DMN3 Blog

As the popularity of social media sites grow, so do the risks of using them. "Cyber-criminals" have been drawn to these sites, also known as hackers, spammers, virus writers, identity thieves, and other criminals. They are drawn to social media sites because of the accessibility of personal information and because users of the sites are much more trusting of the communications among their network of friends or colleagues.

Graphic by Vijay Rayapati

In my last post, “How Do You Perceive Social Media: Promise or Threat?," cites an Internet security firm, Kaspersky Lab, and its advice to users that “malicious code distributed via social networking sites is ten times more effective, in terms of successful infection, than malware spread via e-mail.”

So what can we do to prevent security breaches from the use of social media sites?

Try these for a start:

1. Understand and Customize Privacy Settings: Too often social network users fail to use the options available to them to protect the privacy of certain information. The site’s default settings may allow access to information that you may want to keep private.
   
   
2. Use Strong Passwords and Protect Them: This is self-evident, but still not followed in many cases. Making it easy for people or software programs to guess your password makes you vulnerable to people attempting to hijack your account. Another thing you should do to protect your password is to go directly to the site using your bookmarks, rather than clicking a link in an e-mail. The e-mail link could go to a malicious site set-up to capture your user name and password. You should never use the same passwords for social media sites as those you use for financial and other important accounts.
   
   
3. Keep Your Anti-Virus and Anti-Spy Software Current: Having up-to-date security software can prevent a lot of malware from being installed on your computer.
   
   
4. Be Selective With the Information You Share: Do not put information in your profile or posts that can put you at risk for identity theft or other types of crime. While part of the lure of these sites is the sharing of information, you should be very selective with the information you communicate. Below are just a few examples of what I mean about too much information:
   • Sharing your address, schedule and that you are away on vacation can make you vulnerable to crimes against you or your property.
   • It may be obvious that you never post your social security or credit card numbers, but sometimes it is not as obvious that one should not share even the last four numbers. Same goes for date of birth, telephone number, etc. Knowing where and the date of your birth can allow identify thieves to obtain your social security number.
   • Posting the answers to your security questions for financial accounts on your profile. Hackers use “Forgot Your Password” link on the log-in page, and then search for the answers to the security questions on your social network profile.
   • Posting a full resume online for everyone to see could make it easy for identify thieves to possibly use the information to fill out a loan application, guess a password security question, or pretend to be you to access your company’s IT network or communicate with colleagues or friends.
   • Inadvertent comments about your organization’s internal discussions can provide a lot of intelligence to your competitors, clients or potential investors. Don’t discuss anything that you wouldn’t post publicly on your organization’s Web site.
     
     
5. Adhere to Your Organization’s Policies on Use of Social Media: If your organization has policies on employee use of social networks, make sure you adhere to them. If you do not have policies, suggest that they be drafted.
   
   
6. Be Skeptical on Social Network Sites: Verify the authenticity of people and information.
   • Don't trust that a message is really from who it says it's from. Hackers can break into accounts and send messages that look like they're from your friends, but aren't.
   • Use caution when you click links that you receive in messages from your friends on your social Web site. Treat links in messages on these sites as you would the links in e-mail messages. They may contain viruses or spyware that could damage your computer or steal your personal information. Some messages may “spoof,” or copy, the e-mail addresses of friends to fool you into thinking that they’re from them.
   • Be selective about who you accept as a friend on a social network. Identity thieves might create fake profiles in order to get information from you. If the content on the site doesn't  look like or sound like the person you know, avoid or ignore them.
   • Be careful about installing "extras" on your site. Many social networking sites allow you to download third-party applications that let you do more with your personal page. Criminals sometimes use these applications to steal your personal information.
     
     
7. Consider Everything You Post as Being Permanent: Police, college admissions personnel, employers, stalkers, con artists, nosey neighbors – anyone might be able to see what you post. Don’t disclose anything about yourself, your friends, or family members that you wouldn’t want to be made public. Once information appears on a Web site, it can never be completely erased. Even if it’s modified or deleted, older versions may exist on others’ computers. Even if you delete your account, anyone on the Internet can easily print photos or text or save images and videos to a computer.
   
   
8. Choose Your Social Networks Carefully: Evaluate the sites that you plan to use and make sure you understand their privacy policies. Find out if the sites monitor content that people post. You will be providing personal information to these Web sites, so use the same criteria that you would to select a site where you enter your credit card.

Social Media is a fact of life in today's digital world. It is up to us to take common sense measures to protect ourselves from the associated risks!