This article was written and provided to the Scottish Business Resilience Centre by IT and cybersecurity provider, Waterstons. As a cybersecurity and resilience consultant with…
On World Social Media Day 2022, Allena Matheson-Dear, Ethical Hacker at the Scottish Business Resilience Centre, shares guidance on how to stay safe on social media.
During the height of lockdown in April 2020, UK adults spent a record 4-hours a day online (Ofcom Online Nation Report). Social media use surged with people looking for ways to keep connected, informed and entertained. However, as with any online platform, using social media comes with risks. Users have a vast amount of personal, private and sensitive data associated with their social media accounts. People must know how to keep this information safe and secure from cyber-scammers and identity thieves. Here’s Allena’s top ten top tips to keep you safe on social media:
Review Privacy Settings
Privacy settings are often not a priority when first creating your account on social media and rarely revisited at a later stage. Take some time to look at your privacy settings on your social media accounts and think about the type of content you are happy to have in the public view.
- Instagram privacy settings are simple; you can choose between a public or private profile. We strongly encourage people to set a private profile on Instagram if you are planning on sharing personal photos and videos.
- Facebook privacy settings allow you different levels of privacy, such as making your basic profile public, but your posts are only visible to friends.
- Again similar to Facebook, Twitter gives you various privacy and safety settings. Choose who can see your Tweets or if you want your profile visible to the public.
- See the below list for more social media platforms privacy settings:
You should protect your social media accounts by using good password security:
- Use Three Random Words
The latest guidance from the National Cyber Security Centre when creating your password is to use three random words and at least twelve characters or more, ensuring passwords are unique and not easily identifiable. You can choose memorable words but should avoid those that might be easy to guess, such as ‘onetwothree’ or are closely related to you personally, such as the names of family members or pets. You should use different passwords across all your online accounts; this means if one password is compromised, your other accounts will remain safe.
- Consider a Password Manager
A password manager is an easy and secure way to store all your passwords (think of it as a vault), so you don’t have to worry about remembering them. Password managers generate strong, random passwords and automatically fill them in for users. Watch the explainer video below for more information on password managers:
- Two-factor Authentication
Use two-factor authentication (2FA) on your social media accounts for an extra layer of security. 2FA requires two methods to ‘prove’ your identity before you can use a service: a password plus one other form such as a code sent to your phone.
See the below links on how to enable 2FA for each major social media platform:
Beware of Sharing Personal Information and Oversharing
Be careful about what you post on social media, especially if you have not reviewed your privacy settings yet. Many people do not realise how much information criminals can discover from just a few photos and videos in the public domain. TikTok ‘haul’ videos are an excellent example of this. These are videos of people opening online shopping orders which display postal addresses on the packages; users normally follow these videos up with a picture stating that they are going abroad on holiday for two weeks. If the users profile isn’t private, that video and photo can be viewed by anyone, giving away the user’s postal address and information that the home will be empty for two weeks. An ideal opportunity for any criminal!
You should also be aware of who you are speaking to; whether you met them online or thought you were reconnecting with an old friend, some people are not who they say they are. Be vigilant about revealing any personal information on social media and you should never give any financial details or your address! Asking for personal information is a commonly used tactic used in romance scams.
Avoid Quizzes that require Personal Information
While fun and seemingly innocent, quizzes that circulate the internet, especially on Facebook, are malicious. These quizzes are a newfound way of discovering victims’ personal information before using it against them. They may ask common security questions, such as your mother’s maiden name, where you were born, your sibling’s names or the first street you lived in. This information will completely negate the point of having strong passwords on your accounts.
Users must also consider what they click on before they act:
- Consider who sent you the link. Does the person usually contact you? Does the message sound like them?
- Inspect the link. Does it look safe? If you even have a hint of doubt, do not click it and do not respond to the message.
- If you do click, be sure not to sign in, enter your password or ‘allow’ anything to access your profiles unless you are positive it is safe.
Location sharing can be a great feature to ensure that family and friends are safe anytime. However, you should review who can see this type of information. You can change settings so that only a couple of trusted close friends and family members can see your location and only turn it on/share it in situations where you feel it is necessary. Social media platforms such as Snapchat allow users to share their exact locations publicly and are regularly updated. If you do location share on Snapchat, please review who can see this information. Consider the security of your friends’ accounts too. If their account was compromised, would you be happy that a stranger could see your exact location? See below list of how to change the location tracking settings for each social media platform:
Your digital footprint is the term used to describe the information available about you online. Your digital footprint relates to all your social media posts, photos, videos, status updates, and the content others post about you. If this information is public, criminals can use it to steal your identity or make phishing scams more convincing. To prevent your data from falling into the wrong hands, you should think before you post and check who will have access to it. Check your social media account privacy settings to ensure it is only accessible to those you want to see it. Nothing is ever truly deleted from the internet, so consider what content you post, share and interact with, especially in a public manner.
Clean your Contacts
How long ago did you create your Facebook or Twitter account?
If it was a few years ago, you will likely have old contacts with whom you no longer speak, but they can still view and interact with your content. Their accounts may no longer be active, or the account could be compromised without you realising it. You should regularly review your friends and followers on your social media accounts and consider whether or not you are happy for them to see your content or have access to your personal information.
Beware of Social Media Scams
As mentioned earlier, romance and other online scams are on the rise.
- Romance scams – Scammers have been known to build relationships with people on dating apps or social media and then ask for money. Their reasons will typically be for emergencies, such as medical bills, plane tickets and visas. The idea is that if you like them, then you are more likely to hand over your money. The scammers are right.
- Phishing scams are the most common cyber threat in the UK today. They are becoming increasingly more sophisticated as scammers can find out information about you online and tailor the phishing ‘offer’ towards your interests. Be cautious of who you interact with on social media and what you are clicking on before progressing further with ‘too good to be true’ offers.
Advice for Parents and Carers
Parents and children should be vigilant of who they speak with online. Sometimes people disguise their profiles by pretending to be other children, so caution is advised on what information users give out to each other.
- Age restrictions – You should be familiar with any age restrictions for your child’s apps and social media platforms. Many have a minimum age of 13 to be able to sign up.
- Safety and privacy – Review the privacy settings for each social media platform and decide what is suitable for your child. We recommend setting your child’s profile to private and hiding their location.
- Cyberbullying – Cyberbullying can be common online and severely detrimental to mental health. Parents should check up on their children regularly if they experience relentless and severe online abuse. If it does occur, users should block the offending user/private their account if it is not already. Everything said should be documented and then reported to the platform on which it is taking place. If a child also knows the person bullying them in real life, it can be reported to the school and, in severe cases, the police.
For in-depth advice about online safety for children, read our guide: ‘Staying Safe Online- Advice For Parents And Carers’.
To help social media and online platforms remain safe for yourself and others, you must report content, comments and profiles that you believe to be offensive or threatening. These could be suspicious links in private messages, compromised accounts, a user that isn’t who they say they are, or harmful comments. Once reported, this will raise a flag to the social media platform and they will investigate further.
See our complete range of social media resources for more information on reporting harmful or suspicious content.