Keeping Your Social Media Accounts Safe
Whether you're an average Internet user, or an IT pro who checks Twitter before getting out of bed and goes through several SSH sessions before the day is over, chances are you have a lot of social media accounts, and you use them to keep in contact with some pretty important people, such as friends, your family, co-workers, and more. These social media accounts are likely accessed on your own computer, and maybe also your tablet, smartphone, and so on. But how much care do you take to keep these secure?
Sure, it may be "just a Facebook account" but if that account is the only way you have to talk to family members on the other side of the country, that becomes very important. There are a lot of ways a social media account can be compromised, and not only your own, but possibly the accounts belonging to your business, or corporate partners, and if you were to lose control of them, things can get really messy. Let's see some of the things that can go wrong and how you can protect yourself on each of the popular social networks.
Two year's worth of NIST-aligned training
Deliver a comprehensive security awareness program using this series' 1- or 2-year program plans.
Staying safe on Facebook
Facebook is definitively the most popular social network in the world with around a billion users. It also offers all kinds of features, from your own personal wall, to games, messaging, email and more. As such, it's no surprise that Facebook accounts are something hackers target on a regular basis. In fact, these accounts are compromised so often that on underground Russian hacker forums, the rate they get sold for is around $2. That's how much your Facebook account, your past life on the social network, and all your connections, would be worth to a bad guy on the other side of the world. There are many trivial ways for these crooks to compromise a Facebook account, and that's why you need to take some steps to make sure they won't get yours.
Some of the ways hackers use to take over Facebook accounts include phishing emails, trying to trick you to log in through a fake Facebook portal, and malware. There are dozens of viruses spreading throughout the net on a constant basis that do nothing but look for unpatched computers, and then take over the social media accounts you log into. This could mean your own account, but for many professionals, it's often more than one.
If you run your own business, or handle the corporate accounts of the place you work at, you may well be logging into more than one account, and if your computer gets compromised, then all of the accounts could be in danger. Worse, Facebook makes it fairly tricky to gain access back. The way this site works is that if you try to gain access to a compromised account, it will ask you to identify some of your friends. If you have just a few dozens close friends, that may not be too hard. But the truth for many of us is that we often befriend people we don't know that well, and being shown their current profile picture would not be all that helpful to recognize their name. So it's best if you can avoid having to go through account recovery altogether.
Thankfully, Facebook offers some features that can be useful to make sure your account is safe. First, the site has geo-ip monitoring software. This means that if you try to log in from a remote location, like say Eastern Europe, the site will detect it and ask additional questions, sometimes even sending you an email. This brings us to a key security feature everyone should know for both Facebook and all other online accounts.
In almost every case, the one most vulnerable part of the whole account login process is the email you use. Everything is tied to that one email address, including what you type in when you log in, and what is used if you try to reset your password or to recover your account. But for most people, their email address is well known. So the first thing to do is sign up with a second, hidden email. Use an address that no one knows about to log into these services, or associate it as a hidden email in the Facebook settings, something you can easily do. That way, if someone tries to log in as you, they will need to know what that secret address is.
Another feature few people know about is two-factor authentication. Facebook offers a second authentication feature called Login Approvals which is the same thing as Google's authenticator or PayPal's token. You can enable it in the security options, and then use the Facebook mobile app on an Android or iOS device to generate a code every time you log in from a new computer. By using these two tricks, you can reduce the chance that your Facebook account will be compromised by a lot.
Twitter risks
Twitter is probably the second most popular social network out there, and as such it should be kept secure. Unlike Facebook, Twitter offers few features, and that includes on the security front as well. Also, Twitter is something you likely use on a lot of devices, and give access to several apps. If any of these apps is malicious, it could start posting as you, deleting past posts, or even compromise your whole account, depending on how it has access to your Twitter account. While your Twitter presence may not be as important as Facebook, and you don't have years of photos stored on their servers, getting a large Twitter following can be costly and time consuming, and as such you may want to make sure your account is secure.
The first thing you should do is make sure the email you associate is also a hidden address, just like for Facebook. Then, go to the Twitter settings on the web site, and check out which apps have access to your account. Twitter, just like Facebook, has a list of apps to which you have granted permission. You should never give your Twitter password to another app or device. You should always make sure they use Twitter's OAuth API, which is what happens when the app opens a small window from Twitter which asks you if you want to grant them permission. That way, the app will appear on this page, and you can revoke access at any time.
One more thing you may want to think about for all social media, but especially Twitter, is whether or not you want to use geotagging. On Twitter, the default option when you tweet a photo from a mobile device is to tell the world where you are. Because tweets are open to the public by default, that means anyone can scan the site to find people close by, and then this could in turn put your personal safety at risk. There are scripts out there that scan Twitter for key phrases like "left home" or "gone to the gym" along with geotagging information. It may seem paranoid, but these things exist, and could be a gem for thieves looking for empty houses.
