Category: Author: Heather
T-Mobile. Rutgers University. China. It’s hard to remember a time when cybersecurity wasn’t a fixture in the headlines. Online attacks at popular retailers, data leaks, and far-reaching computer viruses have left consumers wondering just how safe their private information really is.
In addition to being National Dental Hygiene month and Breast Cancer Awareness month, October is National Cybersecurity Awareness Month, a public awareness campaign designed to raise awareness about cybersecurity and increasing the resiliency of the nation in the event of a cyber-incident. Each week features information and activities focused on a cybersecurity awareness theme including work place cybersafety, connectivity, and the Internet of things.
Staying cyberaware on social media
As of January 2014, 74 percent of online adults and 95 percent of teens use social networking sites. In a world where we’re connected 24/7, it’s never been more important to be aware of potential threats. Week three’s theme, Connected Communities and Families: Staying Protected While We Are Always Connected, reminds us that while our social networks are connecting us to our fourth grade teacher, they’re also connecting us to potential hackers.
Here are a few tricks I use to avoid cyberattacks on social networks:
Lock it down.
I check my email, scroll my Facebook newsfeed, post amazing photos with witty captions on Instagram, pay my cell phone bill, check my Walmart receipts for price matches, balance my checkbook, and about a thousand other super personal activities on my phone. I’ve also lost my phone…several times. Yep, it’s disturbing to think about all that personal information in the hands of my phone’s eventual finder.
Lesson? I always password protect my phone. Are there times that it’s slightly annoying that I have to unlock my phone to read my Mom’s fourteenth text of the day? Yes. It is better than an unauthorized user posting to a client Facebook account? Absolutely. Of course, instead of entering a pin, I could always use my fingerprint or one of those nifty patterns if I was so inclined.
Staying logged in to social media accounts certainly facilitates faster Snapchats and shaves off precious seconds when you’re trying to live-tweet an event. Of course, this also means a fun-loving spouse or friend has access to your account to post a silly message on your behalf—one of my sorority sisters and her hubby post super cheesy messages from each others accounts about once a month.
But, what if someone more nefarious is posting on your behalf? When the wrong person has access to your unlocked laptop, smartphone, or tablet they have unbridled access to your social media networks.
Think before you click.
I recently received a Facebook friend request from a friend’s Mom. I’m already friends with her, but though maybe she’d accidently deleted me. Upon accepting her invite, she immediately Facebook chat messaged me about a grant she’d just received for Facebook users having trouble paying their bills. She also encouraged me to apply—because if they’re giving out free money, why not? Turns out a hacker had spoofed her account—creating a replica account with her publicly available personal information and photos. PS, this is a good argument for keeping your profile private as well.
Phishing attacks can use email, instant messenger programs, or social posts to direct potential victims to a malicious website on which they request the recipient’s personal information, account login, or credit card number.
They are, at first glance, hard to distinguish from those of a reputable company. Phishing messages are carefully crafted, but often claim there’s a problem that can be easily solved by verifying your personal information, or that you’re a winner of a fictitious contest and you must provide bank information to claim your prize.
Whenever possible, opt to use two-factor authentication when logging into an account. Two-factor authentication requires two independent authentication factors. One example is inputting a second code sent to your phone after entering your password. Services such as Gmail, Apple, and Microsoft accounts, Facebook, Twitter, Amazon, and LinkedIn offer this option.
Perfect your password.
Your password is the first and often, only, barrier between an unauthorized user and sensitive information—so make it good.
So what makes a password strong? First, it should have at least eight characters—the more, the better —that are a combination of letters, numbers, and symbols, if allowed. Try not to use the same letters or numbers consecutively. Passwords are typically case sensitive, so use both uppercase and lowercase letters. Avoid using words found in the dictionary, your name, or company name.
A passphrase is typically more secure than a password. You can easily remember a passphrase using a mnemonic device. Finally, don’t recycle passwords. Use a unique password for each social media network and account.
Forgot my password.
So now that you’ve got super strong passwords, chances are you’ll forget one or two—a password manager can help organize your passwords. If resetting your password is as easy as emailing yourself a link, you might be at risk—especially if someone has physical access to your unlocked devices on which you continue to stay logged in to apps (see numbers one and two).
(Go ahead, say password one more time.)
Social networks often offer more advanced methods for restoring the password on a hacked account—e.g., Facebook’s Trusted Contacts feature.
Unlink unused apps.
I just did an audit of my Facebook and Twitter accounts. I had granted permission to access these social accounts to no less than 44 third-party apps. I can honestly say I’ve used all of these in the past 30 days, but if I hadn’t, they’d be gone.
Third-party apps can serve as a backdoor for hackers. If you’re not using an app, unlink it.
It’s a big, online world out there. Stay cybersafe kids.