Security Issues With Social Networking Sites
Social media is possibly the most vital sector of the Internet, but, being open and social creates legitimate concerns about privacy and safety. Headlines warning of online security breaches are just one reminder of the vulnerability of all websites, including social media outlets.
Six Common Security Problems
Despite these justifiable security concerns about the Web, some of the reasons a person's social media account is compromised are self-induced. Five common mistakes that can expose an account include:
1. Forgetting to Log Out
Increase the security of your social media account by always logging out when you step away from your laptop or computer. It's best to go one step further and close down the browser you were using to view your account. If you leave your account logged in, you set yourself up to be hacked because anyone who can get to your computer can access your account, change the password or even post items and communicate with your friends as if they are you. Logging out and shutting down the browser is even more important if you use a public computer.
2. Clicking on Enticing Ads
Viruses and malware often find their way onto your computer through those annoying, but sometimes enticing ads. However, on the Web, just like in real life, if an offer seems to good to be true, then it probably is. Save yourself a potential security headache - don't click.
3. Connecting With Strangers
Be careful of who you accept invitations from when building your online network. Connecting and sharing information with people you don't know can be dangerous. If you receive friend requests from strangers, it's best to stay away.
Further, if you receive friend requests from people you do know, but are already connected with via the same site, it's possible that someone has set up a fake account. Avoid accepting duplicate requests, instead checking in with the 'real' person to see if the request is legitimate.
You should also be careful when connecting with a celebrity's account, as scammers sometimes pose as famous people. Make sure it is their official, legitimate account and not a stranger pretending to be them before you accept their 'friend' invitation.
4. Using Third Party Apps
Part of the appeal of social media sites are all the various games and apps. Even though a significant number of them are safe, you do grant the app a certain level of permission concerning your information. Make sure you know what the app is viewing and sharing before agreeing to the terms.
4. Exposing Too Much Information
Make sure you understand the level of privacy - or lack of privacy - you are agreeing to when volunteering personal information. Do you really want an app badly enough to allow it to announce where you are?
Also, participating in seemingly innocent games, like posting answers to a list of 20 questions, may actual also allow cyber-criminals gather important personal information. For example, the question, "What is your most embarrassing moment?" is probably fine to answer, but answering questions like, "What is your pet's name?" or "Where did you and your significant other meet?" may expose answers you gave to security questions for legitimate sites like Amazon or your bank.
5. Failing to Utilize Security Settings
Social media sites provide you with the ability to restrict who has access to your information. For example, Facebook (like others) lets you decide who your friends are and what content they can view. One practice to increase your account's security is to disable most of the options and then re-open them once you understand what the settings specifically mean to your account.
In reality, you probably want different types of content to be displayed to different people, with the most being available to known friends and the least to acquaintances.
Three Major Security Events
Each year, it seems, another significant security breach is announced. Major companies like CNN and Burger King have had social media accounts hacked. Most of these breaches mean passwords have been swiped and sometimes even banking and credit card information is compromised. Each of the major social networking sites have dealt with one or more security breach. Three well-known breaches are:
1. Heartbleed Bug
Possibly the most invasive security problem the Internet has faced and experts advise people to simply presume they have been affected by the bug. This is because it's not just an issue of your phone or computer being infected, the bug impacted software that powers many of the services you use. Compromised by the bug was OpenSSL -- the most widely used open source cryptographic programming module -- and TLS (transport layer security) implementation, the component used to encrypt traffic on the Web.
2. Zendesk, Facebook and More
Although no passwords were obtained when Zendesk, a customer service provider for Pinterest, Tumblr and Twitter, was hacked, the breach did impact thousands of users emails. The Zendesk hack came just months after the November, 2013 security breach where hackers stole usernames and passwords for nearly 2 million accounts at Facebook, Google, Yahoo, LinkedIn, Twitter and 93,000 other websites. The breach occurred when malware installed on user computers lifted log-in credentials for thousands of sites for more than a month.
3. Syrian Electronic Army
In early 2014, the Syrian Electronic Army briefly took over at least two of Skype's social media accounts: Twitter and Facebook. The group has also successfully hacked the New York Times and hijacked the Associated Press' Twitter account releasing a tweet stating the White House had been attacked which briefly impacted the stock market.
