Social media is possibly the most vital sector of the Internet, but, being open and social creates legitimate concerns about privacy and safety. Headlines warning of online security breaches is just one reminder of the vulnerability of all websites, including social media outlets.
Despite these justifiable security concerns about the Web, some of the reasons a person's social media account is compromised are self-induced. Five common mistakes that can expose an account include:
Increase the security of your social media account by always logging out when you step away from your laptop or computer. It's best to go one step further and close down the browser you were using to view your account. If you leave your account logged in, you set yourself up to be hacked because anyone who can get to your computer can access your account, change the password or even post items and communicate with your friends as if they are you. Logging out and shutting down the browser is even more important if you use a public computer.
Viruses and malware often find their way onto your computer through those annoying, but sometimes enticing ads. However, on the Web, just like in real life, if an offer seems too good to be true, then it probably is. Save yourself a potential security headache - don't click.
Be careful of who you accept invitations from when building your online network. Connecting and sharing information with people you don't know can be dangerous. If you receive friend requests from strangers, it's best to stay away.
Further, if you receive friend requests from people you do know, but are already connected with via the same site, it's possible that someone has set up a fake account. Avoid accepting duplicate requests, instead of checking in with the 'real' person to see if the request is legitimate.
You should also be careful when connecting with a celebrity's account, as scammers sometimes pose as famous people. Make sure it is their official, legitimate account and not a stranger pretending to be them before you accept their 'friend' invitation.
Part of the appeal of social media sites are all the various games and apps. Even though a significant number of them are safe, you do grant the app a certain level of permission concerning your information. Make sure you know what the app is viewing and sharing before agreeing to the terms.
Make sure you understand the level of privacy - or lack of privacy - you are agreeing to when volunteering personal information. Do you really want an app badly enough to allow it to announce where you are?
Also, participating in seemingly innocent games, like posting answers to a list of 20 questions, may actual also allow cyber-criminals gather important personal information. For example, the question, "What is your most embarrassing moment?" is probably fine to answer, but answering questions like, "What is your pet's name?" or "Where did you and your significant other meet?" may expose answers you gave to security questions for legitimate sites like Amazon or your bank.
Social media sites provide you with the ability to restrict who has access to your information. For example, Facebook (like others) lets you decide who your friends are and what content they can view. One practice to increase your account's security is to disable most of the options and then re-open them once you understand what the settings specifically mean to your account.
In reality, you probably want different types of content to be displayed to different people, with the most being available to known friends and the least to acquaintances.
Each year, it seems, another significant security breach is announced. Major companies like CNN and Burger King have had social media accounts hacked. Most of these breaches mean passwords have been swiped and sometimes even banking and credit card information is compromised. Each of the major social networking sites dealt with one or more security breachs. Three well-known breaches are:
Possibly the most invasive security problem the Internet has faced and experts advise people to simply presume they have been affected by the bug. This is because it's not just an issue of your phone or computer being infected, the bug impacted software that powers many of the services you use. Compromised by the bug was OpenSSL -- the most widely used open source cryptographic programming module -- and TLS (transport layer security) implementation, the component used to encrypt traffic on the Web.
Although no passwords were obtained when Zendesk, a customer service provider for Pinterest, Tumblr, and Twitter, was hacked, the breach did impact thousands of users emails. The Zendesk hack came just months after the November 2013 security breach where hackers stole usernames and passwords for nearly 2 million accounts at Facebook, Google, Yahoo, LinkedIn, Twitter and 93,000 other websites. The breach occurred when malware installed on user computers lifted log-in credentials for thousands of sites for more than a month.
In early 2014, the Syrian Electronic Army briefly took over at least two of Skype's social media accounts: Twitter and Facebook. The group has also successfully hacked the New York Times and hijacked the Associated Press' Twitter account releasing a tweet stating the White House had been attacked which briefly impacted the stock market.
These social media attacks were in addition to online security breaches that affected major store chains like Target.
Regardless whether your account is compromised because the social networking site was hacked or just your individual account was infected, you need to take several steps to resolve the issue.
Clean Your Device
The aforementioned hack that compromised Facebook and Google was caused by malware on users machines. In cases like this, use well-known quality malware removal software to scan your machine. The software will contain and/or destroy known and suspicious files. You may even consider reformatting your computer.
Once your machine is clean, the best way to prevent it from becoming infected again is to keep your antivirus software and browsers current. Set them to automatically install updates.
Once an account has been compromised, it is best to presume all your passwords are compromised. Some security experts advise using a different, strong password for each site.
Since security is dependent on multiple strong passwords, it can become difficult to remember them all -- although there are tricks to make it possible. Consider using a password manager to reduce your vulnerability. You can use the program's password generator to create strong, hard-to-break passwords and you only need to remember one password to access the manager.
Make sure you report the situation to the social network site. This is especially true if you have been locked out of your account. If this happens, you may have to prove to the social networking site the account belongs to you, but be persistent and follow through. If you don't, someone could potentially post information as if they are you - which, at the very least, can damage your online reputation.
If a crime has been committed, such as banking information stolen, also report the incident to local authorities and appropriate federal law enforcement agencies.
If the social media site offers a two-step verification process, use it. The added layer of security makes it much harder for a would-be hacker to access your account. The extra log-in steps will save you time and headaches in the long run.
Each social media site offers tips on how to use their service and still maintain a high level of security. Read their policies, follow their security guidelines and adopt their best practices.
One situation people sometimes overlook is what to do if they want to close a social media account. Should the account be deactivated or deleted? According to the Center for Internet Security, you need to take several steps before for your account is deleted from the social media site.
Although technically you can post both public and private information on many of the social media sites, due to the onslaught of security breaches in recent years, it is in your best interest to presume anything you post is available for public consumption. Reduce privacy and security risks by only posting information that you would be okay with everyone knowing.
Chuck Reynolds
Contributor