Social media is both a boon and a bane. While it has connected billions of people, made them more accessible, and created more possibilities for the end-users. There's no doubt that it has also made them more susceptible to security threats and vulnerabilities. According to a report by Kepios, there were over 4.80 billion social media users globally by April 2023. This is precisely the very reason why cyber criminals love social media as well. Keeping this in mind, we have created an ultimate social media security checklist.
Before we proceed ahead, here's a brief snapshot of essential social media stats for 2023.
Social Media Security - The Essential Stats
The latest data from the Digital 2023 report shows strong growth across all things digital in 2023.
1) Total number of global internet users has climbed to 5.16 billion in 2023 from 4.95 billion in 2022. This means 64.4% of the world's entire population uses the internet.
2) In 2023, the percentage of individuals using a mobile phone has increased to 68% from 67.1% in 2022. And 68% of the world's population accounts for a whopping 5.44 billion individuals.
3) Meanwhile, mobile devices remain the most popular for social media access. So much so 99.9% or 4.7 billion social media users access social media via mobile devices.
Social Media Security - A Hackers' Paradise
The unfortunate thing with social media is that users give too much emphasis on the 'social bit' than they are with respect to the privacy and security aspects. And it's not just with the average users. Security professionals are found to be slack too with social media security issues. Shocking, right?
- Research conducted by SpyCloud, a fraud prevention company, revealed that 64% of the security professionals questioned hadn't changed social network passwords for at least a year, and 70% had never changed them.
- According to ITRC’s 2022 consumer impact report, social media account takeovers has increased by 1,000%.
- Also, over 50% of investment scams are initiated via social media platforms (Telegram, Instagram, Facebook, etc.) using the DM option.
- According to the researchers at Darktrace, novel social engineering attacks have seen a 135% jump in 2023.
What's more, the complexity and sophistication of these attacks are also expected to increase in 2023, as predicted by cybersecurity experts.
Imagine the harm this could do to businesses that rely on social media for brand marketing.
According to a recent report, 82% of shoppers ended up buying a product they discovered on social media platforms. This shows how social media influences buying decisions of the majority of online shoppers. Imagine the damage a hacker could incite upon a business and ruin its brand and reputation.
Are You Oversharing on Social Media?
When you use a software or mobile application, you are responsible for knowing how much data is available for sharing. To do this, identify the points below:
Data That You Explicitly Share When Needed
- Personally Identifiable Information - Your name, birth date, photo, etc.
- Contacts - Your email address book, phone book
- Location Data - Listed location, tagged location on websites such as Facebook, Instagram, etc.
- Billing Information - Address, credit card details
- Employment Data - Previous and current jobs, current coworkers
The Data You Share Unknowingly
- GPS Location - Wi-Fi, Bluetooth signal
- Phone Information - Service provider, language, time zone, smartphone maker and model, operating system, battery percentage
- Social Media Usage Habits - Frequency of use, likes, and interests, social network interactions such as messages, photos shared, close friends vs acquaintances, visits to third-party websites based on ads.
How Can Hackers Exploit Social Media Platforms
The following are some of the most popular ways in which a hacker can exploit a social media platform -
Phishing is a technique where internet fraudsters mask themselves as trusted businesses and trick people into giving personal information such as account numbers and passwords and divulging credit card details. Phishing has been existing for a long time dating back to the age before the internet when they used the telephone to scam people. (Source)
Messages like “Congratulations! you have won a $1000 reward in our lucky draw, Please click to claim the prize”, “We found an unauthorized transaction on your account, please click the link below to confirm your identity”, ”Please verify your account as a process of system upgradation, Click on the link and provide your details” etc are some of the common messages used to phish out information like credit card details and account passwords.
Clickjacking, also known as a "UI redress attack", is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they were intending to click on the top-level page. Thus, the attacker is "hijacking" clicks meant for their page and routing them to another page, most likely owned by another application, domain, or both.
Using a similar technique, keystrokes can also be hijacked. With a carefully crafted combination of stylesheets, iframes, and text boxes, a user can be led to believe they are typing in the password to their email or bank account, but are instead typing into an invisible frame controlled by the attacker. (Source)
Just like Clickjacking, Link-Jacking is a method used to redirect the links of one website to another which the cybercriminals use to redirect users from trusted websites to websites infected with malware.
This occurs when cyber criminals post fake Facebook “like” buttons to web pages. Users who click on the button don’t “like” the page, but instead, they download malware.
