Security Advice for Using Social Media

Social interaction on digital platforms has become a staple of modern life, and along with that has come a flood of stories about accounts being duplicated or hacked, and private information being exposed to unintended or unwanted viewers. UTech's Information Security Office has put together some tips to help members of the Case Western Reserve University community protect themselves on social media.

Protect yourself and your future

If you participate in social media platforms such as TikTok or Instagram, you are encouraged to keep in mind that all of these "free" services sell data about their users’ habits and activity. Advertisers buy this data in order to tailor ads specifically to the interests of each individual user.

Bear in mind that once you post something on the internet, it lives there forever. Not only can future employers evaluate your tweets to see if you will fit into their corporate culture, but attackers may attempt to use key details from your life like your job title, full name, birthdate and more, to attempt a direct "spear-phishing" attack on you. Criminals can also use social engineering with these details to try to impersonate you, and gain access to financial information or commit fraud.

Protect your account and unique password

A few of the most effective things you can do to protect your social media accounts are to:

  • Sign up and manage the account using an email you check often;
  • Verify your account;
  • Check your profile on each platform to make sure the email is up to date;
  • Use a different, strong password for each account; and
  • Enable two-factor authentication if it is offered.

Using an email account that you check often gives you better oversight of your online presence. For example, if you get an email indicating that someone logged in from an unauthorized location, you will see it quicker than you would on an account you rarely use. Verify your social media account using the message sent to you by the company as part of the sign-up process, in order to validate that the user signing up for the account is actually you. Monitor your profiles on social media websites and ensure that the emails are current so you can be kept up to date with what is going on with your accounts.

Strong, unique passwords are a must; do not reuse passwords across multiple accounts. The Information Security Office recommends managing your complex passwords using a password manager.

If offered, use a two-factor authentication app to link to your account for extra security: that way, if your password is ever compromised, the attacker will be stopped by the prompt for that second factor.

Keep your account private

Set your account’s visibility level to private in order to restrict access to your data to only those followers you authorize. Be selective about which followers you accept.

Check the privacy settings within the social media app itself, and re-evaluate how much data access the app really needs. Instagram, for example, was criticized recently for a configuration that let location tagging in posted photos expose users’ locations to a precise degree. The app works perfectly fine if you don’t grant it permission to access your microphone, location, contacts and other data stored on your mobile device.

Only download verified apps

Only download verified apps from the App Store for your mobile platform. Phony apps can capture credentials for social media accounts and expose your information to unauthorized eyes.

Think before you click

Shortened URLs and QR codes can obscure the ultimate destination of a clickable link. If you are tempted to click a link on a social media site, hover your mouse or finger over it to see where it goes before visiting the page. Taking a couple seconds to verify the trustworthiness of a site can save you from hours of hassle and lost dollars.

What about Discord?

Discord is becoming a popular platform for chatting and communicating about gaming, and it too has its share of scammers. On the account settings page, you can set up two-factor authentication and change message and privacy settings. Be wary of clicking links from unknown sources, only scan QR codes if you generated them, and be wary of scams such as those offering "Free Nitro."

Employ reasonable skepticism

Be skeptical of what you see and are asked to do, especially by strangers and people you’ve never actually met. Many TikTok videos turn out to be fake, or clips taken out of context. People often aren’t who they appear to be, and things they ask or challenge you to do may be bad for you or dangerous.

You are your real audience

Your real audience is yourself and those you actually and already know. Free accounts and social media are often selling you things or selling your information to others. Be careful with yourself, your accounts, your information, your money and your future.

Contact the Information Security Office

To report a security issue, contact the service desk at 216.368.HELP, submit a ticket at help.case.edu, or reach out to [U]Tech Information Security directly at security@case.edu.