Social networks becoming ever so popular and attracting more and more new users, that security becomes an issue and number one priority. There are many different aspects when talking about security in social networks, however three main areas must be identified:
- Security of the social network web sites
- User privacy
- Security of user’s relatives
Web site security is more of an operational issue of the owners of these sites and there’s not much a regular user can do to improve it. However, one should keep in mind few important points when registering and using social networking web sites.
First of all keep in mind the nature of these sites. Most of them are following “release early, release often” paradigm to keep themselves in front of others and compete efficiently. New features and site improvements are released as soon as possible, sometimes without thorough security testing. Which in most of the cases is acceptable, users report errors, developers fixes them and life goes on. Or does it? As we can see, there are numerous successful attempts to break into social network sites. Let’s face it, these sites attract million of users, therefore it makes it “interesting” to hack into them.
So when registering to social networking web sites, do not use your primary email address (and definitely not the one you use for your e-banking). Same applies for account password. It’s best to have “email/login/password” combination dedicated just for social networking.
Another thing to keep in mind is the secret question. One of the most popular ones is your mother maiden name. Which in most of the cases is what your bank has as well. So keep that in mind, and try using something different. In opposite to passwords, which are normally kept encrypted and even site owners cannot retrieve them, answers to security questions are kept in plain text or are easy to decrypt.
It wouldn’t be fair to put misleading birthrates and other personal information as it would go against all social networking ideas, but try exposing yourself as little as possible, especially in the informational areas that overlap with online shopping sites and e-banking.
User privacy is a very subjective matter. By user privacy here I do not mean private data that allows malicious users gaining access to financial and other information. To be clear, here I am not referring to emails, birthdates, usual secret questions, etc. User privacy here is everything else, such as friends, favorite meals, eye colour, visited locations and similar information. Now, what is and what is not considered as private is completely up to the user. Someone might be very sensitive to complete strangers seeing their holiday locations and pictures, whilst for others it might be one of the reasons they joined social networking site.
As a general rule, before posting your data online make sure it cannot be used against you to cause you any harm. Now, this might be very tricky. For example, your e-bank has a secret question “Best friends name” and you (after reading previous paragraph) carefully selected something different. And the next thing you do, you list all your best friends on Facebook.
Losses caused by identity theft are humongous, so be cautious when you post your details online.
Security of your relatives is usually overlooked by security advisers. Everyone advises to take extra care when publishing your personal/private information online, but hardly ever mentions that in fact you could cause harm to others by posting your private information. Coming back to the example with e-bank secret question being “Best friends name”. You carefully choose different secret question when you register on social network web site, you also take extra care not to emphasize the fact that a person is your closest friend. That’s OK. However your best friend so much likes you that (s)he puts yourself on the top of the list in his/her friends list…
Same principle applies when you talk about your job. However tempting, try keeping it low profile. Even indirect references can cause serious harm to the company you are working for. And not to mention numerous copy-paste accidents, that happen when working with multiple open windows, and chatting/blogging while working at the same time. Forbidding social network sites in the office might sound as an extreme measure, but fortunately security departments start recognising the threat.