purposes.
- 2-step verification on LinkedIn is buried at the bottom of the Privacy section for some reason.
- Decide if you want your tweets to be protected or open to the public.
- Pay special attention if you're making a previously closed account public. You may not have been so careful with your past posts if you expected them to be private.
- The "Settings and Privacy" section of Twitter is worth spending some time in.
- Location information in tweets is a source of several security concerns. In Settings, Privacy and Safety, you can remove location information from your tweets, and delete it from past tweets. You can also turn off location services in the app (though my phone's settings).
- Despite the fact that Snapchat used to bill itself as a "disappearing photos" application, it keeps all the photos that are sent through the service. From a design perspective, it appears that the photos disappear off the recipient's screen after a certain amount of time - this reinforces a false sense of security that the photos "disappear" after they're sent and opened.
- In fact, the FTC settled charges with the company in 2014 on the basis that it "deceived consumers over the amount of personal data is collected and the security measures are taken to protect that data from misuse and unauthorized disclosure."
- Any organization can be hacked, and think through the possibility that all the "disappearing" photos we have collectively sent as Snapchat users could one day be released through a security breach.
On Anonymous Accounts
Some people create accounts for social media profiles that they want to be anonymous. Pay special attention to these accounts, because the platforms make it very difficult to remain anonymous.
- The risk: Your email is linked to your public profile, and the platform uses this in recommender algorithms to suggest your real friends.
- Another risk: You use the application on your phone which uploads your contact information, inviting your contacts to connect with your "anonymous" account.
- Yet another risk: The geolocation embedded in your posts, combined with other subtle cues, allows people to identify you.
The practicalities of remaining anonymous in social media accounts are beyond the scope of this guide, but suffice it to say that it is very difficult.
A cyber-security audit isn't complete without searching yourself to see what public information is available about you. There are two broad categories of information available to people searching for you: information you put out about yourself (through social media, your website, etc.) and information put out about you by third parties (news articles, data brokers, etc.).
It's a good practice to do a background check on yourself to see what you find. A couple of places to try:
Make sure there isn't any information about you that is out of date. If so, attempt to remove it. If the information comes from an out-of-date social media site you control, you can attempt to remove the information or lock down the privacy settings.
Audit the information from the perspective of a hacker. Is there any information about you that could aid in an attack on your personal information?
Lastly, consider how the information you find about yourself could be used in a social engineering attack against you. The data you share here could be used to gain access to your accounts. For example, if you use your dog's name as a recovery password, and post your dog's name publicly, it could be used to guess a password.