Safe Social Networking
1 of
Learning Purpose
It is often said that sharing is good. But if users are not mindful about what and how they share in cyber world, they run the risk of hurting themselves or someone else. This course reminds users with the security threats and good practices when using social networking services.
What is social networking?
- Social networking services provide platforms, tools and other communication mechanisms, such as forums and instant messaging, for users to share ideas, opinions, pictures and videos with friends and other people.
- They help people to stay in touch with friends, make new friends and business connections
- As social networking relies on people connection and communication, service providers usually require or encourage users to provide certain amount of personal information.
What are the security threats to social networking?
- Privacy issues may arise if users reveal too much personal information.
- Information posted online usually cannot be retracted because it may be saved or screen captured by others.
- Attacker could make use of user’s personal information to undertake social engineering attack, password guessing and other malicious activities.
What are the security threats to social networking?(Continued)
- Social networking service providers typically do not verify the identity of new members, such that people on a social networking platform may not be who they claim to be which can pose additional risks.
- Attackers could distribute malware and malicious code more easily due to the sharing nature of social networking.
How can you protect yourself when using
social networking services?
- Read the privacy policies published by social networking service provider and assess risks before use.
- Set your online profile to private and avoid default security and privacy settings, which usually allow anyone to see your user profile and post.
- Inspect your privacy and security settings at social networking periodically.
- Inspect your privacy and security settings after you install or update the instant messaging application.
- Set a strong password to reduce the risk of password guessing.
- Adopt additional security measures such as enabling multi-factor authentication and login notification, if available.
How can you protect yourself when using
social networking services?(Continued)
- Use a different password for each of your online accounts, in particular those involving sensitive information.
- Learn security tips and examples from the official website of the social networking service provider.
- Limit the personal information you post including your full name, address, date of birth, identity number, telephone number, credit card number, daily life schedule, etc.
How can you protect yourself when using
social networking services?(Continued)
- Do not click on suspicious links or download software from unknown sources.
- Be cautious to someone you have met online and block / ignore unwanted people that you do not trust.
- Do not reply to any suspicious messages, in particular those fraudulent messages purporting to be issued from password recovery services.
- If someone asks you to make financial or property transactions, you must verify the authenticity of sender's identity and that requested transaction.
- Check your account regularly to identify any suspicious activity.
Good practices for protecting sensitive
information and online activities
- Use a trusted and secured computer/ mobile device and keep software up-to-date, particularly your web browser, anti-malware software and firewall.
- Avoid using unknown or insecure network connections.
- Protect online user account with a strong and frequently changed password.
Good practices for protecting sensitive
information and online activities(Continued)
- Always log out website or system after use and clear browser cache.
- Verify all recipient(s) of your message before send.
- Avoid sending personal or sensitive information. If necessary, encrypt the information during data transmission. If technically feasible, enable message self-deletion as well.
- Do not respond to any suspicious email or pop-up message which asks for financial or other personal information.
- Do not disseminate or share message that contains malicious links.
- Use official’s mobile application to access social networking on mobile devices. Do not install plug-in and mobile applications from unknown sources.
Summary
- Read the privacy and security policies published by social networking service provider and assess risks before use.
- Set a strong password and change regularly to reduce the risk of stolen account.
- Set your online profile to private and avoid default security and privacy settings.
- Limit the amount of personal information you post.
Extended readings and resources
- CSIP Safety Centre – Secure my personal computers
- CSIP Safety Centre – Secure my mobile devices
- InfoSec website – Safe Online Social Networking
- InfoSec website – Using Instant Messaging Safely
- PCPD website - Relevant guidelines on protecting personal data privacy