Image Above: Laptop displaying social media websites at Collabrance in Cedar Rapids, Iowa.
In the IT channel, Managed Services Providers (MSPs) are very diligent about information security and protecting against data loss. Most businesses have rules in place to allow certain people access to sensitive information in efforts to protect themselves and their employees from multiple vulnerabilities.
We find it's easy for many people to focus on cybersecurity threats at an enterprise level, but not a personal level. If a business understands the importance of protecting their data, why should personal information be any different?
Social media is a powerful tool. It can help you stay close to friends, family, provide you with networking opportunities, and even help you find your significant other. While these attributes can be helpful to your life, if you are not careful, social media can be used against you. In this blog we will share some social media security tips and best practices to help keep you protected from cybersecurity threats..
As a technician at a Master MSP, many people come to me for advice on keeping their personal information as secure as possible on social media. Usually, my first recommendation is to look at who has access to your personal information on these sites. If you aren’t careful, you could be broadcasting your personal information to anyone who can get to the website. To combat this, most social media platforms have an account settings section.
Within your social media account settings you will find an option for security or account security. In this section, you are able to dictate what a person (who you are not currently connected with) can see on your public profile and update your passwords.
I recommend you should only provide the bare minimum information to unknown users. This information should only allow people to know if they are looking at the right user’s profile.
You should think of your social media's profile security like the walls of a castle. How tall is your wall to strangers?
Let me explain, when the general public is trying to get into your castle (your social media profile) they will find the biggest wall. However, if a friend of a friend or a real friend tries to get into your castle, the walls will be much lower. As the walls get lower, more information becomes available to the person viewing your account. An Master MSP might set up a network drive with a similar philosophy. To put it simply, if you aren’t on the list of people who can access the network drive, you aren’t getting in. If you are on the list, you can access the designated information inside the drive. Once you have this kind of de-escalation of information screening in place, it is important to monitor on your profile's security settings routinely. Website and service updates can modify and/or add security settings. You will want to make sure you are setup for success in the current iteration of the service.
When looking at social media security, something that is often overlooked on personal accounts is how people can impersonate you. When someone impersonates you on a social media platform it could be considered identity theft. I specify personal accounts for a reason. Many businesses are alerted when someone sets up an account under their name. To reduce the risk of someone else creating an account with my name and information, I personally have set up accounts I never actually use on certain social media sites so I am in control of my profile. This practice makes it harder for someone to impersonate me.
Once you have your account accessibility/security settings set to a comfortable level, it is now time to think about what you post to your page and when you share. I am often amazed at what I will see posted on social media sites. For example, I have seen a particular individual routinely post a tagged location of their house. Many of these posts are about a new expensive purchase such as electronics or a new vehicle. As someone who works in a Managed Security Service Provider (MSSP) environment, this troubles me.
These types of social posts are essentially an advertisement targeting potential thieves saying “Hey look at my new expensive TV, also, this is exactly on a map where to find it”.
The person who I saw doing this then posted daily pictures from their vacation on the other side of the country the following week. In this real-life example, after advertising their new items and location they then showed they were gone on a week-long vacation. I am not saying, “don’t share anything on social media.” However, consider what, how and when you post these things. Social media security best practices would suggest not tagging the exact location of something and hold onto vacation posts until you are back.
A feature I often find people overlook is the ability for people to “tag” you at an event or location. Even if you are being diligent about where you are tagging yourself, a well-meaning individual can unknowingly compromise your social media security efforts. This individual may just want to brag about how much fun their having with you. I personally have my profile settings set so I am not allowed to be tagged at an event or location until I approve the post. This allows me better control over my information, even when other people are sharing the information.
I received advice about social media safety that stuck with me during a network security class. The instructor told us to think about social media in the same way you would think of a phone call. The personal information you would provide to a stranger, a friend of a friend, and a personal friend on the phone changes greatly. If you think of social media like this, it will better set you up for a more secure social media experience.
Master MSPs are in business to help other MSPs and their end-users stay secure and operational. While MSPs usually operate at business-level, it's still important to remind our end-users how to stay secure in their personal lives. Click here, if you would like more ideas on how to stay secure both inside and outside of your business.
Alex started working in IT in 2007 when enlisted in the USAF. He has worked in several different capacities including maintenance and installation of secure phone networking systems, GPS systems, and setting up communication towers for Union Pacific. Currently, Alex is working at Collabrance as a Tier 2 Service Desk Systems Analyst focused on escalated and firewall cases.