5) Social Spam
Social spam is unwanted spam content that appears on social networks and/or any website with user-generated content (comments, chat, etc.). This type of spam can appear in many forms such as bulk messages, hate speech, profanity, insults, fraudulent reviews, malicious links, fake friends, and personally identifiable information. Let's say you receive too many abusive comments on social media. In this case, you can limit comments on TikTok and other channels you use.
Ultimate Social Media Security Checklist
Here's are some tips and best practices for using social media in a safe and secure manner:
1) Educate yourself about how cyber attacks look and work on social media platforms and learn how to better protect your Facebook, LinkedIn, Twitter, and Instagram accounts. For example, this should be extremely important for the person who is in charge of your Instagram growth services at your company."
2) Use unique, complex passwords for every online account you own. Keep changing your passwords from time to time, especially following the announcement of a security breach or account compromise.
3) Review the basic account information on all social media platforms. Control what personal information you share online — like your name, email address, and phone number.
Remember that the Internet is a public resource. Only post information that you are comfortable with anyone seeing.
4) Make use of control settings provided by the social media platform that helps you manage your privacy and security.
5) Review what data is associated with your online account. Control the data that gets associated with your account and pause the collection of specific types of data — like your searches and browsing activity, the places you go, and information from your devices.
6) Avoid broadcasting your location. Location or geotagging features on social media networks is not the safest feature to activate.
You could be telling a stalker where to find you or telling a thief that you are not at home.
7) Be cautious about offers online. If it sounds too good to be true, it probably is.
8) Connect and engage with only those people that you know and trust in real life.
What You Can Do About Social Media Security as a User
Being a social media user, your security is in your own hand. Here are some security tips that will help you make your social surfing safer:
1) Keep The Anti-virus Updated
Whether it's your smartphone, laptop, or other network devices, anti-virus is its defense system. It protects your device from malware and viruses. Therefore, make sure to keep the anti-virus updated. Setting auto-update might also help.
2) Don't Overshare Anything
Many people are habitual of posting every small to large detail about their life on social media. You don't have to make the same mistake. Limit the information you share on social media. The lesser the information, the safer you are!
3) Disable Locations
When you are on a social site or any website, make sure your location is turned OFF. It reduces the chances of any hacker or fraud determining your location. Moreover, location is an integral detail of a user. Keep your location OFF whenever surfing on the internet.
4) Report Harassment And Suspicious Activities
If you have experienced a cyber attack, report the incident ASAP. Use the HELP section of your social media and let them know about the incident of harassment you faced. Authorities are always there to help, you just need to take the first step.
5) Connect With Only Those You Know or Trust
You might think that there's limited information on your social profile, but you have no idea how clever a hacker can be to extract details you have even shared. That will only happen if you are connected with them. Therefore, keep your social media connections as precise and limited as possible. Don't connect with people you don't know or trust.
What You Can do About Social App Security as an App Developer
Following are some key practices that an app developer must keep in mind while testing an application. These key points are important from the perspective of social security:
1) Assess All Open Source Codes
It's the first step in making the apps more secure. Third-party libraries and open-source codes help to boost the speed of applications' development and employment.
Moreover, developers can also conduct exhaustive security tests to ensure the code does not make the mobile app vulnerable.
2) Secure The Source Code
Most source codes in the mobile app development process reside with the customers or clients. Mobile developers can consider obscuring those codes to make the application secure from hackers. One can take the help of software like Pro-Guard to facilitate and fasten the process of codebase jumbling.
3) Use Strong Data Encryption
Developers need to encrypt every single date of the app and get rid of all the plain text resources. This makes it impossible for attackers to get any insights from the mobile app. Also, one can consider using multiple security measures, for optimal protection.
4) Secure The Database
Developers need to make sure that all the data related to the user remains secure and safe. This includes user credentials, payment information, and various other types of sensitive data. To achieve security, developers must maintain updated security measures in the app.
5) Isolate App Data
Social apps tend to access data from users' mobile devices on a daily basis. That's why it becomes important for the developers to focus on developing multiple layers of protection to secure private information.
Cyber security ceased to be just about tech a long time ago. Above all, it's about people. One of the major cyber risks is to think they don't exist. This year we have already seen a record number of Android & iOS app threats creating havoc in everyday life. Make use of the above social media security checklist to review your information online and ask yourself this question - Are you making it easier for hackers to steal your data? We surely hope not. Happy browsing!