The popularity and use of social networking sites both at home, work and on the go using all types of devices like PCs, Smartphones, Tablets to access these sites has increased at a phenomenal pace and to amazing levels. It is now a known fact that Facebook, Twitter, LinkedIn and others have become a part of our daily life / lexicon and all pervasive in business and personal settings. They are used for everything from prospecting to competitive intelligence to job searches to networking. More and more companies have started opening shop in Facebook, advertising on LinkedIn and providing deals on Twitter.
While most uses have useful outcomes, some nefarious members end up using these social sites for undesirable purposes. Facebook, LinkedIn and other such sites strive hard to protect your information, but content is often revealed by accident or through unsolicited action and malicious intent.
Some steps for keeping yourself safe include:
- Create a strong password. Easy to remember passwords but difficult to hack could be your extension number at work plus your car license plate, your mother's phone number and her initials, a short form of your previous street address.
- Change all your passwords frequently - once every 60-90 days.
- Create unique passwords for every site. This way someone that has managed to hack one of your accounts does not automatically get access to all your other accounts.
- Do not accept unknown friend requests. Unless you know someone well enough you should not trust them with your personal information.
- Turn on https:// browser in your Facebook/Twitter/LinkedIn etc. settings
- Remember to logoff when you are done. If you share your machine with others do not let the browser remember your passwords. Others (including friends and family) using your computer may unintentionally and unknowingly let hackers in.
- Avoid being a victiim of Identity Theft:
- Sophos a leader in security has put together a detailed post on best practices for Facebook Security. Anyone interested in protecting themselves from identity theft should read this piece: http://www.sophos.com/security/best-practice/facebook/
- Avoid posting too much information about your spouse and children. This will certainly expose them to identity theft.
- Do not click on suspicious links even if it is from friends and family
- It is a good idea to install a "current and up-to-date" antivirus software.
- There are 3rd party products (I have not used them to vouch for their effectiveness.) like FBSecure. It provides users with a secure Facebook Application Installation process. It allows you to control what permissions to grant to applications before actually installing them. It also provides you recommendations based on community decisions. Note that there are legal ways of accessing your Facebook information through search engines.
- Even new rages like Pinterest can pose security risks. A recent post http://blog.eset.com/2012/02/22/pinterest-com-security-step-by-step-howto on how to secure your account Pinterest is worth a read. Primarily it links back to your ability to secure your Facebook and Twitter accounts.
- Do not forward links and emails indiscriminately as you may end up being the originator of leaks.
- Twitter's web interface had a serious mouseover security flaw that redirected users to unknown websites when the mouse was rolled over spurious links. This was an XSS attack identified by Twitter and patched.
- Phishing - Always keep an eye on the URL that shows up when you click on links. This could protect from a potential phishing attack.
- Monitor what your friends are sending and sharing with you. They may have been hacked and a harmless looking link from them without their knowledge could contain malware and be an attempt at phishing.
- Facebook allows targeted ad campaigns. This exposes users to spearphishing - defined as phishing against a small group of selected targets who are more likely to be attracted
A site like Facebook allows and encourages users to create their own apps, games and commerce sites that can be used by other members. Such apps could potentially access a lot of your unprotected data. Similarly in recent reports it was stated that Google, Apple and apps on Android, iOS have access to all your data on the smartphone.
Harmless posts or tweets like:
- "Enjoying the great views from the 25th floor of my hotel room in Hawaii"
- "The interview questions today were very unusual. They actually asked..."
- "Our company won a bid for a large project, good time buy the stock!"
could lead to unintentional consequences. The first statement could be a "Welcome home" invite to thieves to burgle your home. The second one could cause a lot of angst for you in your current job. The last one could be seen as potential for insider trading. Identity theft has become easier as one can gather significant personal information about others in these channels.
Avoid sharing your entire address books with any Social Media site as it could result in spamming others. Wikipedia has defined Social Networking Spam -
Social networking spam is spam directed at users of internet social networking services such as MySpace, Facebook or LinkedIn. Users of social networking services can send notes, that may include embedded links to other social network locations or even outside sites, to one another.
Stay safe and away from trouble.