There has been a bit of attention recently on the growing number of people using social networks. Social media in all its forms lies at the heart of the current boom in internet usage and its reach into our day-to-day lives. In turn, our virtual identities are becoming closer and closer to our everyday identities – and many sites, such as Facebook, encourage little distinction between the two. What is disturbing about this however, is that many users seem to have no real concern or knowledge about ensuring that their social media accounts are secure and safe from exploitation.
This kind of technology and way of communicating with one another is definitely here to stay in one form or another, and the more information we put onto the internet about ourselves the more likely the chance that it could be used for unethical reasons.
In some instances, there is not much you can do about breaches of security on remote servers of companies that you have accounts with; however, there are certainly a few simple precautions that one can take to minimise the chances that you personally will be the victim of an unethical individual exploiting your security weaknesses. So below you will find a list of ten things you should be doing to help protect you and your social media accounts.
1. Be careful of links and offers sent to you, even if by a friend
This first tip is an extension of the precautions you will have been using for your email. However, the difference now is that almost every malicious link that you will be sent through social networks will come from somebody that you know – the reason being that they themselves have been compromised and used to launch further attacks. Think before you click, and it really does help to run some kind of active web-link protection from companies such as AVG or Ad-Aware.
2. Check your account privacy settings
This one really comes down to personal preference, however there are many people I know who are unaware that with certain settings everybody in their network can see their Facebook profile (for example). When you are talking about networks such as ‘London’ or ‘France’ you can begin to see how this might become an issue. Do you really want to allow millions of people to have access to your daily movements and life?
Personally, no matter how much of an exhibitionist you are, I do not believe there is any valid reason to allow complete strangers to access your profile – unless that profile was created specifically with that purpose in mind (such as on LinkedIn or Twitter). If you are going to have a publicly accessible profile, limit your personal information and create new email accounts specifically for that profile.
The point is, not many people even check their privacy settings to see if they are happy with them. You could have been broadcasting for months to anybody who wanted to take a peek…check your settings, now.
3. Not all social network sites are created equal
There is now a massive explosion of different social network sites, and you might be tempted to join many of them for various reasons. But do you really know who is running these sites? On many of the smaller sites with only a few thousand members, this could quite easily be one individual or a small unknown group.
How secure is the site from hackers? Be careful with the information that you place on smaller social media sites, because unfortunately their smaller size means that they are not held as accountable for ethical breaches when using your information; or they may not be as good at securing your information. Your details could quite easily be sold onto mass-marketing companies, or even worse the site itself could have very lax security and your profile information and passwords could easily be stolen from it.
4. Read the Terms and Conditions, think of the consequences of your actions
This two-pronged tip isn’t so much a security issue as it is a personal one, but make sure you read the terms and conditions of any site that you join carefully. Facebook saw quite a backlash when it became apparent that those using the site gave up many rights to images and other information uploaded onto it.
Think before you upload anything, and then ask yourself: would I be happy for someone to see this twenty years from now? Those pictures of you passed out in the nightclub bathroom? Probably not a good idea. More importantly, those pictures of your friend passed out? Might be funny, but have you thought through the long-term ramifications of doing so? Your friend can untag the images, but that doesn’t stop them being there. Even if you delete the image after uploading it, on most sites it will be archived permanently. Don’t just look out for yourself, look out for your friends too and don’t use social networks to humiliate people.
5. Change your passwords frequently
You will see this tip on every single online and computer security list ever created. More importantly, you will see it there for a reason. Use different passwords for different sites, and change them at least every six months – and make them good passwords that use letters, numbers, and symbols.
Go and change your passwords, now. Because I am almost certain that it’s been over a year since you last did so, right?
6. Minimise account access from public computers
This one always gets to me, and I rarely see people even consider the ramifications of using internet cafes to access their social network profiles and email. If you can avoid doing so, just don’t access your accounts from public computers! If you are away for long periods and really want to update your status etc. (which I really do relate to), then make sure that you are going to a reputable and well-run outlet. Hotels and libraries are great options.
