Social Networking

Think about how you want to use social networking. Facebook and Twitter are all-purpose, come-as-you-are social mediums. The communities are gigantic, and anybody with an email address can join. It's best to limit your use of Facebook and Twitter to sharing news, photos, music, videos, etc. casually with friends and family. For business, consider using a service like LinkedIn that caters specifically to professionals.

Follow the Golden Rule 

Assume that the personal information and photos you display are available to everyone and anyone, not just to your friends.

Be careful about the personal information you post 

This is not only applicable to Twitter. Think about what you are posting. If you wouldn't want your current or future employer, current or future spouse, or in-laws, or parents, etc. reading your post(s) then DONĀ“T POST IT!

Use a strong password 

And don't use the same password you use for other sites (including UC, online banking, etc.). If someone were to hack your social networking account, you don't want them to have access to everything you do! For guidance on creating a strong password, check out this newsletter!

Do not display your full birth date 

Listing a full birth date - month, day and year - makes you an easy target for identity thieves who can use it to obtain more of your personal information and potentially gain access to bank and credit card accounts. Choose to show only the month and day, or even better, no birthday at all.

Do not tag children in photos or comments 

To protect children from online predators, do not post a child's name in a photo tag or caption. If someone else does, delete it if you can, or ask the member who owns the photo to remove the name.

Do not mention being away from home 

Doing so is like putting a "Nobody's Home" sign on your front door. Be vague about the dates of your travel plans and vacations.

Restrict searches for your information 

Find out what your options are for restricting public searches. At a minimum, you should be able to prevent your information from being searched for by anyone other than your designated online friends.

Think about the people you become friends with online 

Once you have accepted someone as your online friend, they will be able to access a lot of information about you, including photographs and other material you have marked as viewable by your friends. Find out if and how you can remove a friend in case you change your mind about someone or discover they aren't who they claim to be.

Check your browser and security software 

Make sure you have an up-to-date web browser and comprehensive security software on your computer. This includes anti-virus, anti-spyware, anti-phishing, and a software firewall.

Adjust your privacy settings to help protect your identity 

Facebook and some other social networking sites provide options to protect you online, but it's up to you to understand what they do and how to use them, and to be aware that they change over time.

Set and review your privacy settings regularly. Familiarize yourself with the site's current privacy policies.

Limit what is available to everyone 

Make only a cut-down version of your profile visible to everyone. Reveal the rest of the information in your profile only to people you choose to have as online friends.

Disable unnecessary options 

Disable options, and then add them in one by one. If you are using a social network just to keep in touch with people, consider turning off the bells and whistles you don't need or use. Disable unfamiliar options until you understand what they do and have decided that you do need and want them.

Join groups and networks cautiously 

Assume that all members of a group will be able to see all of your information unless and until you restrict access to it deliberately.

Understand how to QUIT the site 

Understand what happens when you quit the site. It's usually easy to deactivate your account, but some sites, like Facebook, will retain all your information including pictures, friends, etc. even if you do. Find out how you can delete all of your information. You may have to request that the operators of the site delete it for you. When quitting Facebook, you must submit a deletion request, and that, too, comes with some gotcha's:

  • There will be a delay of unspecified length between submitting your delete request and the actual deletion.
  • If you login to Facebook after submitting your request, your deletion request will be cancelled automatically.
  • There's no easy way to confirm that your deletion request has been completed.
  • Even after deletion, copies of your photos may remain on Facebook servers for technical reasons.

 

***********************************************************************
Some of the above content taken with permission from
OUCH! Security Information Service: http://www.sans.org/newsletters/ouch/updates/
Copyright 2010, SANS Institute (http://www.sans.org)

For More Information:



To view PDF files, you will need Adobe Acrobat Reader, a free download.

  • University of Cincinnati UCIT Office of Information Security
  • University Hall
  • 51 Goodman Drive
  • Cincinnati, OH 45221