Privacy and Security in Social Media

Social media is the most remarkable technological phenomena of the 21st century. From using social networks to connect with friends and co-workers to promoting and marketing a business, social media is the most popular technology used on the Internet today. Over the last three years, users of social media have increased beyond expectations. For example, Facebook alone reached 150 million users in 2008, which would make it the eighth largest country in the world! Because of the amount of users in these social networks and the increasing usage, it's no surprise that social media is becoming the biggest target for abuse, scams and security threats.

What are the threats?

Many security researchers and privacy advocates have determined that the top threats to users of social media are:

Cyberbullying, Cyberstalking and sexual predators
Phishing, scams and SPAM
Third-party applications used within social media
Collection and aggregation of personal data
Impersonation and Cybersquatting

How can you use social media with privacy and security in mind?

Lets face it, social media is the most valuable and useful set of applications and tools to network with others on the Internet. However, there are some simple guidelines that you should follow when using any type of social media application or network. By using these guidelines you can still use social media the way it was meant to be used, but with safely and privacy in mind which will help mitigate the threats listed above.

Choose a complex/unique password for your social media accounts

Many users of social media (and computer users in general) set the same password for social media, email, online banking and other important accounts. Why do we do this? Because one password is easy to remember! The problem is that if just one of these accounts gets hacked or compromised, all of your accounts are compromised as well. To help solve this problem, try using a password manager application like KeePass (free) or 1Password to automatically create complex and unique passwords for each of the accounts you use on various applications. That way if one of your accounts is compromised, the rest of your accounts are safe.

Set appropriate privacy and security defaults for your social media profiles

Every social network by default allows access to the entire world because this is how social networks are supposed to function. However, what if you don't want your profile indexed by major search engines, or don't want everyone on a particular social network to be able to find you and view your personal information? For example, limiting who can search for you can be especially helpful if you don't want future or current employers to automatically find your profile. In addition, having completely open profiles on social networks are what cyberstalkers and cyberbully's look for. Why make it easy for people with bad intentions? Be sure to check out the privacy and security settings for each social media application and network you use. If you are on Facebook you can check out the Facebook Privacy and Security Guide I put together. By following this guide you can appropriately set privacy and security settings for your Facebook profile.

Be careful installing third party applications

Don’t install applications from sources you don’t trust

Facebook, MySpace, LinkedIn and other social networks allow you to install third party applications and widgets to your profile. These applications allow more interaction with your friends. For example, there are lots of interesting applications that allow you to throw virtual snowballs at your friends or "Super Poke" them in Facebook. What you may not know is that most of these applications will override your privacy settings even if you have specifically changed your privacy settings. In addition, many of these applications are not created by professional developers. These applications are sometimes coded incorrectly and can contain security vulnerabilities that could be exploited and expose your private information. The best advice is to only install third-party applications from well known providers (for example, Amazon or Yahoo) and limit their usage.

Only accept friend requests from people you know directly

As a general rule you should be very cautious when accepting friend requests from people you either don't know personally or with whom you are not currently doing business. A typical method spammers and criminals use is to run automated tools to send millions of friend requests to random people on social networks. Once these friend requests are accepted it makes it easy for criminals to start sending unsolicited SPAM as well as attempting to send phishing emails to others on the social network. In addition, cyberstalkers use these same techniques to exploit trust relationships between you and your friends.

Be cautious with people that you think are your friends. Another popular technique used by spammers and criminals is to impersonate people you may already have a relationship with. This can even include celebrities and high-profile accounts. Look out for strange messages and/or behavior from people you are already be friends with. If their accounts exhibit strange activity they may have been compromised and could be trying to get you to become a victim as well.

Read social media privacy policies carefully

Limit personal information you share

Social networks all have privacy policies and terms of use. Be sure to read these carefully. Most privacy policies indicate that you are giving the social network your personal information and they can use it basically for whatever they want. This includes selling your information to third-parties in some cases. The reality is that social networks have no obligation to protect your privacy. For example, in 2005 when MySpace was sold to News Corporation, each MySpace profile (21 million at the time) was estimated to value around $27. That's 567 million dollars! The number of active users on MySpace has increased to 110 million in early 2008! These statistics show that the more information you share, the more valuable you are to the social network. Remember, it's up to you to read these policies and limit the personal information you share if you feel you need to.

Be careful what you post

Consider all information and pictures you post as public!

Sure, those private pictures of you drunk were cool to share with your friends, but what if those pictures made their way outside of your social network? Consider what you post about yourself and others. For example, US Representative Pete Hoekstra recently sent messages on Twitter to nearly 3,000 followers while he was in Iraq and Afghanistan. He took a lot of criticism from the US government and others that this may have caused a security incident or endangered the lives of his party. Want another example? Go to Google and type in "site:dmfail.com" (without quotes) and you will see lots of messages that were sent on Twitter that should have been private. Sure, these were most likely simple mistakes, but it's a lesson for all of us! Be careful what you post!

Tom Eston is an information security professional from Cleveland, Ohio. Tom currently works for a Fortune 500 financial institution as the security assessment team lead. In his spare time he researches social media security, blogs about security and is one of the co-hosts of the Security Justice podcast. Tom is also a frequent speaker on social media security and other security related topics. He is also the author of the Facebook Privacy & Security Guide.

Topics: Technology and Applications

Tags: best practices, cyberbullying, cyberstalking, phishing, privacy, security, sexual predators

Welcome to Social Media

An Educational Project of the
Cleveland Social Media Club

Welcome to Social Media, Volume 1

Search

Subscribe