Google Plus, and your Google account
Google Plus is the least popular social network, but in a way it may also be your most important account, because that same Google account can be used for so many services. If you use Gmail, Google Docs, Google Reader, Google Plus, and so on, those are a lot of different services you can gain access to with a single user name and password. Here, assuming you use Gmail as your primary contact address, there's no way to keep your user name hidden, so everything rests on your password, and so it's key to use a strong password. Your email account, in many ways, is the most important online account out there, because it serves as recovery for all your other accounts.
Fortunately, Google has several features that can help. The first one is two-factor authentication. Google provides an authenticator app on Android and iOS that you can use to login. Of course, this may be annoying if you use many Google services on many devices, but it's definitely an added security. Also, Google will periodically ask you to confirm a secondary email and phone number. It's important to add those as well because they can be used in case you lose access to your account. Finally, in the security settings of your Google account, there's an option that says Always use HTTPS. This forces Google to always revert to a secure connection when you access Gmail or other Google accounts. This keeps the information going from your system to the site secure.
Get six free posters
Reinforce cybersecurity best practices with six eye-catching posters found in our free poster kit from our award-winning series, Work Bytes.
In the end, it's not hard to keep your online accounts safe, all you need is to make sure you keep your own system up to date, because if you get infected, nothing will protect you, and then make sure you turn on the various security features that these sites offer. With that, you should be fairly certain that hackers would have a very hard time getting into any of these accounts.
In this Series
- Keeping Your Social Media Accounts Safe
- Tax scam season: How to protect your data from common scams in 2024
- Security awareness for kids: Tips for safe internet use
- Celebrate Data Privacy Week: Free privacy and security awareness resources
- Consumer data, who owns it and who protects it?
- Human error is responsible for 74% of data breaches
- What is a social engineering attack?
- Biggest cybersecurity mistakes by large organizations
- 4 common social media scams (and how to avoid them)
- From theory to practice: Designing a successful security awareness training program
- Understanding cyberattacks: Types, risks and prevention strategies
- Securing digital frontiers: The importance of information and IT security awareness training
- Optimizing your corporate security awareness training: Strategies and techniques
- What is security awareness: Definition, history and types
- Top 10 security awareness training topics for your employees in 2023 and beyond
- AI best practices: How to securely use tools like ChatGPT
- Connecting a malicious thumb drive: An undetectable cyberattack
- 5 ways to prevent APT ransomware attacks
- 4 mistakes every higher ed IT leader should avoid when building a cybersecurity awareness program
- ISO 27001 security awareness training: How to achieve compliance
- Run your security awareness program like a marketer with these campaign kits
- Deepfake phishing: Can you trust that call from the CEO?
- Fake shopping stores: A real and dangerous threat
- 10 best security awareness training vendors in 2022
- How to hack two-factor authentication: Which type is most secure?
- Malicious push notifications: Is that a real or fake Windows Defender update?
- Free Cybersecurity and Infrastructure Security Agency (CISA) ransomware resources to help reduce your risk
- How IIE moved mountains to build a culture of cybersecurity
- At Johnson County Government, success starts with engaging employees
- How to transform compliance training into a catalyst for behavior change
- Specialty Steel Works turns cyber skills into life skills
- The other sextortion: Data breach extortion and how to spot it
- Texas HB 3834: Security awareness training requirements for state employees
- SOCs spend nearly a quarter of their time on email security
- Security awareness manager: Is it the career for you?
- Risks of preinstalled smartphone malware in a BYOD environment
- The ROI of security awareness training
- 5 reasons to implement a self-doxxing program at your organization
- What is a security champion? Definition, necessity and employee empowerment [Updated 2021]
- Excel 4.0 malicious macro exploits: What you need to know
- Worst passwords of the decade: A historical analysis
- ID for Facebook, Twitter and other sites? Not so fast, says security expert
- 3 surprising ways your password could be hacked
- Fake online shopping websites: 6 ways to identify a fraudulent shopping website
- All about carding (for noobs only) [updated 2021]
- Password security: Complexity vs. length [updated 2021]
- What senior citizens need to know about security awareness
- 55 federal and state regulations that require employee security awareness and training
- Brand impersonation attacks targeting SMB organizations
- How to avoid getting locked out of your own account with multi-factor authentication
- Breached passwords: The most frequently used and compromised passwords of the year
We’ll customize our demo to your
- Security awareness goals
- Existing security and employee training tools
- Industry and compliance requirements
Security awareness
Tax scam season: How to protect your data from common scams in 2024
Security awareness
Security awareness
Celebrate Data Privacy Week: Free privacy and security awareness resources
Security awareness