Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: InfoSec Handlers Diary Blog - Cyber Security Awareness Month - Day 12 - Protecting and Managing Your Digital Identity On Social Media Sites InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Cyber Security Awareness Month - Day 12 - Protecting and Managing Your Digital Identity On Social Media Sites

Published: 2010-10-12
Last Updated: 2010-10-12 20:45:08 UTC
by Scott Fendley (Version: 2)
6 comment(s)

As we all know, social media sites are designed to share information such as who and where you are and what you are doing. This can be a great way to connect to close friends and family, or even re-connect with old classmates and old co-workers.  And it can be a great way to find and connect to new groups with interests common to your own.  

However, there is a fine line with what and how much information to share with these different subsections of your life.  Think about this.  Every public message you post on your Twitter account can be spread around the world in a matter of seconds and possibly will be indexed and found in real-time searches 24/7.  These messages have the power to compromise your safety or your identity, jeopardize your future employment, or just embarrass yourself to the world.  

First, review and use privacy settings.  Most every major social media site such as Facebook, Twitter, and LinkedIn have the ability to control how visible your information and pictures are on the site as well as any search engines who parses that data.  You need to decide how visible you want your contact and profile information, videos, photos, and other posts need to be, and take the time to set the appropriate controls within the media site in question.

Second, don't share information that can help people steal your identity or locate you. It is quite possible for someone to look up your name in a phone book (digital or dead tree version) and find your physical address if it is not already known.  The combination of that publicly available information and your public post about hanging out with friends watching Monday Night Football across town could be enough for someone to take advantage of the situation and break into your house. This would likely require that someone be targeting you or your family specifically.

Third, in most social media sites, you have the ability to limit who can see photos or video tagged with your name.  It is probably best that you do not upload photos or video showing you or your friends doing illegal or inappropriate things in the first place.  But you need to take advantage of any settings that allow you to control how visible this content could be if your friends not exercise good common sense.  Is it really all that smart to post an x-ray image of your broken arm while you are in high school, if your dream is to play baseball professionally?

Fourth, no matter if it is a tweet, a Facebook status update, or something else,  it is recommended that you restrict the delivery of this information to your circle of friends only

Fifth,  online interactions between coaches and potential student athletes must be managed cautiously. Coaches are under even heavier scrutiny than many other people due to NCAA regulations.  Wishing a recruit "Happy Birthday" on their public wall may be considered inappropriate in some circles. It is even possible that re-tweeting a media post by the coaching staff about a recruit visitation could be construed into something that could be a minor violation.

Sixth, be especially careful of malicious links sent via social media accounts.  There are many URL shortening services on the Internet that help when you only have 140 characters in a particular tweet.  Some third party clients to social media sites have the ability to show you the full URL which was masked in the update.  Enabling this will give you some confidence that you are actually going to a known and more-trusted site. In general resist the urge to click on items sent to you no matter the source.

Seventh,  like all computer accounts, you must protect social media accounts from being hijacked.  Using strong passwords on your social media accounts is a must.  And you must be careful to not disclose your credentials to would-be attackers.  Using your credentials, attackers could use your account to lure your circle of friends into clicking a malicious link sent from your account.

Last but not least, think twice before posting or even clicking on a post.  Consider what could happen if a post becomes widely known and how that may reflect both on you (as the poster) or your school or workplace.

There are likely other ideas of how to better protect and manage your digital identity when it comes to social media.  Share these with us via the contact form or comment on this article. 

Scott Fendley
co-ISC Handler on Duty


Thanks to Nathan for the great comment to refine the attack vector regarding "don't share information that can help people steal your identity or locate you".

6 comment(s)
Diary Archives