Social Media is a vital tool for both businesses and consumers. We use social media to share information, stay up to date on the latest events, ask questions and build our brands, either personal or company! Social media use is so ingrained in our minds today that the first thing most people think when something interesting happens is “I should tweet about this”. It should come as no surprise, then, that crackers, hackers and scammers are rushing to social media websites to find their next targets. In this post I outline some steps that will help you stay safe on social media.
Both Facebook and Twitter have improved their account security features over the last few months, and Twitter recently announced plans to introduce two-factor authentication, but additional security of that kind is not enough to ensure that your accounts will be safe. For optimal security, you will have to take some precautions yourself.
1. Use strong passwords
Choose a strong password for every site, and do not re-use passwords across multiple accounts. A good password contains a mixture of letters and numbers, and is not a dictionary word, a birthday, or a predictable string of numbers such as 1234. If you’re struggling to come up with a password, try stringing together the first letter of the first few words in your favourite song, or picking three words from your favourite passage in a classic book. Passwords don’t have to look like someone mashed their face against the keyboard a few times to be strong; they just have to be long, and random enough that they’d be impossible to guess.
2. Don’t click links sent by strangers
One of the most common, and most successful, scams on Twitter is for a spammer to send a message containing a link, and a question like “Is that you in this video?” A huge number of people click the link out of curiosity, and are then taken to a page that asks them to authorize an app, or that performs a “drive by download” of a malicious program onto their machine. If they authorize the app, or their machine gets infected, then their account will be hijacked to send even more spam.
3. Tweak your privacy settings
Take a close look at the privacy settings on both your personal and business social networking pages. Pay particular attention to posting restrictions on Facebook groups. If you allow anyone to post updates to your Facebook group, then you could end up leaving your customers open for social engineering attacks. Protect your brand by making sure that only authorized employees can send updates to any groups that you run.
4. Understand data protection laws
Many companies forget that data protection is a two way street. Now only do you have to worry about the data that you hold on your customers, you must consider how your company’s data is being handled. Think carefully before posting anything to a social media website, and read the terms and conditions (and the privacy/security policies) of all cloud services that you use. Do not put anything into the cloud unless you are certain that it will be secure, or you don’t care if it is seen by people outside of your company. The guys over at QT&C offer data protection training and advice that could help to keep you out of some social media hot water.
5. Train your employees
All of the above precautions are useless if you are the only person in your company that follows them. Train all of your employees in the importance of computer security, and educate them about social engineering, privacy, data protection, backups and other important issues. Make absolutely certain that an employee understands how to keep your social media accounts secure before you give them control over any part of your accounts. Consider using a service such as Hootsuite so that third parties can post to your accounts without having direct access to the account itself.