Your Ultimate Social Media Security Checklist

Social media is both a boon and a bane. While it has connected billions of people, made them more accessible and created more possibilities for the end users. There's no doubt that it has also made them more susceptible to security threats and vulnerabilities. According to the latest report in the ongoing series of Global Digital reports by We Are Social and Hootsuite, there are more than 3 billion active social media users worldwide. This is precisely the very reason why cyber criminals love social media as well. Keeping this in mind, we have created an ultimate social media security checklist.

Before we proceed ahead, here's a brief snapshot of essential social media stats for the first quarter of 2018.

Digital Around The World in Q2

Social Media Security - The Essential Stats

As per the latest data from the Global Digital report, there was plenty of strong growth across all things digital in the first quarter of 2018.

1) The number of internet users rose by 276 million between January and March, reaching a total of 4.087 billion by the end of the quarter.

2) More than 5 billion people around the world now use a mobile phone, with roughly 6 in 10 of those users owning a smartphone.

3) Meanwhile, mobile continues to grow its share of social media use, with 389 million people accessing social media via mobile for the first time in Q1.

4) This 14 percent increase takes the number of mobile social users well past the 3 billion mark, with the total standing at 3.087 billion at the start of the second quarter.

Global Annual Digital Growth

Social Media Security - A Hackers' Paradise

The unfortunate thing with social media is that users give too much of an emphasis on the 'social bit' than they are with respect to the privacy and security aspects. And it's not just with the average users. Security professionals are found to be slack too with social media security issues. Shocking, right?

Thycotic’s annual survey of participants at the February 2017 RSA Conference in San Francisco, revealed that 50% of the security professionals questioned hadn't changed social network passwords for at least a year, and 20% had never changed them.

A Digital Risk and Compliance report by Proofpoint found that across the big four networks—Facebook, Twitter, LinkedIn and Instagram, there's a 150% rise in social engineering last year alone. Imagine the harm this could do to businesses that rely on social media for brand marketing.

They also revealed that around 74% of consumers rely on social media to guide their purchases. Further, 19% of social media accounts associated with 10 top brands are fraudulent. Imagine the kind of damages, a hacker could incite upon a business and ruin it's brand and reputation.

Are You Oversharing on Social Media?

What amount of data you mean to share and what data you don't? Identify those with the points mentioned below -

Data You Mean To Give

Personally Identifiable Information - Your name, birth date, photo etc.

Contacts - Your email address book, phone book

Location Data - Listed location, tagged location on websites such as Facebook, Instagram etc.

Billing Information - Address, credit card information

Employment Data - Previous and current jobs, current coworkers

Data You Don't Mean To Give

GPS Location - Wi-Fi, Bluetooth signal

Phone Information - Service provider, language, time zone, smartphone make and model, operating system, battery percentage

Social Media Usage Habits - Frequency of use, likes and interests, social network interactions such as messages, photos shared, close friends vs acquaintances, visits to third party websites based on ads.

How Can Hackers Exploit Social Media Platforms

The following are some of the most popular ways in which a hacker can exploit a social media platform -

1) Phishing - Phishing is a technique where internet fraudsters mask themselves as trusted businesses and trick people into giving personal information such as account numbers and passwords and divulge credit card details. Phishing has been existing for a long time dating back to the age before internet, where they used the telephone and scammed people. (Source)

Messages like “Congratulations! you have won a $1000 reward in our lucky draw, Please click to claim the prize”“We found an unauthorised transaction on your account, Please click the link below to confirm your identity””Please verify your account as a process of system upgradation, Click on the link and provide your details” etc are some of the common messages used to phish out information like credit card details and account passwords.

2) ClickJacking - Clickjacking, also known as a "UI redress attack", is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they were intending to click on the the top level page. Thus, the attacker is "hijacking" clicks meant for their page and routing them to another page, most likely owned by another application, domain, or both.

Using a similar technique, keystrokes can also be hijacked. With a carefully crafted combination of stylesheets, iframes, and text boxes, a user can be led to believe they are typing in the password to their email or bank account, but are instead typing into an invisible frame controlled by the attacker. (Source)

3) Link-jacking - Just like Clickjacking, Link-Jacking is a method used to redirect the links of one website to another which the cyber criminals use to redirect users from trusted websites to websites infected with malware.

4) Like-jacking - This occurs when cyber criminals post fake Facebook “like” buttons to web-pages. Users who click on the button don’t “like” the page, but instead they download malware.

5) Social Spam - Social spam is unwanted spam content that appears on social networks and/or any website with user-generated content (comments, chat, etc.). This type of spam can appear in many forms such as bulk messages, hate speech, profanity, insults, fraudulent reviews, malicious links, fake friends, and personally identifiable information.

Ultimate Social Media Security Checklist

Here's are some tips and best practices for using social media in a safe and secure manner:

1) Educate yourself about how cyber attacks look and work on social media platforms and learn how to better protect your Facebook, LinkedIn, Twitter and Instagram accounts. For example, this should be extremely important for the person who is in charge of your Instagram growth services at your company."

2) Use unique, complex passwords for every online account you own. Keep changing your passwords from time to time, especially following announcement of a security breach or account compromise.

3) Review the basic account information on all social media platforms. Control what personal information you share online — like your name, email address, and phone number.

Remember that the Internet is a public resource. Only post information that you are comfortable with anyone seeing.

4) Make use of control settings provided by the social media platform that help you manage your privacy and security.

5) Review what data is associated with your online account. Control the data that gets associated with your account and pause the collection of specific types of data — like your searches and browsing activity, the places you go, and information from your devices.

6) Avoid broadcasting your location. Location or geo-tagging features on social media networks is not the safest feature to activate.

You could be telling a stalker where to find you or telling a thief that you are not at home.

7) Be cautious about offers online. If it sounds too good to be true, it probably is.

8) Connect and engage with only those people that you know and trust in real life.

Final Thoughts

Cyber security ceased to be just about tech a long time ago. Above all, it's about people. One of the major cyber risks is to think they don't exist. This year we have already seen massive cyber attacks and data breaches creating havoc in everyday life. Make use of the above social media security checklist to review your information online and ask yourself this question - Are you making it easier for hackers to steal your data? We surely hope not. Happy browsing!


Published on May 1, 2018
Subho Halder
Written by Subho Halder
Subho Halder is the CISO and Co-Founder of Appknox. He started his career researching Mobile Security. Currently, he helps businesses to detect and fix security vulnerabilities. He has also detected critical loopholes in companies like Google, Facebook, Apple, and others


Chat With Us

Using Other Product?

Switch to Appknox

2 Weeks Free Trial!

Get Started Now