Slideshow

12 tips for safe social networking

13 Photos Mitchell Ashley (Network World)

Social networking is the killer Internet app, but it can also lead directly to identity theft.

  • TIP 6 – Avoid accidentally sharing personal details: You wouldn't put a note on your front door stating, "Away for the weekend...Returning on Monday." Micro-blogging tools like Twitter and What are you doing right now? features in Facebook, LinkedIn and other social networking sites make it easy to let details slip that you wouldn't otherwise broadcast (to friends or strangers). Be aware of what information you put out there which others might use for nefarious purposes.
  • TIP 4 - Don't trust, just verify: Two security researchers demonstrated at the Defcon/Black Hat 2008 conference how easy it is to set up a Facebook or LinkedIn site using a false or impersonated identity, including links to malicious sites. This means you need to verify that a page claiming to be from a friend actually belongs to that person before sharing too much information or clicking on links.
  • TIP 9 – Learn how sites can use your information: The growth in social network sites means sites want to use your information to market and sell goods to you. Is your information shared with outside companies and partners? What information from your profile or page content can plug-ins such as Facebook Applications use? Review the site's privacy policy, reveal details about yourself appropriately and activate every privacy setting you can control.
  • TIP 7 – Search yourself: It's a good idea to search your name on Google and check out your profile as others see it on social networking sites. Understand where you are showing up and what information is available about you, and then adjust your profile, settings and habits appropriately. Don't worry, it's not vain if you only search your own name once a month or so.
  • TIP 1 – Beware of TMI: the five things you should never share. Social networking means opening up and sharing information online with others, but there's some information you should never share online. Protecting this information can help prevent everything from identity theft to your physical safety. Never share your Social Security Number (including the last 4 digits), birth date, home address, phone number (business phone can be an exception), and state where you were born.
  • TIP 8 – Don't violate your company's social networking policies: As blogging and social networking sites enter the workplace, so too are corporate acceptable use policies (AUP) that define boundaries for employees, contractors and the company. Data leakage incidents (loss of corporate, confidential or customer information), making inappropriate public statements about or for the company, using corporate resources for personal uses, and harassing or inappropriate behavior toward another employee can all be grounds for reprimand or dismissal. Check your corporate AUP.
  • TIP 2 – Customize privacy options: Social networking sites are increasingly giving users more control over their privacy settings. Don't assume you have to take whatever settings the site gives you. Check out the privacy sections to see your options for limiting who can see various aspects of your personal information.
  • TIP 12 – Setup an OpenID account: OpenID is an open source standard for creating a single sign-on account that can be used to access multiple online services and applications. As a framework, OpenID accounts are available from multiple providers. Companies like AOL, Microsoft, Sun and Novell are beginning to accept and provide OpenIDs. It is estimated that there are over 160 million OpenID enabled URIs with nearly 10,000 sites supporting OpenID logins.
  • TIP 5 – Control comments: Blogs are beginning to use authenticated commenting systems like IntenseDebate (acquired by Automattic, the makers of WordPress blogging software). Contact the site administrator immediately if you find someone is impersonating you on a social networking site or in blog comments. Most reputable sites will take down the impersonated content.
  • TIP 3 – Limit work history details on LinkedIn: Would you put your full resume online for everyone to see? Probably not. It would be too easy for identity thieves to use the information to fill out a loan application, guess a password security question (like hackers did to Sarah Palin's account) or social engineer their way into your company's network. Limit your work history details on sites like LinkedIn and sites like it. You can also expand details while job hunting and then cut back after you are hired.
  • TIP 10 – Forget the popularity contest: Put a number on something and suddenly you have a competition. The person with the most "friends" isn't necessarily the winner in social networking, unless of course you are running for president or you are in some type of media business. More friends means that more people, including strangers, now have access to more of your information. If you only friend people who really have become your friends then your personal information will be less of a target for misuse.
  • TIP 11 – Create a smaller social network: There's more to social networks than MySpace, Facebook and Twitter. Self-forming communities can often grow better around very narrow topics rather than getting lost on the bigger sites. You may be better served creating a smaller, more focused network using tools like Ning, or Meet Up to organize a get together. IT also helps build closer relationships among community members.

  • Mitchell Ashley is a security expert and social networking junkie. He brings you 12 tried-and-true tips for staying safe as you mingle in the online world.

Show Comments
Security Watch
Back to top

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?