CITS

Safer Social Networking

August 5, 2015   |  By Chris Phillips

In less than a decade, social networking has become one of the most common Internet activities across the world–something many of us can no longer imagine living without. Whether you use Facebook, Twitter, LinkedIn, Pinterest, Google Plus, or any of the hundreds (if not thousands) of other social networking sites, you need to be aware of the standard procedures for safer use of these resources.

Broadly speaking, the compromise of personal information falls under the heading of identity theft. The goal of identity theft is typically access to bank, credit card, or other personal financial information, or to government benefits or documents, resulting in financial gain for the thief, personal loss for the victim. Identity theft can also result in substantial financial damage to the organization for which one works, if access to business accounts is compromised.

Tools of the Attackers

Malware

Information can be catastrophically compromised by malicious software (“malware”), which can be transferred to your computer via a website or third-party application. All that is required to install malware on a computing device is a single click on a seemingly innocuous link. It has been recently estimated that 80 to 90 percent of security compromises occur through such basic methods. Malware infections can be virtually impossible to detect–-though good anti-virus software helps a lot.

Social Engineering

Once installed, malware can harvest personal information stored on your computing device, as well as any information related to work if the device is also used for that purpose. It can also harvest personal contacts, such as from an email address-book, to propagate itself onward to new victims, sending messages that seem safe because they appear to originate from a trusted source.

Using Information that You Provide

Even without installing any malware, attackers can often defeat security measures by simply using information posted on publicly-accessible social network pages. For example, most sites, including social networking sites, offer the ability to reset a forgotten password using security questions that leverage personal information. Many of these security questions relate to data which is easily searchable, such as your place of birth. And if, for example, you’ve posted your first pet’s name or your favorite vacation destination publicly anywhere, then these, too, become risky choices for your security question.

Things You Can Do to Protect Yourself

Minimize Your Use of Social Networking

The most effective way to eliminate the risks of social networking would be to remain completely anonymous--which would obviously defeat most, if not all, of the benefits.  Short of that, it is important to strike a balance that is right for your situation.

Install Protective Software and Keep it Current

Make sure you have appropriate security software installed on all your computing devices, such as anti-malware/anti-virus and firewall utilities, and make sure that it is kept current.  Keep your other software current too, including patches to each device’s operating system and the applications software installed on each.  All software updates should be set to occur automatically if possible.

Use Strong Passwords; Encrypt if Possible

Almost all computing devices have the capacity to use an access password. Make sure you turn on this feature, and use a strong password. If the device offers encryption capability, use this, too. The more portable the device, the greater is the risk of loss. Without at least an access password in place, the loss of a personal computing device can be catastrophic.

Be Very Wary About Software Add-Ons

You can easily defeat all your security software by installing a third-party application that contains malware. If you must install an add-on, be very careful to ensure that it comes directly from a trusted source. Be particularly cautious about “scareware.”  If you receive a message indicating that something suspect has been found on your computer and directing you to install a “free solution” to the problem, doing so will often guarantee that you’ll have a problem, since such messages commonly come from malware sources.

Use Privacy Settings to Limit Access

Every social networking site allows its users to exert some control over their information sharing. These privacy and security settings can be used to limit others’ access to contact information as well as to the content you post; they can also limit search engine access, which is critical. Any time you set up an account on a social networking site you should review your privacy and security settings in full.  And re-review them periodically; sites are free to change these options, along with their associated privacy policies, and not always with a great deal of notice.

Share with Great Discretion

No matter how carefully you choose your privacy and security settings, if you share content with others you are still vulnerable to their sharing practices. You’re also vulnerable to their security practices: if their account is compromised, what you have shared with them may be exposed.  Be aware that once anything becomes public it will likely be out there forever.

Know Who to Contact if Something Goes Wrong

Social networking sites have security contacts. At UMB, the Security and Compliance Office in CITS or your local IT security support staff are the persons to whom you should turn.   No protective steps can assure you’ll be completely safe on social networking sites, but you can reduce the probability that you, your family, or your employer will be a victim by following the steps outlined above.