|
From the desk of Jason Balderama, CISO, County of Marin
Social media sites and platforms like LinkedIn, Facebook, Instagram, Snapchat, Twitter, YouTube, and Tik Tok allow you to connect with friends, family, coworkers, and even whole organizations. However, using social media comes with some major risks. Hackers can target you and your organization by piecing together seemingly unimportant snippets from your posts and profiles and use that information against you. That is why it is critical that you recognize these risks and understand how to avoid them.
In this edition of the security newsletter, let’s review ways that you can protect your identity online.
|
|
-
Don’t use a social media site to log into other sites. Some social media app features may be convenient to use, but it doesn’t mean they are always secure. Using one site to log into another can open you up to attack if any of those sites are insecure and misuse your username and password.
-
Don’t use your work email and password for your social media accounts. Using the same username and password for work accounts and personal accounts can enable hackers to break into your organization’s systems! Create separate accounts for work and personal use and keep them secure by using unique passwords. Use long passphrases to enhance the security of your passwords and consider using a password manager to help manage your multiple accounts.
-
Enable Multi-Factor Authentication (MFA) for all your accounts. MFA, sometimes called two-factor authentication (2FA) or advanced authentication, makes it almost impossible for someone else to log in to your account, even if they have your password. You trade the minor inconvenience of entering a one-time code for the huge benefit of protecting your accounts. Turn this on everywhere you can.
-
Don’t exchange sensitive information using in-app messaging. In-app messenger tools are not always end-to-end encrypted by default, and any texted information is at risk of being intercepted. Make sure your messenger app has end-to-end encryption enabled.
-
Check your privacy settings. Social media sites may change their default privacy settings and can cause unintended disclosure of data. Limit the amount of personal information that you provide in your social media profiles and set your privacy settings to limit who can see and share your posts.
-
Be cautious when connecting with strangers. The safest thing is to only connect with people you know personally or can verify through a trusted connection.
-
Watch out for impostors. Cybercriminals may try to gain your trust by posing as your friends, family members, and coworkers. Be sure to verify that the person is who they say they are before you connect with them.
-
Never click on a link without verifying it. If you don’t know the person, you should never click on a link they send or post.
-
Protect sensitive data. Hackers can accumulate details to build a profile of you and your organization, which they can then use to launch attacks. Never post sensitive or confidential information on social media sites.
-
Never share upcoming travel plans. Posting that you are away from the office or out of town can jeopardize both personal and organizational safety. Posting travel documents like an itinerary or boarding pass with barcode could reveal your airline, full name, flight number, where and when you are going, and how long you will be away.
-
When in doubt, don’t post it. Before posting, always ask yourself: “Would this be embarrassing or harmful to me or my organization if it ends up trending and on the front-page tomorrow morning?” Even though you may be able to delete a photo or post, someone else may have already taken a screenshot of it, copied it, or shared it with others.
Do you know what information can be found about you online by conducting a simple search? Here are some recommendations on how to check.
-
Set your browser to private / incognito mode. This will prevent the search results from being impacted by accounts you may be logged in to or your browser history.
-
Search beyond your name. In addition to your name, search for things like your email address, home address, work address, and phone numbers. Put quotes around your search terms so Google will know to search for the exact phrase. Use variations of your name, including misspellings, as you may be identified in different ways.
-
Check the first 5 pages of results. While the first page of results may have the most relevant matches, be sure to check at least the first five for information that may be buried in the later pages.
-
Clean what you can. If you posted the information returned in a search result and you don’t want it displayed online, you can simply access the account where you posted it and remove it. If someone else posted it, you will need to contact the individual or web site to ask them to remove it. Please note that they may not be required or willing to comply with your request.
Following these recommendations should help to keep your online identity secure. But if things go wrong and you believe your identity may have been compromised, visit IdentityTheft.gov to report it and create a recovery plan.
|
|
Copyright © 2022 County of Marin, All rights reserved. |
|
Disclaimer
The information provided in Marin CyberSafe News is intended to increase people’s awareness of cybersecurity and to help them behave in a more secure manner. Links in this newsletter are provided because they have information that may be useful. The County of Marin does not warrant the accuracy of any information contained in the links and neither endorses nor intends to promote the advertising of the resources listed herein. The opinions and statements contained in such resources are those of the author(s) and do not necessarily represent the opinions of County of Marin.
|
|
|
|