By Stephanie Popp, Intel Analyst
Staying connected, creating communities, building business connections, being entertained, and spreading ideas and news are just a few of social media networking’s purposes. However, it is easily forgotten that once information is posted to a social networking site, it is no longer private. Many believe using high security settings will keep them shielded from predators, hackers, and business competitors online, but the reality is that you, your friends, or 3rd party websites may inadvertently leak sensitive information.
Individuals sharing information via social media can expose themselves to some of the following:
Identity theft: Use of photo and video sharing sites (e.g., Instagram, YouTube, Flickr) provides deeper insight into you, personally, as well as your family and friends, your house, hobbies, and interests.
Exploitation: Sharing your location can reveal sensitive information (home and work addresses, places you frequent) that can be exploited by criminals.
Burglary: Posting that you are out of town or on vacation gives critical tips to thieves.
Fraud: Facebook and mobile apps that are not properly reviewed by administrators can be used for malicious and criminal purposes.
A September 2013 survey from advisory firm, Grant Thornton, on corporate social media risks and rewards, revealed that 71% of the executives polled were concerned about employee social media usage. Some of the potential threats to businesses posed by employees sharing information on social networks include:
- Disclosure of proprietary and/or confidential company information
- Damage to brand reputation
- Legal, regulatory, and compliance violations
- Corporate identity theft
Because information, ideas, advertisements, etc. can spread quickly and exponentially on social media platforms, we become more susceptible to these potential threats when posting content online. Given the increased global use of social media and how many users leverage sites such as Facebook, YouTube, and Twitter, there are more opportunities for sensitive information to be exploited, stolen, and used for fraud. In addition there’s an abundance of available resources that teach criminals how to run online scams and stalking schemes, making it easy for anyone to steal your personal information.
For many, getting rid of social media account(s) to mitigate the threat of being targeted by criminals and con artists is not an option. However, there are ways to be smart about what to share and who you share it with:
Use the “Privacy” setting on your social media accounts. You can adjust your privacy settings to control who has access to your personal information. These settings change and evolve frequently, so check your privacy settings after any site updates to ensure that you are still protected.
Don’t take pictures of uniforms, credentials, or workplace areas where sensitive information (passwords, employee travel itinerary, etc.) are visible.
Know and follow the rules and guidelines in your company’s Employee Handbook (ethics, confidentiality/privacy, intellectual property policy, etc.) and ensure postings are consistent with these policies; don’t make discriminatory remarks, harass other employees, threaten violence, disparage customers, or post offensive comments.
Don’t post pictures of your financial or personal data (e.g., credit cards, old bills, driver’s license, health card). Doing so not only reveals your name, account number, and address, it also gives access to information that someone could use to socially engineer and hack into your accounts.
Don’t use geolocation tags (available on Facebook, Instagram, and Twitter). Geotagging is adding geographical identification data to media (post, photograph, video, etc.). The geographical data is derived from a global positioning system (GPS), which is based on latitude and longitude coordinates. It is easy to accidentally reveal the location of your posts; sometimes the listed location is as specific as your exact address.
Avoid using the “Checking in” feature (different from geo-tagging posts) as it lets both burglars and identity thieves know where you are, where you’ve been (e.g., bank), and/or where you will be, such as your regular gym. The “Checking in” app also displays a timestamp, which offers more insight into how long you’ve been at that specific location.
Don’t disclose your birthday, even if it’s just the month and day. Even with this limited information, criminals can piece together your entire birthdate using resumes or a LinkedIn profile that shows your graduation dates.
Use unique user names for each social media account: Vary your passwords and change them frequently. The strongest passwords include a combination of alphabetical characters, numbers, symbols, and should not represent personal information.
Don’t answer security verification questions truthfully (e.g.. “What is your birth city?” or “What is your mother’s maiden name?”); instead, where possible, use a password for all your answers.
Social media networking, an important component of today’s internet culture, is an amplification of communication that will likely continue to grow for the foreseeable future. Although potential threats associated with social media use have received more public attention, many users still do not use the privacy settings provided by social platforms and/or are unaware of the potential threats that come with exposing too much information.
While there are numerous ways to mitigate some of these potential threats, one of the best practices is to simply be aware of what you are sharing online. It is important to remember that once something is posted, even if it’s only shared with “close friends” in your network, you have no control over whether or not it will be re-posted and who might access it.
Blog Spot – Corey McCosh
http://www.digitaltrends.com/social-media/if- youre-not-careful-you-could-be-the-next-victim- of-identity-fraud-on-facebook/
http://www.eonetwork.org/octane-magazine/ special-features/social-media-networks- facilitate-identity-theft-fraud
http://www.fbi.gov/about-us/investigate/ counterintelligence/internet-social-networking– risks
http://www.grantthornton.com/~/media/content- page-files/advisory/pdfs/2013/ADV-social- media-survey.ashx
Huntington Ingalls Industries
Make Use Of
http://marketingland.com/survey-71-of- companies-concerned-about-social-media- risks-only-36-do-social-media-training-60212
http://www.marketingpilgrim.com/2014/01/ facebook-is-the-most-visited-social-network- twitter-and-google-tied-for-3rd.html
http://www.symantec.com/content/en/us/ enterprise/media/security_response/ whitepapers/ the_risks_of_social_networking.pdf
University of the Pacific
http://www.pacific.edu/Campus-Life/Safety- and-Conduct/Online-Social-Networking- Dangers-and-Benefits-.html