Why shouldn’t you use that little three computer ‘cafe’ that is the cheapest around? Because how do you know that there aren’t key-loggers on the computer? You can be the most secure person in the world, but if somebody is logging your keystrokes it doesn’t matter how strong your password is. Even without such targeted attacks by the venue owners or staff, be aware of your surroundings because the person sitting at the computer next to you might be paying attention when you put in your password. If you have to use such venues, choose wisely; be aware of your surroundings; and always remember to log out of your account when you are done.
I also hope that I don’t even have to mention internet banking in these circumstances…
[Update]: There are some password managers that are designed for use from public computers, have a look around for some (Linda, in our comments, suggested http://www.mitto.com) and check out the comments to this article for further tips!
7. Limit amounts of personal information
This is another well-known but all too regularly fallen into trap – you really should limit the amount of personal information you put onto any site. Failing that, make sure that you limit who can see it. Information such as birth-date, residential addresses, phone numbers, education history, and events that you hold should be limited or restricted as much as possible.
This becomes more and more of a concern the more lax you are about who you accept as a connection. I have seen friends with over 500, and even 1,000 connections who have all of this information and more up for all to see. Even if you trust all of those people, do you trust the security of their accounts? I’m not saying don’t put anything up at all, but just be careful and be aware of how little it takes for identity theft to occur.
Simple things like putting your birth-date without a year (or an incorrect year); giving a mobile number but not a home phone number; listing upcoming events and parties but ensuring that they are secret and can only be seen by those invited. You can go a long way just by stepping back a little bit.
8. Consider who you are connecting with, and create different groups accordingly
Sites such as Facebook have the ability to create different categories with which to put your connections into, you should be using these categories. By doing so, you can connect with different types of people and still limit how much of your profile they have access to. Even better, create multiple accounts and use them for different purposes. That guy you met randomly at the bar last night, does he really need access to everything you say and do online? That friend of a friend that you met once, five years ago?
If you want to add these people for your own reasons, understand how to create groups and use them accordingly. This tip fits in very well with number 7, in that you should be assigning different groups to different information access – and only those who are closest to you should be able to see it all. Don’t worry about offending anybody, they most likely won’t even notice as it will just look like you don’t have this information up at all.
9. Start learning about your computer and the internet
Many of us are not very technically savvy, however we know how to use a good social media interface. This is only going to increase more-so, and this is in many ways a good thing as it allows such technology to become even more mainstream and user-friendly. But that doesn’t mean you should remain unaware of how the technology you are using works, because by doing so you will be able to protect yourself from the majority of possible attacks through very simple measures.
Do you know what a firewall is and why you should always be using one? Do you understand why you need to update your virus scanner on a regular basis and not let the license expire? If your computer is infected with a virus, or your account compromised, do you know what to do next? Learning a few simple things about the way your computer and the internet works will not only teach you some excellent skills, but will help secure your online identity a great deal.
10. Secure your mobile phone
The final tip that I have is one that is only really coming into play with the recent widespread use of internet capable mobile phones. That latest iPhone you have might be a great tool (and toy) that helps improve your life no end, but have you considered just how secure it is? What happens if you lose it?
Without it being password protected this usually means that whoever finds it will have access to your email, your Facebook and Twitter accounts, and any other applications that you have installed on their and configured to auto-login. Once somebody has access to you main email account, most of your other passwords can be changed even without an auto-login. Always set up a password on your phone, and if possible set it to delete all data upon a certain number of failed attempts. People lose their phones all the time, but now they aren’t just losing a list of numbers and SMS messages…
Well, I hope that this short list has given you at least one thing to go and change to help make your online identity that much more secure. It is important as we progress quickly into a technologically dominated society that we keep ourselves up to date with the latest security measures and possible exploits, because they change just as rapidly as the technology itself does. As we become ever more present on the internet, and our virtual identities become closer and closer to our day-to-day ones, it is vital that we remember to protect ourselves from nefarious individuals who wish to exploit any weakness that we present to them.
No matter how hard we try to be ethical ourselves, there will always be those who will act unethically in order to profit. But with each extra person that makes it a bit harder for this to occur the profits become a bit smaller, and then smaller still. What little difference we can make should be made, because at the very least we will be protecting our own identity from misuse.
If you’ve got any more tips please do share them with us by adding a comment!