Social networking sites, when used correctly and with common sense, are a good way of keeping in contact, sharing photos and generally sharing your thoughts with the world at large. They are also, if used without due care, a fine way of disseminating personal, confidential and potentially career-damaging information.
It is worth keeping a few things in mind when using these sites; for instance you can’t always take back messages and images you’ve posted, as many sites are cached by search engines which allow access long after the offending post has been deleted. It is also worth remembering the words of cartoonist Peter Steiner “On the Internet, no one knows you’re a dog“, a phrase that neatly encapsulates the fact that people can pretend to be anyone (or thing!) on the Internet.
One of the most dangerous things about networking sites is they often provide information that can be used by hackers/social engineers to perpetrate various ID related scams. If your security settings on the site are incorrect and you’ve been over-zealous filling in your personal data, it is quite possible that your ID can be stolen or the details used for some social engineering.
“Is there anything else to be wary of?” I hear you cry; well, yes, there is. Be careful what you write and post. A joke about a fellow employee can be classed as harassment and the posting of work material can be a breach of contract – both of which will do little for your employment prospects. Examples of badly thought out posts are rife; for starters a supermarket employee lost his job after writing an obscene remark about his employer on a social networking forum. Further examples include airline staff who were dismissed following negative comments about passengers which were posted on a networking site and staff at a hospital who were suspended during an investigation into photographs taken at work which were then placed online.
Now that some of the issues have been identified, what can we do? Here are my top tips for safe social networking:
- Don’t post any more personal information than necessary; this also applies to your family and friends information. If your Uncle Fred gets his ID stolen because of your posts he won’t be happy.
- Treat links and attachments in messages as potentially hazardous, just like you do with emails.
- Don’t always believe that a message is really from who it says it’s from, especially if it asks for any kind of information.
- Don’t allow social networking services to scan your e-mail address book. The information may be used to send e-mail messages to everyone in your contact list. Social networking sites should explain that they’re going to do this, but some do not.
- When visiting a social networking site, go there directly by typing the address or by your personal bookmarks, following links in emails may take you to a fake site.
- Be selective about who you accept as a friend on a social network. Identity thieves might create fake profiles in order to get information from you.
- Assume any post on a social networking site is permanent. Anyone who can see the post can easily print the information or save it and it’s a pretty good bet the post will be cached somewhere as well.
- Talk to your children about social networking. Advice for those of you with children can be found here and here.
- And finally think before you post!
If you follow these guidelines then your online social networking should become a lot safer.
Neil James Standish
Windows and Information Security Specialist