The most popular social media platforms have billions of users, and the number keeps getting bigger every year. Facebook, Twitter, YouTube and Instagram to name a few—have gone beyond their initial purpose of sharing, entertainment, and communication. Now, enterprises see them as valid advertising tools and users have built careers out of sharing content.
Information Sharing risks:
Attackers may use social networking services to spread malicious code, compromise users’ computers, or access personal information about a user’s identity, location, contact information, and personal or professional relationships. You may also unintentionally reveal information to unauthorized individuals by performing certain actions. The following are some common threats to social networking services.
- Viruses – The popularity of social networking services makes them ideal targets for attackers who want to have the most impact with the least effort. By creating a virus and embedding it in a website or a third-party application, an attacker can potentially infect millions of computers just by relying on users to share the malicious links with their contacts.
- Tools – Attackers may use tools that allow them to take control of a user’s account. The attacker could then access the user’s private data and the data for any contacts that share their information with that user. An attacker with access to an account could also pose as that user and post malicious content.
- Social engineering attacks – Attackers may send an email or post a comment that appears to originate from a trusted social networking service or user. The message may contain a malicious URL or a request for personal information. If you follow the instructions, you may disclose sensitive information or compromise the security of your system.
- Identity theft – Attackers may be able to gather enough personal information from social networking services to assume your identity or the identity of one of your contacts. Even a few personal details may provide attackers with enough information to guess answers to security or password reminder questions for email, credit card, or bank accounts.
- Third-party applications – Some social networking services may allow you to add third-party applications, including games and quizzes, that provide additional functionality. Be careful using these applications—even if an application does not contain malicious code, it might access information in your profile without your knowledge. This information could then be used in a variety of ways, such as tailoring advertisements, performing market research, sending spam email, or accessing your contacts.
Security measures:
Taking general security precautions will reduce the risk of compromise.
- Use strong passwords , and use a unique password for each service.
- Keep anti-virus software up to date.
- Install software updates in a timely manner, particularly updates that affect web browsers.
General Social Media best practices:
-
Posting
Be careful and think before posting. Anything you post will most likely become public at some point, impacting your reputation and future, including where you can go to school or the jobs you can get. If you don’t want your family or boss to see it, you probably shouldn’t post it. Also, be aware of what others are posting about you. You may have to ask others to remove what they share about you.
-
Privacy
Almost all social media sites have strong privacy options. Enable them when possible. For example, does the site really need to be able to track your location? In addition, privacy options can be confusing and change often. Make it a habit to check and confirm they are working as you expect them to.
-
Passphrase
Secure your social media account with a long, unique passphrase. A passphrase is a password made up of multiple words, making it easy for you to type and remember, but hard for cyber attackers to guess.
-
Lock Down Your Account
Even better, enable two-factor authentication on all of your accounts. This adds a one-time code with your password when you need to log in to your account. This is actually very simple and is one of the most powerful ways to secure your account.
-
Scams
Just like in email, bad guys will attempt to trick or fool you using social media messages. For example, they may try to trick you out of your password or credit card. Be careful what you click on: If a friend sends you what appears to be an odd message or one that does not sound like them, it could be a cyber attacker pretending to be your friend.
-
Terms of Services
Know the site’s terms of service. Anything you post or upload might become the property of the site.
- Avoid suspicious third-party applications
Choose third-party applications wisely. Look for applications developed by vendors you trust, and avoid applications that seem suspicious. Limit the amount of information third-party applications can access.
References:
SANS Monthly Security Awareness Newsletter: Top Tips to Securely Using Social Media https://www.sans.org/security-awareness-training/resources/top-tips-securely-using-social-media
US CERT Socializing Securely: Using Social Networking Services https://www.us-cert.gov/sites/default/files/publications/safe_social_networking.pdf
Social Networking and Security Risks
http://www.gfi.com/whitepapers/Social_Networking_and_Security_Risks.pdf