Being social online can be great for staying connected with friends and family, but taking steps to be safe on social media is essential. Remember that social media sites are public squares. What you put online is available for anyone to see, so be mindful of what information you’re sharing – from photos and statuses to locations and profiles.
While sharing fun stories or pictures from your travels can be exciting, an oversharing mentality can expose crucial personal data, increasing the risk of identity theft, stalking, or worse. To keep yourself safe while socializing, ensure you only use accounts set up with proper privacy settings and think twice before posting any personal information.
Taking a few simple precautions will ensure that your online activities provide socializing while reducing the risk as much as possible. Read on to review some strategies to consider.
Table of Contents
When Signing Up For Social Media
When starting with a social media account, consider the following first steps:
- Review the terms of service to get an idea of their data sharing practices and partnerships with third party entities.
- Sign up for an account via email. Do not use the third party social login from another social media account. Many third party websites have adopted the authentication platform from Facebook, Twitter, or Google. Signing up with social accounts enables users to create new accounts by importing information that already exists within the platform.
- Skip options to sync or share existing contacts during registration.
- Refrain from giving out sensitive information or even your physical address. Your social accounts don’t need these.
- Review privacy and security settings immediately after registration.
- When filling out any optional identity fields in your profile, consider only filling in the minimum required identity information. Just because a field is empty and available doesn’t mean it needs to be filled. More on this is in the next section below.
Limiting Personal Information in Social Media Registration Fields
Only provide a minimal amount of account information to get registered. Even consider providing decoy data. Skip third party social logins to avoid profile syncing and avoid the risk of account disruption if your social login gets hacked or terminated.
Email is the 2nd most common requirement for creating a social media account. The default account recovery method is used to verify your account during registration, usually as your username.
Use a separate email account or alias from other sensitive accounts for your social login if possible.
Usernames are unique to each user account. If an online account doesn’t automatically use your email as your username, you can create one. Do not include personal information or passwords in your username.
Use unique passwords for each of your accounts. If you have trouble maintaining unique passwords, then use a password manager.
First and Last Name
First and last names are mandatory for all social media accounts. Your name field can appear as one field – Full Name, or two fields – First and Last Name. To better protect yourself, use an alias or the initial of your last name, especially if you have an unusual last name.
Location: Address, State, Zip Code, Country
Required location information can vary depending on the service you use. Put in the bare minimum or enter a PO Box (which you should probably have anyway).
Mobile Phone Number
Registration may require a mobile phone number for verification, especially if you enable a second authentication factor through SMS. Avoid using services that require phone numbers or opt to use an alternative method to verify accounts. Google Voice or a burner phone can work, depending on the security they have implemented. Not all services allow VOIP services, so look into an alternative phone if you must have a phone number.
Birthdays are used to verify age to customize age‐appropriate content. Birthdays can be published on your social media profile, and your friend group can be notified when your birthday rolls around. There’s almost no reason to provide an accurate birthday when registering.
Gender is a common field to fill out on the registration form. This information is used for content customization. It’s usually best to avoid making a distinction when signing up for your account.
Sexual Orientation or Relationship Status
These fields are most often required for dating sites. Sometimes when searching for friends, this information can come up as well. The main purpose for providing these is to meet people. Avoid filling in this information unless you need to.
Employment information is essential for job sites and other professionally based services. The main purpose of providing this is to meet new people and build your professional network with others in your field.
Avoid filling in this information unless you need to. Only include relevant information. Your whole professional history does not need to be published.
Protecting Your Account
With over half of all social media login attempts being fraudulent, you need to take charge and secure your account. Even if you feel it isn’t significant enough to protect. Keep these best practices in mind:
- Create an email-based account. Do not use a social networking site to log in to other sites. Create another user account on the new site instead.
- Double your login protection by enabling two-factor authentication (or multifactor if possible) wherever available.
- Use strong, unique passwords (not permutations of other passwords) for all accounts. Consider passphrases for an additional level of safety. Please don’t share them; use a password manager to apply best practices easily.
- If you don’t want to use a password manager and have to write your passwords down, do not store the note under your keyboard, in your drawer (unless it locks), or on your monitor. Store it securely where no one can walk up and immediately find it.
- Make your security questions challenging to guess, especially for those who know you.
- Do not use the save password feature in your browser. Consider not using “Remember Me” for your social media site, but this is mostly personal preference. Never remember logins for public or shared computers.
- Be cautious when accessing online accounts from public WiFi connections. Someone might have installed software capable of capturing your login credentials and other sensitive information.
