By Cynthia Hetherington
Data, at its most annoying, is a commodity with social media sites selling your Likes to data providers. Data, at its most dangerous, allows terrorists and scammers—as near as your neighbor or from faraway lands—to farm from open sources the personal addresses of our military personnel to threaten them and their families. They robocall mercilessly and prey on the elderly. Unfortunately, we share much of the data that generates these annoyances and threats
In this new blog series, we help you understand the dark side of information sharing. You will learn the pitfalls of oversharing and how to reduce your online risks. You will gain useful tips for protecting your personally identifiable information (PPI) and preventing identity theft, learn how to opt out of online vendors and how to remove your PPI from three major DNA collection retrieval services.
A variety of information is available to businesses and organizations. While most of the information is non-sensitive, some of it can be sensitive. This week, how social media activity open the world to your life.
How to be Social Media Savvy
It is possible to take part in social media and still maintain a semblance of privacy. To accomplish that, keep some of the following things in mind when posting on social media platforms such as Facebook.
Do not write in a fury
If you are angry, inebriated, or simply have a big secret you are itching to share, that is the time to step away from the keyboard. What you think is hysterical or outlandish now might only serve to embarrass you later.
Do not ignore the privacy controls
Every application and online service offers customization for your profile. Use it. For example, on Facebook, limit your account access by setting who can view your posts to Friends, Friends of Friends, or Only Me. Do not enter contact information, such as your phone number and residential address. Restrict access to your photos, birth date, religious views, and family information, among other things. Give only certain people, or groups of people, access to these items, or block specific people from seeing them.
Do not post your child’s name in a photo caption
Do not use your child’s name in photo tags or captions. If someone else does, delete the name’s tag by clicking on the Remove Tag option. If your child is not on social media and someone includes his or her name in a caption, ask that person to remove the name. Do not share online the details of your child’s life. Your child’s sports practice, such as soccer, is likely on a regular schedule, which a predator reading Facebook profiles can be easily track.
Do not mention when you’ll be away from home
When you tell your Friends through social media that you are not going to be home, you are inviting criminals who are trolling Facebook profiles—especially unsecured profiles—to your then-unoccupied house. Keep in mind it takes only a few minutes to rob your home or harm your family. Even a mention of a quick run to the store is unwise.
Do not use a weak password
Avoid using simple names or words that can be found in a dictionary as a password. Even with numerals tacked on the end of the word, these are not secure passwords. Instead, use a knuckle-breaker password—one that requires upper and lower-case letters, in combination with numerals and symbols. A secure password should have a minimum of eight characters.
Do not put your birthday in your profile
Your birth date is an ideal target for identity thieves, who could then use the date to obtain more information about you, potentially gaining access to your bank or credit card accounts. Do not put any personally identifiable information about yourself in your social media profile accounts.
Do not let search engines find you
To help prevent strangers from accessing your Facebook page, go to the Search section of Facebook’s privacy controls and select “Only Friends” for Facebook search results. Be sure the box for public search results is not checked.
Do not ignore privacy settings updates
The Terms of Service for apps and social media services changes constantly. Keep up with any notices that changes have been made to the security and third-party access permissions.
Control your child’s social media activity
Most young people are now using social media platforms other than Facebook, including Instagram, Twitter, Snapchat, and TikTok. Get in the habit of having your child part with his or her smart phone each night so the phone can spend the evening recharging its battery—an excellent opportunity for the parents to then peruse the contents of their child’s social media profiles. Sign up for a monitoring app such as Bark, Safer Kid, or Web Watcher to monitor your children’s social media activity on their phones.
Do not Friend your employer
Sure, it might seem like a great idea to Friend your boss—that is, until you decide to rant about how much you hate working overtime or you post photos of your day at the beach the same day you called sick into work.
Our series, Info Exposed, is meant to help you to facilitate your personal privacy in a very open online world. There is no one solution, no one vendor, that has all the answers. The best security practices start at home. Using our tips as a guide, you can begin to remove, obstruct, or obscure the open source information that leaves you and your family vulnerable online. The entire report, Information Exposed, is also available to download for free.
Are you an analyst or investigator looking for advanced OSINT training on risk assessment and risk monitoring? If so, check out Hg’s webinar series, where you can attend live sessions and receive CEUs or watch previously recorded sessions to beef up your investigative skills.
Are you concerned about your company’s or employees’ points of vulnerability through online and open sources? Our skilled analysts are experts at removing personal information that puts you, your business partners, and your family at risk. Learn how our team can assist you in assessing and monitoring your risks.
Cynthia Hetherington, MLS, MSM, CFE, CII is the founder and president of Hetherington Group, a consulting, publishing, and training firm that leads in due diligence, corporate intelligence, and cyber investigations by keeping pace with the latest security threats and assessments. She has authored three books on how to conduct investigations, is the publisher of the newsletter, Data2know: Internet and Online Intelligence, and annually trains thousands of investigators, security professionals, attorneys, accountants, auditors, military intelligence professionals, and federal, state, and local agencies on best practices in the public and private sectors.
