secureCI presents Ouch!
The SANS Monthly Information Security Bulletin at CI
Tanya Baccam is a longtime security consultant. She has been a SANS author and instructor for over a decade, having taught and written SEC502, SEC542, SEC401, MGT414, AUD507 and many other courses. Follow her on Twitter at @tbaccam.
Social media sites, such as Facebook, Twitter, Instagram and LinkedIn, are amazing resources, allowing you to meet, interact and share with people around the world. However, all this power also brings risk for you, your family, friends and employer. In this newsletter, we explain what these dangers are and how to use these sites securely and safely.
A common concern with social media is protecting your personal information. Potential dangers include:
Impacting Your Future: Some organizations search social media sites as part of background checks. Embarrassing or incriminating photos or posts, no matter how old, could prevent you from getting hired or promoted. In addition, many universities conduct similar checks for new student applications. Privacy options may not protect you, as these organizations can ask you to “Like” or join their pages or certain posts may be archived on multiple sites.
Accidentally Harming Your Employer: Criminals or competitors can use any sensitive information you post about your organization against your employer. In addition, your posts can potentially cause reputational harm for your organization. Be sure to check your organization’s policies before posting anything about your job. In addition, some of your social media posts may be monitored.
The best protection is to limit what you post. Yes, privacy options can provide some protection. However, they are often confusing and change frequently without your knowledge. What you thought was private can quickly become public for various reasons. In addition, the privacy of your posts is only as secure as the people you share them with. The more friends or contacts you share with, the more likely that information will become public. You should assume anything you post can or will become a public and permanent part of the Internet.
Finally, be aware of what friends are posting about you. If they post something you are not comfortable with, ask them to take it down. If they refuse or ignore you, contact the social media site and ask the site to remove the content for you. At the same time, be respectful of what you post about others.
In addition to privacy concerns, here are some steps to help protect your social media accounts and online activities:
Login: Protect each of your accounts with a strong, unique password and do not share them with anyone else. In addition, many social media sites support stronger authentication, such as two-step verification. Always enable these stronger authentication methods whenever possible. Finally, do not use your social media account to log in to other sites; if it gets hacked, then all of your accounts are vulnerable.
Privacy Settings: If you do use privacy settings, make sure you review and test them regularly. Social media sites often change privacy settings and it is easy to make a mistake. In addition, many apps and services let you tag your location to content that you post (called geotagging). Regularly check these settings if you wish to keep your physical location private.
Encryption: Social media sites use encryption called HTTPS to secure your online connections to the site. Some sites (like Twitter and Google+) enable this by default, while others require you to manually enable HTTPS. Check your social media account settings and enable HTTPS as the default connection whenever possible.
Securely Using Mobile Apps:
Educating Kids on Cyber Safety: