Social Networking Do's and Don'ts
Social Networking sites and application are an increasingly entwined part of our everyday lives. We use them to communicate with friends and family all over the globe, to chat with friends down the hall to decide where to eat, to network for jobs, and to connect with others with similar interests.
However, much like any other part of the internet, social networks can be frought with serious security risks, both for your person, and your data.
Many social networks will tell you that the more you put into them (your information), the more you get out of them (connections, recommendations, etc.). However, despite the aura of privacy they try to engender, one must keep in mind that social network takes place in essentially public space, with only the barest of mechanisms providing any semblance of privacy. Even seemingly innocuous data shared with the world can be dangerous in the wrong hands.
The best attitude to take in order to enjoy the benefits of social networking, while minimizing the inherent risks, is to remain SKEPTICAL and CAUTIOUS.
- SKEPTICAL of any requests for information.
- CAUTIOUS of any information you put on there.
These Do's and Don'ts can serve as good guidelines to follow in your social networking interactions.
- Use a strong password.
- Use privacy settings. Insist your friends use theirs too.
- NEVER leave anything but the bare minimum as publically available. Make sure only your accepted friends or followers can see what you put up.
- Use HTTPS to connect to your social networking sites whenever possible, especially when connecting from a public hotspot. Be wary if your social networking service only uses HTTP for login credentials only.
- Whenever possible, organize contacts into "categories".
- Most of us do this between friends and family anyway, but from a security standpoint it might also make sense to separate "best friends" from "person I met yesterday afternoon"
- Verify friend/follower requests.
- Don't accept just anyone. Most scams start by someone bluffing their way onto your friends list. KNOW who you're sharing your information with.
- Verify links, attachments, downloads, emails, anything sent to you.
- Even your trusted friends could've had their accounts hacked. Don't wire that "emergency money" until you can voice-verify.
- Investigate exactly what information any third-party add-ons, games, extensions, etc. will be privy to.
- Does that poker game REALLY need access to your contacts list?
- Read up on the security tips and instructions provided by the Social Network itself, as well as what trusted security professionals and sources have to say.
- Give away your password or use the same password for any other services.
- If a leak at Facebook causes your password to become public, you don't want a hacker being able to use that same password to log into your Gmail or Courseworks.
- Put in any more information than you absolutely have to.
- You should never put in more information about yourself than absolutely necessary. Hackers, scammers, stalkers all use that information to do anything from guess answers to your security-questions, to impersonating you when trying to scam another user.
- On that same note, be careful how much live information you're putting out there. Don't advertise when you're going on vacation, when your possessions might be left unattended, that super expensive thing you just left the store with, etc.
- Also be aware of auto-geotagging. Some services will automatically tag your status updates with GPS information. If you don't want everyone to know where you are, make sure your social networking service doesn't turn on this "feature" for your "convinience" automatically.
- Upload anything you wouldn't want everyone to see.
- Nothing is ever really gone from the internet. Even if you delete a picture from your account, it's still sitting on Facebook's server somewhere.
- In a professional setting, be mindful of inadvertently letting slip sensitive information that could harm your company or get you fired (new security software, procedures, etc).
Further reading can be found at:
- Guide to Facebook Security (PDF)
- Twitter Security Do's and Don'ts
- US Navy OPSEC and Social Networking (PPT)