Tuesday, July 6, 2021

Online Social Network Security - Staying Safe and Secure with Friends

A few very high-profile ransomware attacks have brought the threat of cyber security to light in recent weeks and considering I work in the cyber security field I thought it may be prudent to address the issue in a post. The risk
became a bit more pressing to me when an elderly family member created a new Facebook account and nearly every privacy setting was set to "Public". He, understandably, was concerned but didn't even know where to go in the app to adjust these settings. Below I'll address some concerns and offer advice and guidance in maintaining a secure and safe online 'footprint' which will dramatically decrease the odds of having your identity stolen through social media.



The Threat

To be clear, anytime you connect to the internet through any device and connect to any web site, you open yourself up to a potential hack or to having your personal information stolen. Creating an online profile within any social media network is another method of exposure of your personal information if you're not careful. Say you create a new Facebook profile and don't review or adjust the privacy settings. You start searching for friends and family, you update your location, add your telephone number, where you graduated high school, where you work and even add your home address. You also include the fact that you're married and have two kids, ages 7 and 10. With Facebook's default settings, anybody who finds your profile has a range of information they can use to steal your identity....or worse. Most passwords are made up of personal information, such as birthdate or graduation data.
Worse than someone brute-force hacking your password now that they have mountains of your personal data mined from your profile, they have your location information now, too. Hardened, non-cyber criminals who come across this data can take additional steps such as breaking into your home when you post your happy vacation plans online. An even worse scenario to consider, and it should always be considered, is you've exposed your kids as well. The information of where you live along with pictures of your kids could reveal the likely school the attend, their friend's homes, or the church where they attend Bible school ... including potential bus or walking routes, all of which could lead to an abduction attempt. 

My example above targets Facebook, but in truth any social media site is the same. Facebook is often targeted and 'picked on' because it's still the most popular with the greatest number of users, but ultimately Facebook is no more or less secure than any other site. Pictures shared from vacations, boasting about the achievements your kids or grandkids accomplished at school or church, even product and local vendor reviews all create an image of you and your life....and the lives of those around you.....which can be exploited by bad guys and gals if you share all of that information to the Public in a wide-open security posture.

How to Protect Yourself

So what can you do? Don't share all of that information to the Public for starters, but how to accomplish this requires a bit more education and the development of some online habits.

Don't be this dog.


Limit Your Exposure

It's tempting to have a profile on every social media network out there, but most Internet junkies use only one or two social networks at most. Think about which network you log onto the most, where your friends are, and where you enjoy sharing the most topics and posts. If you happen to have any other social media profile out there unused, delete them, but even before you delete them, remove any and all information from the profile, then delete it. Why? Even when you delete a profile from a network, the profile remains archived on that social media server, sitting in a "deleted" folder indefinitely. If that social media service gets hacked and the server compromised, your data is still exposed, even if you deleted the profile years ago. Often times data points within the profile, however, are purged completely when they're removed or changed so removing your information before deleting the profile helps protect you a little further. 

Learn the Social Media Settings Thoroughly

Once you've decided on one or two social media networks to join learn the software and settings of those networks completely. Within those settings will be all of the privacy configurations you'll want to get to know and adjust. Normally these settings can be found under your Profile options and may be listed under Privacy or Security. Take the time and peruse each setting and make the following adjustments. 
  1. Credentials and signing on (these are critical);
    1. Have a solid, hard-to-guess password that's at least 14 characters long and includes special characters.
    2. Use multi-factor authentication (MFA), always. MFA is just that, multi-factor, meaning when you sign into the social media network you won't just be prompted for a password, but you'll have to enter a code sent to your phone, too. A hacker with your password shouldn't have your phone, too, so they won't know the code, etc.
    3. If your phone supports it, use facial recognition.
  2. Remove any and all settings that refer to Public and adjust them to Friends or Those I Follow for instance. 
  3. Never include your address or phone number in your profile. Friends and family who 'need' these data points should already have them and keep them stored individually, such as in phone contacts. Social Media should not be used as a personal address book. There's simply too much risk for exposure. A business may be different, however.
  4. Be extra careful with work and school information, even previous information in these cases. I never share any details about my job on social media, and I'm intentionally coy about my school as well.

Posting/Tweeting/Sharing

  1. While using the social network, be very careful about who you actually share posts to. Many social media networks will have privacy settings per-post so you can limit who sees them.
  2. To expand on #3 above; only post information you'd have exposed to the public regardless of the privacy setting you place on the post. Think of it this way; if you're uncomfortable tacking the information on a public billboard in your city's town square, you probably shouldn't be posting it on the Internet regardless of how private you think it'll be.
  3. Be careful about what's in that picture you're about to post. A picture contains more than just the subject, usually. Items in the background can expose a lot of private information if you don't review the picture carefully before posting it.

Your so-called Friends

One of the biggest schemes out there involves fake social profiles. Imagine this; you're diligent and lock down all of your privacy settings so only friends can see your semi-personal details, then you receive a friend request from Jacob Jinkleheimer and although Jacob doesn't look familiar to you at all his name sounds familiar so you friend him...only Jacob is a black-hat hacker and now has access to some of your more personal information through your social network profile which he can use to exploit in some fashion. The lure, typically, on social media is to have a lot of friends, to try to be an influencer with high follower numbers. Hackers know this and, thus, slap up fake profiles to tempt you into "liking" them and revealing your data. To avoid this scheme....
  1. Thoroughly inspect a potential "friend's" profile before clicking Like. Hackers create hundreds, maybe thousands of profiles across all social media networks, so they don't have a lot of time to put into actually fleshing out those profiles. Accounts that only have a few pictures, no real information, haven't been used in six months or more, or that were just created within the last week, are all keys that indicate the profile is most likely fake.
  2. Check the profile's friends and see if you have any friends in common. If not, how'd they find you and why would they want to 'be your friend?" 
  3. Watch for hacked accounts from true friends.  We all have those moments of weakness where we click on a link or reveal our password when we shouldn't have. Hackers are in the business of spreading their evil. When they hack an account successfully, one of the first things they do is hit that account's friends list and try to hack others from there, so if you receive an invitation from someone on your legitimate friends list asking you to click a suspicious link or enter your social media password...even though you're already logged on... those are red flags that your friend may have gotten hacked. As the saying goes, "In God we trust. All others we verify."
Note: After working through the privacy and security settings of the social media network you've chosen, it's possible you still may not be comfortable with the level of security the network provides to it's users. If you feel unsafe, change your social media network. There's no harm in doing so. You can let your friends and family know you don't use "XTube-aGram" if they don't secure your information appropriately. Just remember to purge all the information you put on XTube-aGram before actually clicking Delete on that profile.

Final Thoughts

There are a few other steps you can take above and beyond those I listed above, such as purchasing and installing a 3rd party antivirus/anti-malware software suite on all of your devices, using a VPN (virtual private network), and resetting your passwords every 3-6 months. 

In the end being cautious, watchful, and knowledgeable about whichever social media network you choose is the biggest key in preventing exposing your information or getting your account hacked. In this day and age just signing onto the Internet is a serious risk. In regards to the issue of online privacy, just remember, an ounce of prevention is worth a pound of cure.

Peace.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)