Most Americans use social media every day, whether it's to show off our delicious lunch or to keep our professional network informed. You probably haven’t considered that your social media activities may put you at risk for cybersecurity vulnerabilities. Consider your office for a moment. Surely there’s that one coworker who keeps neon sticky notes containing reminders, dates, and even passwords at their desk. When their birthday rolls around, and they post a picture of their office birthday decorations on Instagram, all of those passwords on sticky notes are now public information on the internet. You may think that this isn’t a big deal and that no one is looking for passwords in photos on social media — and unfortunately you are wrong. Businesses fall victim to online scams and breaches all the time because of this exact situation. In this blog, we will review a few best practices to keep in mind when using social media both personally and professionally.
Have You Been Compromised?
A "breach" of data is an event in which data is exposed from a system that is not secure. The vulnerability of the systems in place creates a weakness, and then, the weakness is exploited.
So, is your data at risk of being stolen? Statistically, the answer is most likely “yes.” Most Americans have had information compromised at some point. According to LifeLock, during the 2017 Equifax breach
, 145.5 million Americans had their personal data stolen. Considering that there were 325.7 million people living in the U.S. at the time, that means about 45% of Americans were directly impacted by this breach. There have been many other data breaches as well. Yahoo account holders, Target shoppers, and most recently, Facebook users have all been compromised. Around 50 million Facebook users were affected in September 2018 by a breach that involved Facebook data and posted photos. So, if you think your coworker posting their office birthday picture with the sticky notes in the background is harmless, think again!
Security Tip #1
Check Your Email Security and Change Passwords
Fortunately, there is a way to determine if your data is compromised. Haveibeenpwned.com
is a website that will show you if your email address has been involved in any direct website data breaches
. It was built by a Microsoft Most Valuable Professional (MVP) and a Security Developer. While this site does not cover every leak, it will give you some insight into the scope of how crucial cybersecurity is to our ever-connected society.
Even if you don’t show up on this site, it doesn't necessarily mean that your data is safe. It’s possible that someone used your email to sign up for something, and then that website or service experienced a breach.
Security Tip #2
Change Your Passwords Yo
So what do you do next? After considering whether you have or have not been affected by some breach, it is prudent that you change all your passwords and secure your accounts
Unique Passwords & Extra Authentication
It is critical to use a unique password for each service and account you have. For example, the password you use for Facebook should be different than the one you use for your email. In 2016, LinkedIn was breached, leaving 164 million email addresses and passwords compromised. If you were affected by this breach and you used the same password for LinkedIn that you do for your email, you could have been compromised way back in 2016 and not know it! The attacker now has your email and password and can attempt to hack into your email and thus gain valuable data and other account access. This is a prime example of why you should never reuse any password. But with all these passwords and the complexity of them, how do you keep track of them?
Security Tip #3
Use a Secure and Legitimate Password Manager Service
You should always store your passwords within a password vault, or password manager
. Using this method will allow you to have one "master" password to remember, which will allow you to access all of your other passwords safely and securely. I recommend the password vault LastPass
LastPass has a free version for personal use and a paid version for professional use with governance options. It stores usernames with their respective passwords and allows you to add any secure notes you may need also. Furthermore, it enables you to set a unique password for every account without having to reset your password every time you try to log in. Therefore, if one account is compromised, they may have your email and the data associated with that account, but at least they don't have the passwords to break into all of your accounts and create chaos.
Security Tip #4
Use a Two-Factor Authentication
Another option to utilize on some of your social media accounts is two-factor authentication
, which is a secondary layer of security requiring proof other than your password that you are you and not an attacker attempting to gain access. For example, if your Twitter account has two-factor authentication configured, you may be required to verify your identity by inputting a code that was texted to you.
At this point you have done some great work to get security in place, but how do you stay safe while actually using your social accounts? This comes down to how much control you’re given on various social media platforms and how you define the security settings.
How Much Control Do You Really Have?
Facebook is no longer designed merely to connect people. Perhaps it was originally intended that way, but Facebook has evolved since its beginning, and today it is a business that sells advertising and to do that well they are constantly gathering data on their users. Remember that when you take those fun quizzes on Facebook that tells you which Harry Potter character best represents you. Facebook came under heavy fire in March 2018 after the data of as many as 87 million Facebook profiles was given to Cambridge Analytica
Google and Facebook are the new big brother. The data that they collect tells them and their advertisers everything they want to know about you.
Security Tip #5
Delete Social Media Apps from Your Phone
A best practice is to not add social media apps to your phone
. Yeah, that seems crazy. Although social platforms have updated privacy terms, if you keep these applications on your mobile device, you must be prepared and willing to share personal data, pictures, contacts, etc. The reality is that anything you do, say, or post on social media can become owned by someone else, meaning that it's entirely possible for someone to acquire one of your pictures if it's shared on social media or saved by someone you are connected with.
Security Tip #6
Check and Update Security Settings Regularly
One of the best places to start getting some control of your social media profile is by checking and updating the security settings for all of your accounts
. You will be surprised at how much control you have there. Make sure your privacy settings are updated to your level of comfort and check the settings of a picture or post before sharing it. You can also check to see who can view your posts and narrow the audience. Be sure you do this regularly, as these companies change settings options frequently when they make updates to their apps.
Security Tip #7
Clean Out Your Friends
Another recommended practice is to clean up friends and contacts routinely
. The more connections you have, the more potential ways for fraudulent or compromised accounts to connect with yours to send scams and malicious links. If you ever second guess something a friend or a family member has posted, it is best to directly contact them in case their account information has been stolen.
Go Get Secure!
Now that you have shifty eyes and will be wary of everyone online from this point forward (which is a good thing), you don't have to rush home to delete all of your social media accounts! Social media still serves a purpose as a way to connect people, and they are a wonderful networking resource for professionals. The best thing you can do moving forward for yourself and your organization is to learn more about and implement best practices in staying safe online.
Check out some other resources about security!
How to Recognize and Avoid Email Phishing Scams
7-Step Guide to Avoid Email Scams
Security Best Practices Reminder Poster for the Office Worker
Check out LifeLock if you really want to get it together