In today’s digital world, social media platforms are more than just places to share photos or catch up with old friends. They have become central to our personal and professional lives, acting as powerful tools for communication, marketing, and networking. But with these benefits comes the need for caution. The advantages of staying connected can quickly become overshadowed by the risks of falling victim to online threats. Read on to learn how you can protect yourself and stay secure on social media.
1. Understanding Common Social Media Threats
Before we can effectively protect ourselves, it’s important to understand the types of threats we face on social media. Here are a few of the most common:
- Phishing Attacks: Hackers pose as trusted sources to get you to reveal sensitive information.
- Faked and Cloned Accounts: Cybercriminals often create fake or cloned profiles to deceive users into sharing information or clicking on harmful links.
- Data Theft: By accessing your account, hackers can gather personal data for identity theft.
- Malware Links: Clicking on unknown or suspicious links can lead to malware being installed on your device, compromising your data.
2. Use Strong and Unique Passwords
When it comes to social media, using strong and unique passwords is crucial. Each account should have its own unique password so that if one is compromised, the others remain safe. Use a strong, unique password for each account, with at least 8 characters, including numbers, special characters, uppercase, and lowercase letters.
Consider using a password manager, such as LastPass or 1Password, to help you generate and store complex passwords. These tools can take the stress out of creating unique credentials for each platform and offer enhanced security, such as automatic updates for strong passwords.
Additionally, browsers like Chrome offer features like Google Password Manager to securely store passwords and Passkeys. Passkeys are a new, more secure way to log in that use biometric authentication, such as Windows Hello or Apple’s Face ID, instead of traditional passwords. They help protect your accounts by ensuring only you can log in, even if someone else knows your username.
3. Enable Two-Factor Authentication (2FA)
Two-factor authentication adds an extra layer of security to your accounts by requiring not only a password but also an additional verification method, such as a code sent to your mobile device or an authenticator app like Google Authenticator. Most social media platforms, like Facebook, Instagram, and LinkedIn, support 2FA. Enabling this feature makes it significantly harder for hackers to access your accounts, even if they know your password.
Setting Up 2FA on LinkedIn
- Click the Me icon at the top of your LinkedIn homepage.
- Select Settings & Privacy from the dropdown.
- Click Sign in & security on the left rail and click Two-step verification.
- Click Turn on or Turn off to change the status of two-step verification.
- Click Set up to enable two-step verification, then choose the preferred verification method from the dropdown, and click Continue.
Setting Up 2FA on Facebook and Instagram
- Go to Accounts Centre or click your profile picture on the top of the Facebook homepage, then Settings & Privacy, then Settings.
- Click Security and Login under Accounts Centre.
- Select Password and Security, then Two-factor authentication, then either your Facebook or Instagram account.
- Click Two-factor authentication to set up or modify the security settings.
4. Adjust Your Privacy Settings
Most social media platforms offer privacy settings that let you control who can see your content and interact with you. To stay safe, it’s important to review and adjust these settings:
- Profile Visibility: If security is a concern, restrict your visibility to friends or approved followers. However, balance this with the need to reach a wider audience. For example, as a freelancer, you may want your posts to be public to attract potential clients.
- Tagging Settings: Decide who can tag you in photos or posts. Preventing random users from tagging you can keep potentially harmful content off your profile.
- Limit Public Information: Avoid sharing both on your Profile and in Posts personal details like your phone number, address, or your exact location.
Regularly updating your privacy settings ensures that you maintain control over what information is publicly available.
5. Be Wary of Suspicious Links, Friend Requests, and Phishing Attempts
Phishing attacks often come in the form of direct messages or posts that urge you to click a link. They may claim you’ve won a prize or that there’s a problem with your account. For example, you might receive a message saying: ‘We’ve detected suspicious activity on your account. Please click this link to verify your details.’ Scammers also impersonate government organisations like the Inland Revenue where they might pretend to offer a tax refund.
Always be sceptical of not just unexpected messages but any message containing links. It’s easy to be fooled into thinking a message is from a friend and then click a link, only to find that it’s from a cloned or fake account. The safest policy is to avoid clicking any links in social media messages. Instead, type the real website address into your browser or use Google or an AI tool like ChatGPT to find the website for you. Similarly, accepting friend or follow requests from unknown individuals can expose you to risks. Fake accounts are often used to gather information or trick you into sharing sensitive details.
If you receive suspicious communication, report it to the platform. Familiarising yourself with common phishing techniques can help you spot a scam before it’s too late.
6. Think Before You Share
Oversharing is one of the easiest ways to fall victim to social media threats. Posting too much information can make you an easy target for identity theft, scams, or even physical dangers. For example, announcing your holiday plans or posting from your holiday destination in real time can alert criminals that your home is unoccupied.
