Skip to main content
SANS Security Awareness

Utility nav

  • GDPR
  • Support
  • SANS.org
  • Contact
  • Request Demo

Main navigation

  • Products
    • Products Overview Column
      • Products

        Build and mature your security awareness program with comprehensive training for everyone in your organization.

        View Products
    • Security Training Solutions
      • End-User Training

        Security Awareness training designed by experts.

      • Phishing Tools

        Tiered-template phishing simulation tool designed for all learners.

    • Products - Training Span
      • Engineer Training

        Train all learners involved with Industrial Control Systems. 

      • NERC CIP Training

        Relevant Critical Infrastructure Protection training meeting compliance. 

      • Developer Training

        Protect web applications with secure coding practices. 

      • Healthcare Training

        Train learners following HITECH and HIPAA standards. 

    • Events
      • Courses & Summits

        Gain key insights and practical information in security awareness program building from experts in the field with our Summits and training courses. 

  • Why SANS
  • About
    • About Overview Column
      • About

        SANS has been around as long as the Internet. Learn about our history, experts and events around the world.

        Read About SANS Awareness
    • About Column 1
      • Our Experts

        World-class experts covering every aspect of security awareness and defense.

    • About Column 2
      • History

        Read about the SANS Security Awareness legacy.  

    • About Column 3
      • News

        Check out what’s going on with SANS Security Awareness in the news.

  • Reports
  • Case Studies
  • Resources
    • Resources Overview Column
      • Resources

        Looking to build and mature your security awareness program? These resources will enable you with the topics and techniques to improve your learner’s awareness in security.

    • Resources Column 1
      • Blog

        Read from subject matter experts and guest authors about the latest going on in security awareness.

      • Security Awareness Planning Toolkit

        Resources to help you plan, develop and deploy an effective program.

    • Resources Column 2
      • Posters

        Developed by the community for the community. Download and share these awareness posters with your organization.

      • Video of the Month

        Our popular VOTM program allows you to get an inside look of security awareness training on relevant topics affecting our society today.

    • Resources Column 3
      • OUCH! Newsletter

        The world leading security awareness newsletter. Offered in multiple languages, created by a community of experts.

      • Webcasts

        Gain deep insights from subject matter experts on security awareness, program building, behavior change and more.

Mobile Menu

July 2015 • The Monthly Security Awareness Newsletter for Everyone

Social Media

Social media sites, such as Facebook, Twitter, Instagram and LinkedIn, are amazing resources, allowing you to meet, interact and share with people around the world. However, all this power also brings risk for you, your family, friends and employer. In this newsletter, we explain what these dangers are and how to use these sites securely and safely.

Privacy

A common concern with social media is protecting your personal information. Potential dangers include:

  • Impacting Your Future: Some organizations search social media sites as part of background checks. Embarrassing or incriminating photos or posts, no matter how old, could prevent you from getting hired or promoted. In addition, many universities conduct similar checks for new student applications. Privacy options may not protect you, as these organizations can ask you to “Like” or join their pages or certain posts may be archived on multiple sites.
  • Attacks Against You: Cyber attackers can analyze your posts and use them to gain access to your or your organization’s information. For example, they can use information you share to guess the answers to the secret questions that reset your online passwords, create targeted email attacks against you (called spearfishing) or call someone in your organization pretending to be you. In addition, these attacks can spill into the physical world, such as identifying where you work or live.
  • Accidentally Harming Your Employer: Criminals or competitors can use any sensitive information you post about your organization against your employer. In addition, your posts can potentially cause reputational  harm for your organization. Be sure to check your organization’s policies before posting anything about your job. In addition, some of your social media posts may be monitored.
OUCH! Jul 2015 Social Media

The best protection is to limit what you post. Yes, privacy options can provide some protection. However, they are often confusing and change frequently without your knowledge. What you thought was private can quickly become public for various reasons. In addition, the privacy of your posts is only as secure as the people you share them with. The more friends or contacts you share with, the more likely that information will become public. You should assume anything you post can or will become a public and permanent part of the Internet.

Finally, be aware of what friends are posting about you. If they post something you are not comfortable with, ask them to take it down. If they refuse or ignore you, contact the social media site and ask the site to remove the content for you. At the same time, be respectful of what you post about others.

Security

In addition to privacy concerns, here are some steps to help protect your social media accounts and online activities:

  • Login: Protect each of your accounts with a strong, unique password and do not share them with anyone else. In addition, many social media sites support stronger authentication, such as two-step verification. Always enable these stronger authentication methods whenever possible. Finally, do not use your social media account to log in to other sites; if it gets hacked, then all of your accounts are vulnerable.
  • Privacy Settings: If you do use privacy settings, make sure you review and test them regularly. Social media sites often change privacy settings and it is easy to make a mistake. In addition, many apps and services let you tag your location to content that you post (called geotagging). Regularly check these settings if you wish to keep your physical location private.
  • Encryption: Social media sites use encryption called HTTPS to secure your online connections to the site. Some sites (like Twitter and Google+) enable this by default, while others require you to manually enable  HTTPS. Check your social media account settings and enable HTTPS as the default connection whenever possible.
  • Email: Be suspicious of emails that claim to come from social media sites. These can easily be spoofed attacks sent by cyber criminals. The safest way to reply to such messages is to log in to your social media website directly, perhaps from a saved bookmark, and then read and reply to any messages or notifications from the website.
  • Malicious Links/Scams: Be cautious of suspicious links or potential scams posted on social media sites. Bad guys use social media to spread their own attacks. Just because a message is posted by a friend does not mean that message is really from them; their account may have been compromised. If a family member or friend has posted an odd message you cannot verify (i.e., they have been robbed and need you to send money), call them on their mobile phone or contact them by some other means to confirm the message is  truly from them.
  • Mobile Apps: Most social media sites provide mobile apps to access your online accounts. Make sure you download these mobile apps from a trusted site and that your smartphone is protected with a strong password. If your smartphone is unlocked when you lose it, anyone can access your social media sites through your smartphone and start posting as you.

License

OUCH! newsletter is under the Creative Commons license.  You are free to share / distribute it but may not sell or modify it.

In This Issue

Privacy
Security

English
OUCH-201507_en.pdf

Subscribe to OUCH!, our Monthly Security Awareness Newsletter

Get monthly content to keep you up to date on the latest Security Awareness News and Tips.

SANS Security Awareness

301-654-SANS (7267)
Monday-Friday, 9am-8pm EST/EDT

Social

  • Facebook
  • Twitter
  • Linked In

Footer

  • Products
  • Why SANS
  • About
  • Reports
  • Case Studies
  • Resources

Footer utility

  • Support
  • SANS.org
  • Contact
  • VLE Help

Stay up-to-date on the latest security awareness news and tips. 

Subscribe to our monthly newsletter, OUCH!

Subscribe Now

Copyright Nav

  • ©2018 SANS™ Institute
  • Privacy Policy
  • Trademark Usage Policy
  • Credits