October is National Cybersecurity Awareness Month and [U]Tech's Information Security Office has compiled tips for members of the Case Western Reserve University community to keep in mind regarding social media use and data privacy.
Though social media platforms like Twitter, TikTok and Instagram are free, these services sell data about their users’ habits and activity. Advertisers buy this data in order to tailor ads specifically to the interests of each individual user.
Bear in mind that once you post something on the internet, it lives there forever. Not only can future employers evaluate your Tweets to see if you will fit into their corporate culture, but attackers may also attempt to use key details from your life like your job title, full name, birthdate and more, to attempt a direct "spear-phishing" attack on you. Criminals can also use social engineering with these details to try to impersonate you, and gain access to financial information or commit fraud.
A few of the most effective things you can do to protect your social media accounts are:
- Sign up and manage the account using an email that you check often;
- Verify your account;
- Check your profile on each platform to make sure the email is up to date;
- Use a different, strong password for each account; and
- Most importantly, if it’s offered, enable two-factor authentication.
Using an email that you check often increases your visibility into your online presence. For example, if you get an email that someone logged in from an unauthorized location you will see it quicker than you would on an email you rarely use.
Verify your account using the message sent to you by the company as part of the sign-up process in order to validate that the user signing up for the account is actually you.
Monitor your profiles on social media websites and ensure that the emails are current so you can be kept up-to-date with what is going on with your accounts.
Strong, unique passwords are a must; do not reuse passwords across multiple accounts. [U]Tech recommends managing your complex passwords using a password manager like LastPass.
With two-factor authentication, if your password is compromised, the attacker will be stymied by the prompt for that second factor.
Set your account as private, in order to restrict access to your data to only those followers you authorize. Be selective about which followers you accept.
Check the privacy settings within the social media app itself, and re-evaluate how much data access the app really needs. Instagram, for example, was criticized recently for a configuration that let location tagging in posted photos expose users’ locations to a precise degree. The app works perfectly fine if you don’t grant it permission to access your microphone, location, contact and other data stored on your mobile device.
Only download verified apps from the App Store for your mobile platform. Phony apps can capture credentials for social media accounts and expose your information to unauthorized eyes.
Discord is becoming a popular platform for chatting and communicating about gaming, and it too has its share of scammers. On the account settings page, you can set up two-factor authentication and change message and privacy settings. Be wary of clicking links from unknown sources, only scan QR codes if you generated it, and be wary of scams such as those offering "Free Nitro."
Shortened URLs and QR codes can obscure the ultimate destination of a clickable link. If you are tempted to click a link on a social media site, hover your mouse or finger over it to see where it goes before visiting the page. Taking a couple seconds to verify the trustworthiness of a site can save you from hours of hassle and lost dollars.