A good rule of thumb is to pause before posting and think about whether the information could be used against you. It’s always good to have a purpose for your post, so share with intention and avoid posting details like your location, daily routines, or financial information.
7. Avoid Public Wi-Fi When Logging In
Logging into your social media accounts over public Wi-Fi can be risky, as hackers can easily intercept data transmitted over unsecured networks. If you must use public Wi-Fi, consider using a virtual private network (VPN), such as Norton Secure VPN, to encrypt your connection. This will help protect your sensitive information from prying eyes.
8. Regularly Monitor Account Activity
Keeping an eye on your account activity can help you spot unusual behaviour quickly. Most social media platforms, such as Facebook and LinkedIn, allow you to review login activity and see where your account is logged in from.
How to Review Login Activity on Facebook
- Go to Accounts Centre.
- Click Password and Login.
- Select Where You’re Logged In – you can see a list of devices and locations where your account is logged in.
How to Review Login Activity on LinkedIn
- Click the Me icon at the top of your LinkedIn homepage.
- Select Settings & Privacy from the dropdown.
- Click Sign in & security on the left rail.
- Click Where you’re signed in to view and manage active sessions.
If you notice any unfamiliar devices or locations, log out all sessions and change your password immediately.
9. Educate Yourself on Platform-Specific Security
Different social media platforms have different risks and security settings. Familiarise yourself with each platform’s features. For example, LinkedIn is often targeted by cybercriminals who seek to gather professional data, sometimes pretending to be recruiters offering fake jobs, while Instagram scams might involve fake giveaways or impostor accounts. Take the time to understand the unique risks of each platform and adjust your security approach accordingly.
10. Documentation for Businesses and Organisations
Proper documentation is a crucial aspect of mitigating social media risks for businesses and organisations.
Social Media Policy
You should have a documented social media policy that not only outlines the risks but also states the benefits of social media. The document should clearly spell out what employees can and can’t post on their own social media and what’s expected of them. It should be specific, with examples of bad practice. For example, employees should never post photos of their ID cards as the information obtained can be used to create an assumed identity, which could then be used to create fake social media accounts or access existing ones, as well as opening financial accounts.
Pictures and videos taken in the office environment should be checked to ensure that no confidential information or data is displayed. This includes details such as Post-it notes containing usernames and passwords, or other confidential information such as client details.
It is beneficial if your employees regularly share your business posts, as this will help raise awareness of your business. Consider setting clear guidelines for employee posts to ensure consistency and professionalism in the content being shared. Are you going to encourage your employees to use LinkedIn to promote and grow your business? This question needs careful thought, and the answer should be documented in the Social Media Policy and/or in employment contracts so everyone is clear on social network ownership and use.
Guidance should be taken from an employment lawyer and a social media expert with expertise in policy creation, and the policy should be reviewed by an HR specialist.
Information Security Policy
The Information Security Policy should also include references to social networks. Just like other online services, advice or requirements on usernames, passwords, and 2FA should be clearly documented. For further details, refer to the sections earlier in this post about using strong and unique passwords and enabling two-factor authentication.
The Information Security Policy should be created by an IT Security Specialist and reviewed by a Human Resources specialist.
11. Report Suspicious Behaviour
Most social media platforms offer tools to report suspicious accounts, posts, or messages. By reporting suspicious behaviour, you’re not only protecting yourself but also helping make social media a safer space for everyone.
How to Report Suspicious Behaviour on Facebook
- Click the three dots icon on the post or profile you want to report, or the down arrow at the top of a message (desktop) or i symbol (mobile).
- Select Report post, Report profile, or Report and follow the instructions to specify why you’re reporting the content.
How to Report Suspicious Behaviour on LinkedIn
- Click the three dots icon on the post, message, or More icon on the profile you want to report.
- Select Report post or Report / Block and follow the instructions to specify why you’re reporting the content.
12. Use Trusted Security Software
Finally, consider using trusted security software on your devices, such as a plan from Norton, or other reputable options like Bitdefender. Good security software can help detect and prevent malware, phishing attacks, and other threats. Keep all of your software up to date to ensure you have the latest security patches.
Currently Hacked?
If you’re hacked on Facebook, you can recover your account here: https://www.facebook.com/hacked. You will need to verify your identity and follow specific recovery steps to regain access. If you are hacked on LinkedIn, you can recover your account by following the instructions on my blog post. Key steps include verifying your identity using LinkedIn’s account recovery process, resetting your password, and reviewing recent activity to secure your account further.
Conclusion
Staying informed and proactive is key to ensuring your safety. Regularly update your passwords, keep an eye on unusual activity, and educate yourself and your team about potential threats. Social media can be a powerful tool when used wisely, but it requires diligence and awareness to mitigate risks. By implementing these practices, you can continue to enjoy the benefits of social media while minimizing the dangers.
For more help with avoiding being hacked on social media, please get in touch.