- Regularly check user sessions within your settings. Log off old sessions, especially ones you aren’t sure of.
- Keep antivirus and other software current and your device up to date.
- Avoid using third-party applications and toolbars unless you need them. Refrain from allowing them to access your social networking accounts, friends list, or address books where possible.
- Refrain from connecting social media accounts together just because you can. If you have a legitimate need, that’s one thing. They can collect and further aggregate your information and activity.
Be Safe on Social Media When Interacting With People
The internet is a public place. Your behavior and actions should match what you would do in a physical public environment. Furthermore, unless you message someone privately, the information you post can be accessed by anyone.
Even if you remove some information, the information you took down will never truly disappear. This is especially true for social media. Many people bask in the anonymity of the internet through online handles, but be warned the internet is not 100% anonymous.
Anytime you connect to any other system, your information is logged, especially if you are logged in or have previously visited a site or service. Additionally, there are ways to determine browsing history and other personally identifiable information.
- Limit which information you post on social media, even if you think it will be fun. Play hard to get with strangers and don’t immediately answer questions or surveys.
- There are fake people and bots out there. Not everyone is who they say they are.
- Disable location services that allow anyone to see where you are.
- Be wary of scams and be suspicious of everything. Use discretion when you operate online. Take steps to avoid becoming a victim of fraud.
- Unless you’re expecting it, don’t click on links. Verify first before blindly clicking on something. We’re beyond Nigerian Prince email phishing (nothing new since Spanish Prisoner of 1898).
- If you must know what a link contains, validate it before blindly clicking. You can use these services to preview the links: url2png.com, urlvoid.com, or virustotal.com. If you don’t like these services, find ones you trust.
- Avoid random software downloads from other people. Be cautious of playing or viewing documents or media from unknown or unreliable sources.
- Be wary of social media manipulation and disinformation. Consider cross-referencing with de-hoaxing services: snopes.com, hoaxbusters.org, or hoax-slayer.com. If you don’t like these services, find ones you trust. Don’t blindly believe everything you read online, primarily through social media.
- Do not allow others to tag you in the images they post. Doing so makes locating and accurately constructing your network of friends, relatives, and associates easier. Configure your privacy and security to minimize who can see your information.
- Do not accept friend or follower requests from anyone you do not know. Independently verify identities.
- Be cautious about a 2nd friend request. This could be an impersonation attempt. Confirm with your friend separately and report the impersonation attempt to the social network.
- Do not arrange meetings with people you meet online without a purpose.
Ongoing Social Media Posting
Besides your information potentially being used by potential identity thieves, your data and browsing habits are being collected and sold by ad and analytics companies (including your social media site).
- Be careful what you share. Dates and times of your vacation, favorite things, childhood memories, and graduations (including date, name, school, school mascot, and friends) can all be used against you.
- Be cautious about the images you post. What is in them may be more revealing than who is in them. Images posted over time may form a complete mosaic of you, your interests, and your family.
- Do not post anything you would be embarrassed to see on the evening news. This potentially embarrassing comment or image will come back to haunt you at the least opportune time.
- You are not completely anonymous on the Internet. Everyone can see what you post, where you post it, who your friends and associates are, the comments your friends and associates make, and your hot takes.
- There is a complete record of your online activity somewhere in one or more places.
- Once something is posted, it can quickly spread. No amount of effort will erase it. The Internet never forgets.
- The more you share and participate on social media sites, the greater your attack surface and overall risk.
Consider Future Employers
Recruiters think it’s proper to consider personal data posted online when evaluating a candidate. Recruiters do online research through search engines and social media sites.
Besides regularly reviewing your own content, consider periodically checking what pictures and content others post about you. Make an effort to clean up less than desirable content, even if it’s several years old.
Many candidates get rejected from a job opportunity based on the content of their social media profiles. Therefore, it’s imperative to manage your online brand. Only you can manage your online identity. Not only do you get to reduce your risk, but you can also engage in personal marketing. It’s a twofer!
Deactivate or Delete Unused Social Media Accounts
If you no longer use a social media account, at the very least, you should scrub through the data and make sure you aren’t providing too much information.
If you’re ready to close up shop, follow the social network’s policy and procedure for deleting your account. We covered the process of deleting a few social networks here on Super Security Awareness, including the following:
- How to Delete Instagram
- How to Delete Facebook
- How to Delete Snapchat
- How to Delete Twitter
- How to Delete Telegram