Securing the Digital Soapbox
The phrase “digital soapbox” is not synonymous with the meaning of social networking, but it does give a certain layman’s description of how social networking is used in today’s world. Like a soapbox, social networking is an impromptu stand that allows you, the public speaker, an opportunity to air your views over the digital landscape and connect with others. Facebook, Twitter, Google+ and LinkedIn are popular tools used by people to share and interact with others around the world. Social networking gives everyone a forum to share their thoughts, ideas, feelings, likes and dislikes with your friends, family or the public. However, all these handy features offered by social networking sites bring with them certain privacy risks. These hazards must be considered when using these sites so that you and your interests are protected.
No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.
Article 12, Universal Declaration of Human Rights, United Nations General Assembly
Privacy on the Digital Soapbox
The major concern with social networking is privacy. When you sign up, your personal information becomes public and can be searched by both companies and cyber criminals. These groups look for embarrassing or incriminating posts, your address, previous work experience and other sensitive information that can potentially harm and harass you, your family or your employer. Therefore, you “give up” your privacy once you submit posts on these websites. This leads to interference by companies and cyber criminals in your personal life. For example, companies can use social networking websites as part of their background check process, which can hurt your chances of being hired by, or promoted in the company. As for cyber criminals, social networking is commonly used to harvest information about you, which is used in spear phishing attacks against you or your employer.
To handle these privacy concerns, these websites offer privacy settings and security tools that allow you to secure and limit access to the information that you posted on their site. However, these tools may not offer complete protection because the more you use social networking to connect with people and groups, the easier it becomes for someone to find you on the website and obtain your personal information through your connections and “likes”. Additionally, these privacy settings change frequently due to the legal jurisdiction in which the social networking company resides, as well as decisions made by the company to improve the monetization of its service. In some cases, the privacy settings are too confusing, or are reset to default when the company upgrades their website. Ultimately, your privacy is only as secure as the people who you share it with on these sites.
To summarize, social networking sites are fun and useful to connect with people, but they also allow your information to become searchable, which can cause attacks. These websites have privacy settings that protect your personal information from being publicly available, but ultimately you are the one responsible for your privacy and security, while using social networking.
Securing your Digital Soapbox
You must be conscious of the privacy risks involved with using social networking sites. The following are some precautions that you can use to better secure yourself while using these services.
Know that you are the target: Yes, you are the target and the sensitive information like your credit card, date of birth and government-issued identity card numbers, makes you a target.
Limit your posts on social networking sites: The more personal details you share, the easier it is for a cyber criminal to craft a phishing e-mail as an attack against you or you employer. One good rule for protecting your privacy online is: if you do not want your family or employer to see your post, then you should not post it.
Discuss your privacy with your friends: Ensure that the friends you have on these websites understand what they can and cannot post about you. If they post something about you that you are not comfortable with, ask them to take it down or remove you from the post.
Always use encryption: Most social networking websites allow you to use an HTTPS connection to their site. This is a secure connection that uses encryption techniques to stop anyone from eavesdropping on your browser’s connection with the website. Always check to make sure you have a HTTPS connection with the social networking website. This is usually indicated as a padlock icon located in the left most section of your browser’s address bar.
Be suspicious of e-mails: It is easy for cyber criminals to send phishing e-mails that appear to be genuine e-mails from a social networking company. The safest way to ensure that the e-mail notification is genuine, is to log in to the website directly and check for any messages or notifications. DO NOT click on any links in the e-mail to get to the website because these links may direct you to a fake login page that a cyber criminal will use to steal your login credentials.
Be suspicious of social networking pages/links: Cyber criminals can craft malicious links and pages on social networking sites that are used in online scams or to infect your computer with malware. In some cases your friends or family will send a strange message to you, asking you to view a suspicious website. However, this message may not have come from them because their account was compromised. If this happens to you, call your friend or family member and verify that the message is genuine.
Manage your third party Apps: Some social networking websites allow third party Apps to access or be installed on your profile (e.g. Facebook games). These Apps allow companies to have access to view your private information. Install Apps that you need and are from trusted companies. Finally, always remove Apps that you no longer use, as they can be discontinued without notice and may allow unknown persons an opportunity to view your information.
Blog: Anti-phishing Club