Security Awareness Tips: What are the risks associated with Social Media sites?

Submitted by: Michel Lorrain,
Senate of Canada

Posted on Thursday, May 9, 2019


Identity theft: Posting information such as full name, date of birth, address and phone number can be used by criminals to create a profile in order to access resources or obtain credit and other benefits in that person’s name.

Password reuse: Many users of social media sites will use the same password they use for their email, other social media sites, and even their bank accounts. If that password is discovered by computer malware or accidental leak from a website, it provides malicious individuals with a way into all the other sites or even worse a financial institution.

Personal and professional profile overlap: Who you are in the office can be very different from who you are outside of it, and online social networking can focus undesired attention on this distinction.

Scams and hoaxes: Cyber criminals will often attempt to scare or lure social media users into opening malicious messages in an attempt to extract sensitive information via a malware installation, a phishing attack, or social engineering.

Propagation of malware: Cyber criminals are continually creating new exploits capable of installing malware on a user’s computer or social networking account. Real life examples are scripts, which are snippets of computer code that automatically run on your computer when you access a webpage. The objective of malware is often to compromise your account in order to steal your password and other personal information.

Social Media Best Practices
• Familiarize yourself with the social media’s policy on security and personal information.
• Never use the same password used for other personal use web services like online banking or email.
• Use secure passwords containing at least eight alpha-numeric characters and symbols that do not contain names or words to provide more security.
• Make a habit of changing your passwords often, such as every four months.
• Never accept the default setting that is typically preconfigured for all new accounts.
• Don’t post any information that might cause embarrassment to yourself or others. Remember that once you post a photo or comment, it can’t be truly removed. Even if you delete the image or comment, it may have already been downloaded or saved to another user’s computer.
• Secure your computer by using up-to-date technical safeguards such as an antivirus and firewall at home.
• Never accept any unsolicited invitations from strangers.
• Avoid sharing personal information, like your phone number, street address, account information, or vacation plans. Consider the risks of becoming a burglar’s potential target by posting your full residential address and planned vacation dates.