There’s No Delete when you Tweet
Social networking services such as Facebook, LinkedIn, MySpace and Twitter allow people who share common interests to connect and network with one another on the Internet. A social networking service might be used to maintain or update a group of friends, colleagues or some other group that you may have an association with. These services have grown in popularity and functionality over recent years and there are now 1000s of different services to select from. However, use of these services can put both personal and company information at risk if the proper precautions are not taken.
This article outlines security measures that you can take to help ensure you practice safe social networking and your information remains protected.
Never Post Sensitive Information
This is probably the most important point of this whole article. The Internet is not a secure resource. You should assume anyone in the world can view what you post, no matter what privacy settings you may have set up.
- Never post sensitive personal or company information on any social networking service. Do not make information such as dates of birth, addresses, company plans or financial data available in your public or private profile.
- Never post anything you would not want a complete stranger to view. For example, if you wouldn’t be happy for a stranger to see photos of your kids, then do not post them.
- Do not use a social networking service in place of your company email system for sending work related messages.
Understand the Privacy Policies and Terms
- Always read the privacy policies and terms of social networking service before signing up and posting information.
- Understand how your personal information will be handled, where it will be stored and who has rights over, or access to, the information you post.
- Do not use the site if you do not agree with their policies or terms.
Posted Information is Permanent
Information you post online should be considered permanent. Even if you remove the posting, it is likely to have been cached, copied, read or stored by other individuals or services.
- Be mindful of the information you post online. Always be professional and courteous and avoid rage, insults or slander.
- Remember, the Internet is a public domain. Only post information or upload photos that you are comfortable with anyone seeing – including current or potential employers.
Verify your Contacts
Social network services make it easy for people to build false or fraudulent profiles. Without verification, there really is no way to know you are actually being contacted by the person you think is contacting you.
- Try to verify all contacts, to ensure they are who they say they are, rather than trusting them immediately.
- Be wary of strangers who ask to be your ‘friend’ or link with you. Limit the amount of information you reveal to these strangers.
- Don’t feel obliged to add someone that you don’t really know, like or trust – politely refuse or simply ignore their request.
- Consider limiting the people who are allowed to contact you. This can usually be configured in the service’s privacy settings.
Secure your Profile
Reputable social networking services have privacy settings that allow you to decide what information is made publicly or privately available. The default settings for some sites may allow anyone to see your profile or even ‘Google’ your information.
- Restrict your public profile information to the bare minimum, if at all. Sites like http://www.pipl.com are great for seeing how much personal information you may have publicly available.
- There is a risk that even the information you make privately available to only your contacts could be exposed, so do not post anything that you would not want publicly displayed.
- Ensure no sensitive personal information is exposed publicly or privately. This includes dates of birth, addresses, mother’s maiden name and telephone numbers.
Practice Good Password Management
It is critical to ensure that good password management is followed when using social networking services. For example, using the same password across all your internet accounts; whether it be banking, webmail or social networking, is highly dangerous and insecure, as if the password were compromised, access would be granted to all these services.
- Use a different password for each online service you sign up to. Password vaulting software such as Password Safe (http://passwordsafe.sourceforge.net/) and KeePass (http://keepass.info/) can help you securely manage your different passwords.
- Do not use guessable passwords. Passwords should include upper/lower case letters, numbers and special characters and be at least 8 characters. Do not use dictionary words, names or dates as these can be compromised in seconds.
- Never share account credentials or passwords. This includes providing account credentials to third party applications, such as those that access your webmail to automatically ‘find’ contacts.
Limit the Information you Expose
The more services you sign up to and the more information you share; then the more you are put at risk. Seemingly innocent information that you make available or post can be used against you if you do not take care. For example, different pieces information posted across multiple social networking services can be linked or aggregated to build a more complete profile of you, increasing the risk of identity theft or social engineering.
- Ensure passwords cannot be guessed from the information you post about yourself.
- Limit information about your hobbies, work, friends or interests, as this could be used by a social engineer to pose as a trusted friend or colleague to fool you into providing sensitive information, or to gain your trust.
- Do not post information about your routine, schedule or vacation plans. This could allow a malicious individual to know where you are, or are not, going to be at a certain time.
- Be mindful of the information that your friends or contacts are posting about you, ensuring it is not anything that you would not be comfortable for a complete stranger to know.
- Limit the risk of information ‘aggregation’ if you use multiple social networking services.
Be Wary of Third Party Applications
Many social networking services now offer a whole raft of applications or plug-ins to enhance your user experience. These applications are usually developed by external developers and may sometimes be malicious in nature and include viruses, trojans or spyware.
- Ensure you have up to date malware prevention software installed and all software on your computer has the latest security updates.
- Only install applications that are well known and trusted.
- Try to verify what information in your account the application or plug-in will be able to access before you install it.
- Be aware that installing some applications will allow the application developer automatic access to your profile and all your information.
Don’t get Phished
Phishing messages on social networking sites are becoming more frequent in nature. Attackers will often create a fake profile and then socially engineer a convincing message, requesting you click on the link within the message body.
- Never click links in messages from unknown or untrusted contacts.
- Avoid clicking on message links sent from your trusted contacts unless you are certain where it will lead you.
- Treat all requests for sensitive personal or company information as suspicious.
- Be suspicious of any download or upload requests. Always download software updates from known and trusted sites.
Don’t Mix Business with Pleasure
Finally, it is unlikely that you would want your boss or employer knowing everything about your social life and your friends, so take precautions against this.
- Avoid mixing business contacts or colleagues with friends, as you have no control over what your friends may post and therefore, what your employer may be exposed to.
- Consider using one service for friends (e.g. Facebook) and a different service for business contacts (e.g. LinkedIn).