Social media is a huge part of everyday life, and can be an exceptional way to keep up with friends and family, provide entertainment, and much more. However, due to the widespread use of social media, there are many ways that it can be manipulated as a security risk. Bad actors are constantly looking for ways to get access to your personal data, and the information presented online provides a potential opportunity for them. Additionally, with most free social media services, advertisers are looking for a way to profit from your information. Below we will provide insight on these methods, and more importantly, educational information on what you can do to stay safe online.
What information do social media platforms collect?
Social media platforms curate an experience for you by collecting information on your account. From a basic level, this information is provided by the user (name, location, date of birth and more). Once an account is created, more information on interests can be gathered by tracking what you watch, like, share and follow. This information is further curated by using cookies on your device, and by what permissions you give applications on your phone (location tracking, contact information, time zone, device type, etc.)
How do social media platforms use your information?
Social media platforms are typically a free service. As there is no upfront cost for using a social media platform, their revenue is largely generated through advertising. The information collected by social media can be sold to third-party companies for marketing purposes. This exchange makes a major profit for social media platforms by providing targeted marketing and advertisements which are more likely to be clicked.
Privacy settings are the frontline of defense in what information other people on social media can learn about you. While these settings vary from site to site, typically there is a plethora of information available by searching for “Privacy settings” on your social media platform of choice. Generally, you can enable features such as only allowing your friends or allowed followers to see your profile. This can also be locked down further so that specific details (birthday, location, etc.) are only visible to you. Some platforms allow users to create specific groups with which to share content; for example, certain photos or posts.
At one point or another, you may see a post on social media asking a series of questions. This could be a checklist of places you’ve traveled, questions about your loved ones, or about memories from your childhood. These questions, while seemingly playful, can be detrimental to your account security. Often these questions also serve as answers to account security questions. Not sharing these posts with your answers will reduce the risk of someone attempting to gain access to an account of yours.
Securing a social media account
Social media platforms require users to have a username (or email) and password, much like any other online service. There are numerous ways you can make yourself more secure, and the most important is to use a unique password for each social media platform. If someone gains access to your account on one platform, odds are they will try the same username and password combination on other platforms to see how much information they can gather.
Setting up Multi-Factor Authentication (MFA) provides an incredible level of security for accounts. MFA requires that to log into an account a user has their username, password and access to a trusted device (typically a cell phone) to provide authorization for that account to be logged in. If an account has MFA enabled, when a bad actor tries to log in, you will be notified. This helps greatly reduce the risk of accounts being compromised. More information can be found in our “Security Basics” article.
General security tips
- Only provide the bare minimum of information to social media platforms.
- Only accept follows, friend requests, etc. from people you know.
- Do not share sensitive personal information with others.
- Review your account privacy settings on a regular basis.
- Go through your contacts and followers regularly to remove unnecessary contacts.
- Use unique passwords for each account.
- Enable Multi-Factor Authentication for added login security.
- When installing an application, read what information it uses, and restrict it to the minimum amount needed.
- If an app by default requires access to too much information, do not install it.
- Do not make purchases through an in-app web browser on your phone (e.g. TikTok, Facebook, Twitter). These browsers can track entered information without user consent.
If someone you know reaches out with a second profile, confirm with them directly before communicating. Scammers often will create a duplicate profile to manipulate people.