By Matt Darlage, PNC Security Expert –
Chicago.– Many who have taken the time to do an internet search on themselves may be surprised about how many details of their lives – past and present – are readily available to the public. That information paired with even more personal tidbits of daily movement or activities shared on social media channels create a larger exposure risk.
Experts agree that social media can be a valuable tool that builds relationships and connects to great resources for learning, and personal or business development. But, those rewards can also have risks when people volunteer information, like family relationships, geographic location and future travel plans. And no one is immune from cyber criminals.
Criminals compromising social media could potentially pose as “owners” of the accounts to friends, family, or colleagues of their victims, use available information to guess security questions, or possibly pivot to other accounts with shared passwords. Experts also indicate that depending on the compromised information, impostors could open accounts in victims’ names or make purchases, or use their reputation to gain access to networks or business accounts. All of these can result in hits to credit score and damage of reputation.
To protect personal information and be more aware of social media activity, experts recommend the following tips:
- Choose smart security questions – Your mother’s maiden name? Seriously! Think of a better security question that may not be researched online. Publicly available information may include birth dates, the name of your high school, your home town, etc. How many people know your favorite color or food? Even if a bad guy tried to guess, there are so many options to choose from.
- Boost the strength of your password – Remember, keep the bad guys guessing; don’t make it easy for them to guess your password. A strong password contains some unique combination of special characters (i.e., #, $, @, ?, !), upper-case alphabet characters, lower-case alphabet characters, and/or numbers. Avoid using simple adjacent keyboard combinations like “1234” or “abcd”. And for passwords – the longer the better. This helps to put one more layer of defense between your personal information and the bad guys.
- Do not post work-related information – You now know to limit personal information on social media, but the same guidance applies to details about your work posted on professional networking sites, particularly information like technology systems used, your direct reports or even your specific job responsibilities. Criminals look for information about a company’s technology and a specific individual’s position to find ways to infiltrate companies, often by posing as a company executive in malicious emails.
- If you don’t recognize a link, don’t click it – Has a long time professional acquaintance uncharacteristically sent you a link to a “free cruise” or video on whales they thought you might like (but you’ve never discussed whales)? Approach with caution. Cyber criminals are well aware that users are more likely to trust links that are sent by “friends.” Unfortunately, your “friend’s” account may be compromised. Reach out to the friend via another channel just to confirm the message is authentic and/or alert them to the compromise. The whale video can wait until you confirm the sender.
- Limit “friends” or connections on social media – If you don’t know a person, it may be a good idea not to accept an invitation to connect, especially on a social media channel where you share personal or private information. Identity thieves often create fake profiles as a way to target individuals and gain information from them. Occasionally review your connections or friends to ensure you have a good idea of who is able to view what you post to social media.
- Be careful of applications that run on social media – Many third-party applications (apps not produced by the social media provider) can leak personal information or contain malicious software. Only install third-party applications you absolutely need and only from trusted sources.
Users should assume that whatever they post on social media could become public. If and when posting things to social media, use available security settings wherever possible to ensure the posts are locked down to only family or friends, and never set to “public.” Most reputable social media sites provide ways to protect privacy from prying eyes. Users should take full advantage of all such capabilities. At a minimum, remove any personal information such as birthday, maiden name, phone number and address. Set all photographs to friends/family only and limit personal postings to only friends and family. Lastly, sort followers and friends into proper access groups.