Good Social Media Hygiene

We’ve all started to get used to our “new normal” of working from home. There have been a lot of posts about how to do this effectively, and some of you may even have used some of the guidance I recently published on here. (A big thank you if you have!)

A quick heads up is probably in order here. As with my previous article, this one isn’t necessarily intended for cyber professionals: rather, it’s aimed at those who don’t work in the industry and will hopefully give them some insight into how to help their online health.

We now know that this is going to be how we live and work for – probably – months to come, so we best settle in and make the best / most of it.

It’s been great to see how we are making more use of collaboration tools, and there are any number of posts and videos about the pros and cons of the different solutions, as well as the creative ways teams are coming together. I’m not going to talk about that in this post. What I do want to talk about is how we use social media.

We’ve all (hopefully) got the message from our government that washing hands for 20 seconds is a good starting point in our efforts to slow the transmission of the coronavirus. We’re seeing initiatives such as supermarkets provide antibac wipes and gel so you can clean the handles on trolleys before going in. On my rare forays away from the house I’ve noticed so many more people cleaning their hands, and that’s been very reassuring.

But it seems to me that all this time at home has also led to much more engagement on social media, with many more helpful and inclusive posts on neighbourhood forums for example. There seem to me to be so many more people joining in online conversations etc, which seems to be helping build more of a community spirit. (Yes, I still see the backbiting and trolling too, but much more infrequently recently.)

Talking of people being online, it seems like every day we’re hearing about new scams, new ways which the bad guys and gals (I’m going to call them bad actors from here) are trying to get access to our systems and to our details.

I believe that now is a good time to apply good hygiene to our online selves, as well as our physical selves. With all this additional engagement, but also increase in time spent online, I think now is a good opportunity to encourage people to check their privacy settings and reduce them where appropriate.

Just as antibac wipes and handwashing help protect your physical health against the pandemic that’s assaulting us, locking down your social media profiles helps protect your online health against the bad actors mentioned above.

Restricting who can see your friends lists, or your latest posts, reduces the open sources intelligence (OSINT) gathering opportunities for the bad actors: this in turn reduces the information they have to try to use against you in phishing and spear phishing attacks for instance.

How do you do this? For each of your social media accounts the process will be slightly different, and if you’re unsure where to start, open Google (or any other search tool) on your internet browser and search for “privacy settings” and the name of the app you’re using. It should then be a case of following the instructions, but bear in mind that these could vary depending on whether you’re accessing your account from a PC, a laptop, an Android phone, an iPhone or other devices.

For most applications, it’s worth bearing in mind that they automatically open up your account as much as possible and may reset your settings every so often without warning. In general terms, making sure you use two factor authentication on each account, and restricting who can view your profile / posts to people you know are good things to do. For information on what each setting does, check them out on the application’s web site.

For example, I use an iPhone, and the initial steps are:

  • Facebook – Open the app, click on the three horizontal bars at the bottom right of the screen (next to the bell icon that shows you you have notifications), scroll down to Settings & Privacy and then click on Privacy Shortcuts. Go through each of the topics there in turn and amend your settings.
  • Twitter – Open the app, click on your account icon in the top left corner (typically that’s your profile picture), and click on Settings and Privacy. Again, go through each of the topics and amend your settings.
  • Instagram – Open the app, click on your account icon in the bottom right corner (the icon is a person, next to the heart icon), click on the three horizontal bars at the top right of the screen, then click on Settings. Go through each of the topics under Privacy and also under Security and make changes as necessary.
  • LinkedIn – Open the app, click on your account icon in the top left corner (typically that’s your profile picture), click on Settings, then amend the relevant items under the Account and Privacy tabs.

Repeat the process for other apps, but by now you should get the idea I hope. I appreciate that these appear to be convoluted and time consuming, but in reality they don’t take long and they help to reduce the amount of information you share, and who you share it with.

Cambridge Analytica – who knew?

Err, we did!

Regular readers will have seen my post last year which talked about the dangers of over sharing. It described pretty much exactly what’s happened with Cambridge Analytica, on a massive scale.

I’m not going to go into detail on what they did – there’s a lot of news coverage you can check out – but basically an individual’s details and those of their friends were harvested and used for targeted advertising with the aim of swaying voting in the US election in 2016. Other elections may also have been influenced in this way.

This is a great example of why you should regularly check your privacy settings on social media, and be careful what information you decide to share.

Do you have privacy fatigue?

It’s a fact of life these days that we constantly seem to have people giving out dire warnings about being careful what information you share online, who can overhear you giving out your credit card numbers etc. It seems like we’re being warned that there are ears everywhere.

Do you know what? There are.

But these constant messages of your impending doom could also have a negative effect, a sort of “it doesn’t matter what I do, the bad guys will get my data anyway” attitude. This sort of apathy and resignation could be a form of privacy fatigue, and is discussed in this excellent article which my better half kindly shared with me.

It describes how you can tell if you’re suffering from privacy fatigue, and explains what the term means and is based on academic research, which I liked.

There are a couple of points to note about the article though: the sample was quite small – less than 400 people, and the demographic was quite narrow – only people in their 40s and early 50s.

Perhaps the biggest shortcoming in the article as far as I could see was that it didn’t talk about the “so what” aspect of what it had to say (but then it’s in a psychology publication, not a security one so that makes sense). What are the risks of sharing, and why is it important not to become fatigued?

I can still remember the days when mobile phones, smartphones, email, social media and computers didn’t exist. Back then, you wouldn’t dream of standing in the middle of the street and handing out your bank details including statements, or shouting out details of when you were going on holiday. You almost certainly wouldn’t go up to everyone you met and told them where you kept your cheque book and cheque guarantee card (told you I remember a long way back!). Would you have stood on one side of a wall and shouted over it, to whoever might have been listening, who you’re thinking of employing and how much you’re thinking of paying them, or details of a business proposal you’re writing?

I’m guessing that you would agree all of those would be pretty foolish things to do. But effectively, that’s what you’re doing when you drop your guard in respect of privacy.

If you don’t lock down your privacy settings on your social media applications, you’re making every aspect of your life visible to anyone else on the internet.

If you use the same password on multiple websites, you’re making it easier for the bad guys to get access to more of your life.

If you’re talking about confidential things, knowing who else is listening is really important.

Please don’t be complacent. Please be careful. Please don’t get privacy fatigue.