February 22, 2012
Your Social Media identity is your brand, your representation online. You should be protecting it just like you protect your wallet, keys and everything else you don’t want people playing with without your permission.
Basic Social Media security isn’t very hard to accomplish, doesn’t diminish your ability to get things done, and doesn’t take a lot of time to keep up with. It’s also free for the most part, so it won’t even make a dent in your wallet if you only need the basic features.
For social networks and bookmark/photo sharing sites, you can do three things to help ensure you stay safe:
– Choose a password that’s not a word in the dictionary, is made up of letters and numbers, and it at least 8 characters long. XKCD had a great way to do that. You can also simply pick a phrase that you’ll remember, and translate that into a combination of letters and numbers.
So “To Infinity, and Beyond!” becomes “2InfinityAndBeyond!” If the network in question doesn’t allow punctuation in passwords, just drop the “!”
[editor’s note] PLEASE don’t use that one as your password, as anyone reading this article will be able to get into your social networks if you do.
– Make sure you know what’s connecting to your networks. Twitter, Facebook, LinkedIn and others have Connections, Applications and/or Privacy pages that detail what apps can see and use your data, and what data they can see and use. These pages are typically on the Settings, Options, or Privacy pages for your account once you log in. Be sure you know what each application is, what it does, and how it accesses/uses your information. Remove any apps you no longer use, or don’t want to use, and whenever possible, limit the apps you do use just to the vital data they require and no more.
– Try to never use social networks on computers you don’t own. While it’s probably impossible to always follow this rule, do it whenever possible. If you must use a social networking site on a computer you don’t own, make sure the “remember me” or “always keep me logged in” checkboxes are cleared and make sure you log off the social network site when you’re done, don’t just close the web browser or window. Public computers – like at libraries and internet cafes – are prime targets for key-tracking malware. Use them for social networks (or really anything that requires you to log in) as an absolute last resort.
For blogs, things get a little trickier:
– Do use secure passwords, just like for social networks. Make sure they are NOT the same passwords you use for social network sites.
– Keep your blog updated. If you use WordPress, for example, check weekly for new updates both for the WP software and for any plug-ins and themes. WordPress 2 and up will allow you to update these items with a few clicks, so there’s no excuse for not staying updated. If you are with a hosted blog provider like Blogger, then the host will typically do this updating for you, but it never hurts to check your Settings/Administration pages just to make sure.
– Use a 2-factor authentication system if you host your own blog. Duo Security has a free version of their smartphone-based authentication system that works great with WordPress, for example. This ensures that just because your password is breached, there is another layer of security for most forms of blog access to help ward off attackers.
– Moderate comments. This isn’t so much for your direct security as for spam prevention and keeping links to malware-infected sites off your Comments page. Moderation is a bit annoying at times, but you can minimize that by setting up an account with a filtering service, like Akismet, to remove the obvious spammers and only bug you when a comment appears legitimate.
Take a few steps today to help close the loopholes that allow attackers to get hold of your Social Media info and sites. An ounce of prevention now helps avoid weeks of clean-up later.