Your online security is up to YOU
This morning, as usual, I scanned through my Google alerts about the most recent hacks and breaches. Out of all of them, this one had my eyebrow arching almost off my forehead: “Apple and Meta reportedly gave user data to hackers forging requests.”
The article from an outlet called SiliconePublic details how clever hackers targeted accounts belonging to legit law enforcement groups and then requested emergency access to data including users’ addresses, phone numbers and IP addresses. Translation: hackers posed as law enforcement, Apple and Facebook believed them and forked over an unknown amount of very sensitive, very private user data.
This incident underlines a point that I make frequently in training sessions and posts: Your online security is up to YOU. Many consumers erroneously assume that companies like Facebook, Twitter and Apple are doing all they can to protect your online information. But it’s just not true. In fact, the social media platforms are among the worst offenders. Since the new GDPR regulations went into effect a couple of years ago in Europe, Facebook, Twitter and other social media companies have been among those that have been repeatedly cited for violations, and they have incurred millions of dollars in fines.
Remember that all companies are in the business of making money first. In the case of social media specifically, the need to protect consumer data clashes directly with the need to make money. Facebook and Twitter could make a lot more money if they could play loosey goosey with your personal data, and they are constantly trying to walk that line. They are not always successful and fail a lot more than most people think.
So with that in mind, here are five tips for users of social media to protect your own personal privacy and data. Because trust me – the platforms are not doing it for you.
Don’t fill in all the blanks. Think about your Facebook profile. There are spaces for your name, your birthday, your education, your employer. Facebook would love if you would fill all of those items in. But you don’t have to. And in fact I would advise you not to. Someone who has a fully completed Facebook profile has revealed a ton of information to not just Facebook but anyone who views their profile. Depending on your privacy settings, that can be a lot more open than you intended to be.
Think like a criminal. This is hard for most good-hearted folks, but you have to think like a criminal. If you reveal things like your personal relationships and family members online, you may be accidentally giving the crooks ammunition. Have you ever heard of a scam where someone contacts an elderly person and pretends to be a relative needing help? How do you think the crooks know your sister’s name or your uncle’s location? Don’t give them easy access to information that can become fodder for a scam.
Be suspicious of unsolicited communication. If you did not request a security code or if you receive a random text message claiming your account was hacked, do not just blindly believe what the message says. It’s hard not to panic, but you have to check that panic and use your reason. Take a deep breath and verify it. Log into your account and see if everything is OK. Check with support if you must. A couple of important notes on this one:
Always go to the source. So for instance, if I got a text message saying my Facebook account was hacked, I would go to www.facebook.com and log in there and then check. I would NOT simply reply to the message.
Do not click on any links in the message itself. This is a good way to get a virus on your machine or accidentally give the hackers access to your device.
If it’s an email message, another good indication can be the email address from which the message came – does it look like it’s legitimately from the company, or does it look weird and spammy?
Pay attention to things like the images, the logo, the branding in the communication you receive. Does it look right? Are the images pixelated? Is the logo weird? Are there typos? All of these visual cues can indicate it’s a scam.
Take advantage of the features offered. Despite what I said above, it’s not like companies offer no security features for folks. It is not the platform’s fault if people fail to use them. Remember, your information security is up to YOU. Consumers need to proactively and periodically review a couple of key things, all of which can be found in the settings of your account:
2FA. Consumers who do not have two-factor authentication (2FA) turned on are doing it wrong. This is the thing where you get a code emailed or texted to you when you sign in from a new device. If 2FA is offered, turn it on. Full stop.
Devices on which your account is currently logged in. Terminate sessions you no longer need or that don’t look familiar.
Third-party apps. These are other websites or systems to which you have granted permission to access your Facebook or Twitter account. These can be games like Candy Crush or tools you use like TweetDeck. But especially if you use the “log in with Facebook” feature on websites, there will be more here than you think. Eliminate all permissions you don’t actually need.
Passwords. Those of you who are regular readers here know that password protection is like the epicenter of my soapbox world. But the No. 1 thing you can do is to really protect your passwords.
Make sure your passwords are not easily guessable. That means no passwords that include the word “password,” a variation of your name, birthday, pet’s name, kids’ names or other easily guessable thing.
Make sure your passwords are complex. They should be LONG and they should contain special characters, upper and lower case letters, etc. The more crazy they are, the harder they are to hack. If you have trouble creating passwords, try the LastPass password generator, which is FREE and allows you to create super complex passwords up to 50 characters long.
Rotate your passwords regularly. Make it a point to change them every quarter or more often. Changing your passwords on an ongoing basis is a really good way to beat the crooks and also eliminate things like someone being logged into your account on a machine you accessed once three months ago. Put a reminder in your calendar so you don’t forget.
Consider a password management tool. The hard part about passwords of course is knowing what they are when you need them. DO NOT write them down on sticky notes or keep them in a document on your computer. Keeping them in a file on your computer is especially dangerous because if your computer gets hacked, you’ve handed over every single password. DO NOT trust the Chrome feature that offers to store your passwords in Chrome. It may be convenient, but it’s also not really very safe. LastPass and Keeper Security are my two favorite password managers. Consider using a real password tool to really amp up your password security.
If you are mindful of these five things, you will go a long way toward protecting your information online. Bottom line – think like a crook and assume that YOU have to do the work to protect your online information. No one else is going to do it for you.
Note: I am not paid to mention or promote any tools mentioned in this post.