Earlier this week, as part of Week 3 of National Cyber Security Awareness Month (NCSAM), we discussed tips on how we can safely use our mobile devices to access our online accounts while on the go. We now focus on best practices for securely navigating the world of social networking.
The Dangers of Indulging in Social Media
Like any online account, we should protect our social media channels with a strong, unique password. However, unlike other elements of our digital identity, social networking sites present additional threats against which passwords are powerless to defend. These risks are intrinsic to the purpose of social media: the act of sharing content with others.
John Walker, CEO of Hexforensics LTD and visiting professor at the School of Science & Technology at Nottingham Trent University, compares the dangers to sharing too much on social media to the consequences of indulging in too much chocolate cake:
“Here’s where chocolate cake and social networking are different. If you succumb to eating more cake than you should, you can bet that the dessert will most probably go straight to yours hips, a condition which can be easily remedied via dedicated and sustained exercise,” explains Walker. “Unlike chocolate cake, however, if you binge on the web and happen to commit something to public view in a momentary lapse of anger or frustration, there can be consequences that are simply beyond your control. Those traces of your web consumption could very well come back to haunt you at some time in the future when you apply for a job, sabbatical, membership, or even a security clearance.”
The threats upon which Walker elaborates above should caution each and every user to think before they write on a social media website. Even so, it is important to note that the logic of social networking restraint extends beyond the possibility of offending a potential employer, a colleague, and/or a government official.
Travis Smith, senior security research engineer at Tripwire, is well aware of the how dangerous sharing too much information on social media can be.
“Social networks are a watering hole for attackers looking to profile their victims,” notes Smith. “For example, answers to password recovery questions are often posted inadvertently online, an oversight which hungry attackers can readily exploit.”
As a result, Smith goes on to recommend that when setting up password recovery questions, users should make an effort to choose questions that are less likely to be discovered through social networks, such as pet names, birth year of anyone, or one’s favorite band.
We should also be careful when posting pictures on social media lest we needlessly expose ourselves to physical risk.
“Cyber stalkers, identity thieves, and even the traditional cat burglar can extract much information from even the most harmless of photos,” explains Lane Thames, software development engineer and security researcher at Tripwire. “Simple mistakes can lead to huge information disclosures. One time, I saw a Facebook user post a picture of an item sitting on her desk. Unfortunately for her, one of her blank personal checks was lying right behind the item, with plenty of her banking details in plain sight. Simple mistakes such as this can quickly lead to identity theft.”
Whether writing a comment or posting a picture, we need to be careful about what exactly we are sharing with our personal communities; we need to think twice about what risks to which we could be exposing ourselves by hitting the ‘ENTER’ button.
Wary Consumption of Others’ Content
We now have a good grasp of what you as a sharer of content can do to protect yourself on social networking sites. However, this is only one half of the equation. As we all know, social media is about both sharing and consuming content; we would therefore be remiss if we did not address how we can safely interact with others’ posts.
A social media consumer’s safety ultimately depends on the extent to which they are knowledgeable about their environment, which includes the plugins, games, and add-ons that they decide to link to their accounts. In this sense, a user must be aware not only of what content is shared with them but also the manner in which it is shared.
Jane Frankland, advisory board member at ClubCISO, could not agree more.
“If someone sends you a link, don’t just click on it,” warns Frankland. “Make sure you can see a full link as opposed to random numbers, letters, or link shorteners. Attackers often use URL shortening services to obscure the real landing page and install malware (code or script) to steal information or take control of your device.”
Malicious actors patrol social media sites just as they do the rest of the web. It is therefore our responsibility to be aware of this fact and to exercise caution so that we protect ourselves against these types of individuals.
We might like to think that Facebook, Twitter, and other social networking channels are distinct from vis-à-vis communication. In some respects, this is true, but that does not mean we cannot translate lessons from our actual real life encounters to social networking. We have an incentive to restrict what we tell to some individuals as compared to others in any form of conversation, and we should always be on the lookout for behavior among our associates that might reveal malicious intent.
With this in mind, if we are cognizant about not sharing too many details on social media, and if we practice good social media consumer habits, we can help protect ourselves online.
Title image courtesy of ShutterStock