My social media activity level tends to fall on the lower end of the engagement spectrum. But come holiday time, my main social media outlet (Facebook) becomes a flurry of activity as my extended relatives work to plan out all the details for the final two festive months of the year.
So, it’s largely during this period of time that I interact most with social media.
In my recent online check-ins, I’ve been reminded about how far we still have to go to better protect ourselves online and especially when engaging in social media.
Without further ado, let me share some best practices to keep social media users safer online—holidays or not.
Only Connect with People You Know
When I say this, I don’t mean don’t expand your social circle. But what I do mean is take some time to verify who you are actually connecting with.
There are numerous examples of attackers, tricksters and even companies posing as someone other than who they really are in order to connect with you and collect information about you. Think that’s not a big deal? Think about the information you use to confirm your identity (i.e. answers to secret questions, passwords, etc.).
Do you use your mother’s maiden name?
Your children’s birthdate?
Your pet’s name?
Your elementary school?
Now, take a look at your social media activity. How hard is it for you to find that information about yourself? It’s just as easy for someone with ill intent to get that information too—and now you’ve given them easy access to all of it.
So, what do I do instead?
If you are getting requests from someone without previous correlation (i.e. you met a friend of a friend at a party or your long-lost great aunt discovered she wasn’t friends with you by way of one of those massive holiday group messages), then give it some thought before connecting with this new person.
See if you have any shared connections with this person, and ask your known shared connections how they know this person.
See how long the account has been active if you can (a basic search of their history can usually provide that information). Use a search engine to do a quick search on the name—if it’s a scam you’ll nearly always see something about it on the first page of results.
And, lastly, if you are still unsure, ignore the request. If it is legitimate, there will be other opportunities.
Only Click on Verified Links
We are a curious bunch, aren’t we?
In my recent stint online this season I noticed that Facebook has become a newsfeed full of gossip I didn’t even know I wanted to know like “Which Celeb has a PhD?” or “7 Signs People Dislike You.”
But do you know where those links are actually taking you?
If you don’t, then maybe you shouldn’t “click for more” because you could be directed to sites that are capturing your information, or worse, installing malware.
Think that’s not a big deal?
Consider that visiting just one malicious site could expose you to malware like key logging, which, unbeknownst to you, captures and analyzes all of your keystrokes (aka everything you type!), including valuable information like account numbers, passwords, and other personally identifiable information.
This information can then be used for all sorts of financial and/or identity theft.
So, what do I do instead?
Save the “research” for known, legitimate websites. Or, if your curiosity is truly piqued and you must know the answer, conduct your own search. And when offered up shortened URLs, take the extra step to verify that you are going to a legitimate website before you do any damage.
A couple great URL lengtheners (or, rather, un-shorteners) include CheckShortURL and LongURL.
Avoid Games, Quizzes, and Questionnaires
I get it.
We all really want to know what house we belong to on Game of Thrones (does anyone ever really aspire to be a Bolton?), but at what cost?
The problem with social media games, quizzes, and questionnaires is that you don’t know who created them and what they intend to do with data they collect on you.
Think that’s not a big deal?
First, consider the information you are giving away: your full contact information, including location, religious status, sexual orientation, and date of birth.
That’s A LOT of information (and that doesn’t even factor in the other information you might be agreeing to give access to like your entire contact list!) Now, consider what it takes to pretend to be you – surprisingly, not a lot.
If an attacker is armed with just a few key details like a phone number, important dates (birth, college attendance, work history), or ZIP code for where you reside, this information can be consolidated to create a pretty perfect identity overview of you.
So, what do I do instead?
Board games anyone? Seriously, just avoid the online games unless you know what you are getting into.
Keep Your Software (and browsers) Up-to-Date
This is where I tell you all that you have to learn to be your own little IT support desk.
One of the best ways to protect yourself when you are being social online is to make sure the system you are using is as protected as possible. And one of the best forms of protection is to ensure your software, applications and internet browser(s) are always up-to-date.
Think that’s not a big deal?
It is. Un-patched software/applications are the #1 cyber security risk today.
Un-patched software/applications leave little holes in your system that provide attackers with an “in” to do potentially bad stuff. Patching essentially covers up those holes and removes those easy ways in.
So, what do I do?
When your desktop, laptop, tablet or phone (or whatever smart, internet-connected device you might be using) pops up that friendly reminder about updates that are ready for installation, do yourself a favor and install them.
As a caveat, there is the potential to download malware with fake installs if you try to do an install from a non-legitimate source, so make sure you are only installing updates from verified, legitimate app stores or from legitimate software sites (and remember that quick internet searches, when in doubt, will go a long way to confirm whether something is real).
Use Password Best Practices
I know, we talk about passwords ALL THE TIME.
But the reality is, they are the best thing we have today for you to prove you are who you say you are when interacting online. Attackers love when you use the same password for all of your online accounts. They only need to target one of the least secure sites (and there are a lot of them) and steal the credentials and then use them to log into your more sensitive sites without even raising a flag (because they are using legitimate log-in info!) to steal all your valuables.
Think it’s not a big deal?
Even if we just focus on social media accounts, if someone were to gain access to your account and pretend to be you, they could do serious damage to your reputation and connections if they used your identity to spread falsehoods or even malware. Protecting passwords isn’t just a big deal for your online banking. So, what do I do instead?
Make sure you use unique passwords for each of your online accounts, including social media accounts. Better yet? Use a password manager.
Watch for Trolls and Misinformation
Social media has quickly become one of the main news sources across multiple generations.
The good part of this is that it’s incredibly efficient to get consumable news at a moment’s notice. The negative consequences are that it’s become a simpler task to guide the conversation in a malicious way.
Misinformation campaigns have grown on social media since the 2016 presidential elections.
Effectively, social engineers create false social media profiles and the perpetuate storylines that fit their agenda. In doing so, they get people who haven’t vetted the credibility or facts of the post to share it—ultimately spreading the information.
It’s important—as a user of social media platform—to recognize the commonalities of troll accounts so that you don’t play a part in spreading bogus information.
Here is a tool you can use to help you recognize these kinds of accounts.
As Employers
As employers, it’s important to look at social media as part of your policies and procedures.
Ensure your employees understand what the company’s rules are regarding social media usage and acceptable content. Then, train them on it and have them sign off.
For assistance building policies, procedures, and guidelines for your organization, visit frsecure.com to learn more.