Recent hacks involving several high-profile social networking accounts once again highlight the potential vulnerability of social media. The sheer volume of users and the information that gets posted on social media sites create plenty of opportunity for an attacker to use social engineering or other methods to gain access to the accounts of individuals and organizations. The more information you post, the more your security and privacy are at risk.
What Precautions Should I Take on Social Networking Sites?
Below are some helpful tips regarding security and privacy while using social networking sites:
Ensure that any computer you use to connect to a social media site has proper security measures in place. Use and maintain anti-virus software, anti-spyware software, and a firewall and keep these applications and operating system patched and up-to-date.
Be cautious when clicking on links. If a link seems suspicious, or too good to be true, do not click on it...even if the link is on your most trusted friend's page. Your friend's account may have been hijacked or infected and now be spreading malware.
If you are going to request that your account be deleted, first remove all of the data. Request that the account be deleted, rather than deactivated.
Type the address of your social networking site directly into your browser or use your personal bookmarks. If you click a link to your site through email or another website, you might be entering your account name and password into a fake site where your personal information could be stolen
Be cautious about installing applications. Some social networking sites provide the ability to add or install third party applications, such as games. Keep in mind there is sometimes little or no quality control or review of these applications and they may have full access to your account and the data you share. Malicious applications can use this access to interact with your friends on your behalf and to steal and misuse personal data. Only install applications that come from trusted, well-known sites. If you are no longer using the app, remove it. Also, please note that installing some applications may modify your security and privacy settings.
Use strong and unique passwords. Using the same password on all accounts increases the
vulnerability of these accounts if one becomes compromised. Use different passwords for different accounts, and do not use a password you use to access your organizations network on any personal sites you access.
Be careful whom you add as a “friend,” or what groups or pages you join. The more “friends” you have or groups/pages you join, the more people who have access to your information.
Do not assume privacy on a social networking site. For both business and personal use, confidential information should not be shared. You should only post information you are comfortable disclosing to a complete stranger.
Use discretion before posting information or comments. Once information is posted online, it can potentially be viewed by anyone and may not be able to be retracted afterwards. Keep in mind that content or communications on government-related social networking pages may be considered
public records.
When posting pictures, delete the meta data, which includes the date and time of the picture.
Do not announce that you are on vacation or away for an extended period of time.
Configure privacy settings to allow only those people you trust to have access to the information you post, and your profile. Also, restrict the ability for others to post information to your page. The default settings for some sites may allow anyone to see your information or post information to your page.
Review a site’s privacy policy. Some sites may share information, such as email addresses or user
preferences, with other parties. If a site’s privacy policy is vague or does not properly protect your
information, do not use the site.
For More Information:
For additional information, please visit:
1. STOP.THINK.CONNECT Social Networking and Cyberbullying Tips:
http://stopthinkconnect.org/resources/viewimageembed/?id=341
2. US-CERT Socializing Securely: Using Social Networking Services
http://www.us-cert.gov/sites/default/files/publications/safe_social_networking.pdf
3. Facebook: A Guide to Privacy:
http://www.facebook.com/privacy/explanation.php
4. Sophos: Facebook Security Best Practices:
http://www.sophos.com/en-us/security-news-trends/best-practices/facebook.aspx
5. Twitter: Protecting and Unprotecting Your Tweets:
https://support.twitter.com/articles/20169886-how-to-protect-and-unprotect-your-tweets
In this digital age, we rely on our computers and devices for so many aspects of our lives that the need to be proactive and vigilant to protect against cyber threats has never been greater. However, in order to be as secure as possible, we need to use good cyber hygiene – that is, making sure we are protecting and maintaining systems and devices appropriately and using cyber security best practices.
Many key best practices are outlined in the Top 20 Critical Security Controls, managed by the Council on CyberSecurity. These Controls assist in mitigating the most prevalent vulnerabilities that often result in many of today's cyber security intrusions and incidents. The Center for Internet Security (CIS) provides free, PDF-formatted configuration guides (Benchmarks) that can be used to implement the Controls and improve cyber security.
