Social media sites are great tools which allow us to keep in touch with friends, family and coworkers. However, understanding the potential risks to these sites is important to enjoying and using them properly. Your online activities may expose excessive information about your identity, location, affiliations, and relationships, which leads to an increased risk of identity theft, targeted violence and/or stalking.
For a safer social networking experience, one should always assume:
- No one is anonymous on the internet. Nothing posted is private:
- Once something is posted it can spread quickly.
- Everyone can see what you post—from who you are friends with, to your comments, to where you post.
- An embarrassing comment or image can and will likely come back to haunt you.
- The more you participate in social networking the higher your risk to cyber crimes is.
To remain more secure and manage your online presence, follow these best practices:
- Do not accept friend/follow requests from anyone you do not know.
- Avoid third party applications. If they are needed, do not allow them to access your social media accounts.
- Be cautious with the images you post. What is in them can be more revealing than who is in them.
- Configure your security options on your accounts to minimize who can see your information.
- Never check “remember me” or “keep me logged in” options from public or shared computers.
- Do not use the same password for all of your accounts.
- Do not use your social media accounts to log into other sites. Create a new account for the site instead.
- Do not post personally identifiable information.
Every social media site is unique in their security settings and protocol. In order to protect your information, one must understand how the site operates and which settings are appropriate. To learn more about popular social networking sites and how to stay secure, see our tips below.
Twitter is an open platform, where participation is open to everyone with an email address and internet access. It is important to remember that anyone can read Tweets that are not set to private even if they do not have an account themselves.
By default, your Tweets are set to public and are available to everyone on the internet. You can limit who sees what you post by changing the setting to “Protect My Tweets”. Protecting your account has many benefits including:
- All Tweets are protected.
- People will have to request to follow you before they can view anything you post. You will also have to approve these requests.
- Other users will not be able to retweet what you post.
- Protected Tweets do not appear in search engines.
An additional layer of account protection would be login verification. Instead of just entering your password to log in to your account, you will also need to enter a code sent via text message to your mobile phone.
Besides protecting your Tweets, there are other items you should consider before posting on Twitter.
- Posting images can often create more interaction with your account; however, it is important to remember all images contain metadata. The metadata can contain a lot of information such as the location where the picture was taken, the date and time of when it was taken, the model and make of the camera and more. While most social networking sites delete this data, Twitter does not. Always think twice before posting an image.
- Photo tagging is also a common feature to many social media sites. On Twitter, this function makes it easier for other users to and your followers to locate you and participate in social exchanges. Due to tagged photos not being individually verified, you could be associated with images you are not even in or images you never want to be associated with. To avoid this risk, change the photo tagging setting to prevent anyone other than yourself from tagging you in photos.
There are a few important security settings to enable for a more secure, social networking experience:
- Login notifications (also known as unrecognized login alerts) are a great way to identify attempted compromises to your Facebook profile. When accessing your profile, Facebook checks for the presence of a “cookie” on your device. If the cookie is absent or incorrect, Facebook asks if the information should be saved and will send a text or email. Login notifications are a great way to keep track of your account. If you receive a login notification and you did not initiate the login, you should immediately change your password and follow the Facebook community guidelines for what to do next. Note, you can also setup two-factor authentication. This is the most secure protocol for your account. You will login using your password as well as a code sent via text message to your phone.
- Set your Facebook post audience to friends only. You might even want to create a custom list and put some of your acquaintances in a group so they are excluded from viewing your posts.
- In addition, limiting the people who can send you friend requests helps protect your profile. Users should consider changing the security setting to only allow friends of friends to send requests. This gives you more assurance that the friend request is coming from someone in your personal network. Always remain cautious when receiving a request from someone you do not know, even if they know other individuals in your network.
By default, your Instagram is made public to all other users. You can make your account private by going to your profile settings. If you choose to keep your account public, remember that anyone is able to see what you post, and the internet is forever.
Your Instagram images can appear in a Google search if you’ve logged into your account using a web viewer, authorizing them to access your profile and images. To stop this from happening, revoke access to third-party websites or make your account private.
In a private account:
- Posts you share to other social media apps may be visible to the public depending on your privacy settings in those apps (a private Instagram post may be visible to those who see your Twitter posts)
- Only approved followers can see your posts, including any likes and comments
- Followers must send you requests that you can approve or ignore
- Likes on your posts won’t appear in the ‘Following’ feed of the ‘Activity’ tab.
- When you like a public post, your like will be visible to everyone and your username will be clickable below the post, but (again) only approved followers can see your posts.
YouTube allows you to make personal videos on your page private, allowing only you to share the videos with people you want. YouTube also never asks for password or email information, so if a user or account asks for this information you should report them immediately.
- Be sure to ask for permission before using people’s faces in your videos. Posting someone’s face or information without permission can get you kicked off the website.
- If someone posts your information or face in a video without your permission, YouTube encourages you to reach out to them before reporting them. Sometimes, people don’t realize that they are violating your privacy by doing so.
- If you see a video online that offends you, or you don’t feel it’s appropriate, flag it. YouTube will review its content to see if it should be taken down.
- Remember that anything you post on YouTube (comments, videos, etc.) can be seen by the public. Offensive comments can be reported and get you removed from the website.
- Do not click on links in the comment section of videos. Malware and other harmful spyware can easily be transmitted by cyber-attackers.
Configuring LinkedIn accounts for maximum security can be challenging. Users need to decide how to balance privacy, safety and security against the value of building a professional network. As a general rule, do not include things like email, telephone numbers or addresses in any fields that are not labeled for that information.
Making connections is an important part of this social networking site. If we are judged by the company we keep, then deciding which requests to allow or deny is an important decision. To help stay secure, follow these practices when adding connections:
- Be skeptical when you are contacted by individuals you do not know personally or professionally. Not everyone on the internet is who they say they are.
- Only accept connections that add quality to your professional network and consider the consequences of accepting connections that do not.
- Do not accept requests based on the requestor’s strength of network. People can build false networks and leverage their false credibility.
When selecting an email address to use with your profile, try to separate your personal and professional life. LinkedIn uses your email as the primary outlet through which communication flows. It will also use your email if you are ever locked out of your account.
Once your account is set up, LinkedIn will ask if you want to sync your contact books. Before allowing a third party site to access your address books, ask if you would be okay with exposing your name and email address to those you did not choose. Also consider if you want to be professionally associated with everyone in your address book.