Volume 8, Issue 9
Social Networking Sites: Security and Privacy Issues - pdf
From the Desk of Thomas D. Smith, Chief Information Security Officer
Recent cyber attacks involving several high-profile social networking accounts highlight the potential vulnerability of social networking sites. The sheer volume of users and the information that gets posted on social networking sites create plenty of opportunity for an attacker to use social engineering or other methods to gain access to the accounts of individuals and organizations. The more information you post on social media sites, the more your security and privacy are at risk.
Below are some helpful tips regarding security and privacy while using social networking sites:
- Ensure your computer has proper security measures in place before connecting to a social networking site. Use and maintain anti-virus software, anti-spyware software, and a firewall. Keep these applications and operating system patched and up-to-date.
- Be cautious when clicking on links. If a link seems suspicious, or too good to be true, do not click on it.
- Remove all personal data first when deleting a social media account. Request that the account be deleted rather than deactivated.
- Always type the address of your social networking site directly into an Internet browser or use personal bookmarks. Do not click on a link to your social networking site through email or another website. Chances are you might be entering your account name and password into a fake site where your personal information could be stolen by a hacker or cyber criminal.
- Be cautious about installing third party applications. Install applications that come from trusted, well-known sites. Some social networking sites provide the ability to add or install third party applications, such as games. When you download a malicious application, hackers may have the ability to gain full access to your account and the data you share. Malicious applications can use this access to interact with your friends on your behalf, steal, and misuse personal data. Installing some malicious applications may modify your security and privacy settings. If you are no longer using the application, remove it.
- Use strong and unique passwords. Use different passwords for different accounts, and do not use a password you use to access your organization’s network on any personal sites you use. Using the same password on all accounts increases the vulnerability of these accounts if one becomes compromised.
- Use discretion before posting information or comments. Once information is posted online, it can potentially be viewed by anyone and may not be able to be retracted afterwards. Keep in mind that content or communications on government-related social networking pages may be considered public records.
- When posting pictures, delete the metadata, which includes the date and time of the picture.
- Do not announce that you are on vacation or away for an extended period of time.
- Configure privacy settings to allow only those people you trust to have access to the information you post.
For More Information:
- Enterprise Information Security Office Resources and Newsletters
- STOP.THINK.CONNECT Social Networking and Cyberbullying Tips
- US-CERT Socializing Securely: Using Social Networking Services
- Facebook: A Guide to Privacy
- Sophos: Facebook Security Best Practices
- Twitter: Protecting and Unprotecting Your Tweets
For more monthly cyber security newsletter tips, visit:
The information provided in the Monthly Security Tips Newsletters is intended to increase the security awareness of an organization's end users and to help them behave in a more secure manner within their work environment. While some of the tips may relate to maintaining a home computer, the increased awareness is intended to help improve the organization's overall cyber security posture. This is especially critical if employees access their work network from their home computer. Organizations have permission and are encouraged to brand and redistribute this newsletter in whole for educational, non-commercial purposes.
Acting Chief Information Security Officer
- EISO Home
- Incident Reporting
- Breach Notification
- Cyber Advisories
- NYS Digital Forensics
- Cyber Tips Newsletter
- Keeping Kids Safe Online
- Local Government
- Policies and Resources
- NY-ISAC Secure Portal
- Contact EISO