These days, it seems like everyone wants to stay connected. Think about it. We have our social networks, our smart phones, and dozens of our “friends” to keep in touch with. I’ll admit. I just have to stay connected. I have Facebook for my college buddies, I tweet on Twitter to get my daily news, I’m LinkedIn to build my professional network, and you can find out where I’ve been each day on FourSquare. Oh yeah, I’m also on Digg, Delicious, Flickr, Last.fm, Posterous, Qik, Stickam and Tumblr. Okay, okay, I’m kind of addicted. Don’t judge me. :)
But is there a price to pay for staying “connected?” Checking the most recent statistics, Facebook has more than 500 million active users, of which 50 percent log in daily. The average user has 130 “friends” — can you even name 50 of your friends? Recently, concerns over information privacy have put Facebook under fire by technology activists, the government, and even the Facebook community.
With our privacy at risk, it’s important to reflect on the networks we’re connecting to, the people we’re connecting with, the information we’re sharing, and the risks we’re accepting with membership. Obviously, the easiest and full-proof solution to prevent identity theft or information loss from social networks is to not use them altogether. C’mon, what’s the fun in that? Here are a few other options for protecting your data that I’ve read (and don’t agree with):
I don’t accept “friend” requests.
Then you’ve completely missed the intention of connecting with people on these networks.
I use Firefox.
Good job, Firefox has a lower market footprint and does provide some features that will enhance browsing security. Unfortunately, a significant number of social media information loss is due to social engineering attacks requiring action from the end user. Your Internet browser has little to do with it.
I only post fake information.
So why join at all? Do you connect with “fake friends” too? Just kidding, sorry.
The reality is we use social networks to find old “friends” and keep up with people with whom we contact rarely. If you’ve noticed, I keep using the word “friend” in quotes because it’s a commonplace term for social networks. We’re always friending, following, or linking; however, these may be people we only met once at a party or somebody we haven’t seen in 20 years. It could also be your family, colleagues, or even an enemy. In real life, they would merely be an acquaintance, but online, everybody’s our “friend.”
So with the standard ideas in mind, here are my Top 5 Realistic Tips for staying safe in social networks:
Only post what you want to share (with everybody in the world).
I’m still an information security professional, so I like to err on the side of caution. Of course you’re not going to post your social security number, but decide whether you want anybody else to know things like your cell phone number, home address, or even a witty comment. Just like a rumor mill, the sharing network is exponential: your “friends” can see your information and possibly share it further.
If it looks phishy, it probably is!
A popular phishing attack these days is a fake Facebook friend request. They look surprisingly realistic, but a quick click of the mouse and typing your user name and password can give a bad actor access to all of your data—and all of your friends’ too. Just like your bank, your social network will never ask you for deeply personal information or request that you divulge your password to them. If you think this could have happened to you, change your password and notify the network right away.
Don’t “check in” at home.
Foursquare, Gowalla and Google Latitude are popular examples of geosocial networks that let you “check in” and share your current location with everybody. Websites such as PleaseRobMe.com have already pointed out that when you’re checking in somewhere, you’re obviously not at home. Social networks typically have excellent search features—it doesn’t take long to gather a lot of information about one person across many websites. Although a home address might be easy to find in public record searches, criminals are looking for the easy targets (most of the time). Don’t “check in” at your house, somebody else’s house, or where your kids go to school.
Don’t save your password, and change it often.
As an IT administrator, I remember a lot of passwords. In my head. Today’s count is around 30 or so. Most popular web services don’t require a frequent password change like you would have to do at the office. I would also venture to say that a typical home user lets the browser remember the password for them. Take initiative with your personal affairs—type your password every time you go to the website and change it at least twice a year. Take a look at this article
for some good info on strong passwords.
Be social! Stay active in your networks.
Wait a second? I’m telling you to actually use these super-dangerous websites I just revealed horrible realities about? Absolutely. In the information security community, one of the keys in a secure environment is awareness. If you’re going to use social networks, you need to know who’s writing on your wall, which applications you’re using and who’s tweeting about you. If your account is compromised, being proactive and catching it early will reduce the damage. Nobody is de-friended by me quicker than someone who just spammed me about Viagra. Now on the other hand, if you don’t think you use your profile enough, close your account. I’m not talking about not logging in—delete your account and all the information with it. If you’re on the fence, many services allow you to suspend your account and hide all your data, with the option of coming back at a later time.
Ten years ago, you would find people hesitant to even use their real name on a website. Today, people are overly confident in how and where they share personal information. It’s easy for someone to say “don’t use social media, it’s too dangerous!”, but the fact is that it’s only as dangerous as you make it. Awareness will always be the cornerstone to staying safe in social networks. I’m staying active—feel free to look me up on Facebook, FourSquare, LinkedIn, or Twitter if you’re in need of a new “friend.”