These social media attacks were in addition to online security breaches that affected major store chains like Target.
What to Do if Your Account Is Hacked
Regardless whether your account is compromised because the social networking site was hacked or just your individual account was infected, you need to take several steps to resolve the issue.
Clean Your Device
The aforementioned hack that compromised Facebook and Google was caused by malware on users machines. In cases like this, use well-known quality malware removal software to scan your machine. The software will contain and/or destroy known and suspicious files. You may even consider reformatting your computer.
Once your machine is clean, the best way to prevent it from becoming infected again is to keep your antivirus software and browsers current. Set them to automatically install updates.
Change Your Passwords
Once an account has been compromised, it is best to presume all your passwords are compromised. Some security experts advise using a different, strong password for each site.
Get a Password Manager
Since security is dependent on multiple strong passwords, it can become difficult to remember them all -- although there are tricks to make it possible. Consider using a password manager to reduce your vulnerability. You can use the program's password generator to create strong, hard-to-break passwords and you only need to remember one password to access the manager.
Make sure you report the situation to the social network site. This is especially true if you have been locked out of your account. If this happens, you may have to prove to the social networking site the account belongs to you, but be persistent and follow through. If you don't, someone could potentially post information as if they are you - which, at the very least, can damage your online reputation.
If a crime has been committed, such as banking information stolen, also report the incident to local authorities and appropriate federal law enforcement agencies.
Use Two-Step Verification
If the social media site offers a two-step verification process, use it. The added layer of security makes it much harder for a would-be hacker to access your account. The extra log-in steps will save you time and headaches in the long run.
Staying Safe on Social Media Sites
Each social media site offers tips on how to use their service and still maintain a high level of security. Read their policies, follow their security guidelines and adopt their best practices.
- Facebook: There is a comprehensive help page on Facebook where you can find details on protecting your account against hacking and other security threats. Check it frequently to make sure your practices and settings are up to date. CNET also offers practical advice such as being sure to block your ex and carefully manage who has viewing access.
- Foursquare: For a better understanding of who can see information associated with your Foursquare account, visit the Help Center. This page explains methods for creating security settings for every account scenario. Ensure your check-ins are safe and secure by utilizing these five tips from CIO.
- Instagram: If you have an Instagram account, read their official page for ways to keep your account safe.
- LinkedIn: Visit LinkedIn's Help Center for a wide range of account security articles. A few of the topics covered on the page include methods for protecting your privacy, your identity and your account. They also offer tips for dealing with phishing, spam and malware. If your LinkedIn account is associated with a business, How Not to Have Your Account Hacked provides ways to keep passwords safe even if several people have access to the account.
- Pinterest: To keep your Pinterest account secure, you will need to access two main sections on the site: privacy settings and account security. If your account has been hacked or placed in a Safe mode by Pinterest, you will use the account security section to resolve the issue. However, most likely you will only need to use the the privacy settings section. This is where you control what others can view and the degree of personalization desired. Scams are one issue the site has dealt with in the past.
- Tumblr: If you use Tumblr, one of the best ways to improve security is to utilize the recently implemented two-factor authentication. For all your settings, though, access the site's security settings page. Here you can learn how to revoke third-party application permissions as well as how to remove spam from your blog. For increased security, according to Entrepreneur magazine, you may want to refrain from using free themes.
- Twitter: Visit Twitter's Help Center to learn best practices for your Tweets or if you want to know how to connect with or revoke third-party applications. Also visit this page to discover methods for controlling account settings so you can get the level of security you want.
- YouTube/Google+: If you have a YouTube and/or Google+ account, bookmark Google's Keeping Your Account Secure page. This page is great source to learn about their two-step verification process, malware and virus issues, general information about your account settings and best practices for protecting your privacy and identity.
One situation people sometimes overlook is what to do if they want to close a social media account. Should the account be deactivated or deleted? According to the Center for Internet Security, you need to take several steps before for your account is deleted from the social media site.
It's All Public Information
Although technically you can post both public and private information on many of the social media sites, due to the onslaught of security breaches in recent years, it is in your best interest to presume anything you post is available for public consumption. Reduce privacy and security risks by only posting information that you would be okay with everyone knowing.