Secure Your Wireless Network
Before the days of wireless (Wi-Fi) home networks, it was rather easy to see who was linked into your home network; you could simply follow the wires. You wouldn’t allow a stranger to connect to your network, so check to see who is connected to your wireless network. The first step is to lock down your wireless network with a strong password and encryption. This will prevent people who don’t have the password from connecting to your network.
While there are fewer wires to follow, you can still follow some digital breadcrumbs to see who is connected to your network. Connect to your router (for more information refer to the manufacturer’s user guide) to see who the clients (the connected devices) are. Are there more devices connected to your network than you expect? If there are some devices you don’t recognize, change your security settings and passwords. Don’t forget about your printers, many of which can connect to your network and are Wi-Fi enabled
Many key best practices are outlined in the Top 20 Critical Security Controls, managed by the Council on CyberSecurity. These Controls assist in mitigating the most prevalent vulnerabilities that often result in many of today's cyber security intrusions and incidents. The Center for Internet Security (CIS) provides free, PDF-formatted configuration guides (Benchmarks) that can be used to implement the Controls and improve cyber security.
Securely Configure Your Systems and Devices
The “out-of-the-box” configurations of many devices and system components are default settings that are often set for ease-of-use rather than security. This often results in vulnerabilities that offer easy targets for hackers to exploit, often using automated programs that scan for holes. To mitigate risk, systems and devices should be configured according to industry-accepted system hardening standards.
Secure Your Browser and Browser Add-ons
Cyber attackers search for programming errors and other flaws in web browsers and associated plug-ins in order to exploit them. These vulnerabilities, if successfully exploited, can give cyber criminals access -- and sometimes control over -- your computer system. To minimize these risks, keep your browser(s) updated and patched, and set to auto update. In addition, keep any programs (known as plug-ins) updated and patched as well, particularly if they work with your browser (such as multi-media programs and plug-ins used to run videos, for example), block pop-up windows, as this may help prevent malicious software from being downloaded to your computer and consider disabling JavaScript, Java, and ActiveX controls when not being used. Activate these features only when necessary.
Back Up Your Data
Be sure to back up your important data so you can retrieve it if your computer fails. Most operating systems provide backup software designed to make the process easier. External hard drives and online backup services are two popular vehicles for backing up files. Remember to back up data at regular intervals and periodically review your backups to determine if all your data has been backed up accurately.
Protect Your Administrative Accounts
Administrator or "admin" accounts give a user more control over programs and settings for a computer than a typical user account. If an intruder accesses an admin account, he could potentially take over your computer. Non-administrator accounts, or guest accounts, can limit the ability of someone gaining unauthorized access. It is important to change the default password on your admin accounts and to always log on to your computer as a non-administrator or non-admin account.
Another aspect to protecting admin accounts is to change default passwords on your devices. Many of them are published on the Internet, so be sure to change them to something unique and strong. Default passwords are especially prevalent in routers, wireless access points and other networked devices.
Use Firewalls
Many computer defaults are set for ease of use, which is convenient not only for us, but also for cyber criminals. Cyber criminals can use weak or unnecessary services as a first step to compromising your computer. Many computers and routers already come with a firewall built in to prevent malicious access to these services. It is recommended that you set the firewall to the securest level you think is appropriate: if this is a laptop you’ll use for traveling and connecting to public networks, it is recommended that you choose the strictest level of security and only allow exceptions for services you need. You can always relax the controls if necessary.
Update Your Applications, Software and Operating Systems
Even though you may be diligent in keeping your software up-to-date, you are still at risk from malware infections. Malware can infect your computer from a variety of different vectors, including compromised websites, malicious attachments in email, and infected thumb drives. This is why strong malware defenses are crucial. Anti-virus and anti-spyware will scan your files to see if there’s any malware in the files. It may even tell you if you’re about to download a potentially malicious file. Update your anti-virus software regularly. Keeping applications, software, and operating systems patched will help keep you more secure by providing you with the most recent and secure version.
Resources:
http://www.counciloncybersecurity.org/
http://benchmarks.cisecurity.org/downloads/benchmarks/