You may well be using various social networking sites to promote your new business, but are you exposing yourself (and the company) to identity theft and malware attacks in the process?
In March 2010 my company published results from a survey of over 1,100 members of Facebook, LinkedIn, MySpace, Twitter and other popular social networks. It showed an increasing awareness among social network users of how to keep personal information private, BUT it also revealed how they still put their identities and sensitive information at risk. For instance, 28% of respondents never changed their default privacy settings and over 60% published their date of birth (a key piece of information for identity theft).
What can you do?
To help business owners understand and protect themselves while online, here are some tips as a guide for safer social networking:
- Make personal information private -- Protect yourself by updating privacy settings on all your profiles to restrict or omit access to any personal data. Users of popular geo-location services that allow you to share where you are should be especially careful not to disclose your location to the wrong people.
- Read between the lines -- Familiarise yourself with the social networks’ privacy options to ensure you’re taking advantage of any enhanced security features.
- Think before you click – You and any employees might know not to follow a link in an email message from an unknown source, but if that link appears in a message from a social networking “friend” or in a tweet from someone the employee is following, it might be a different story. A bad link would result in malware being downloaded to your company network.
- Protect your password -- As a critical line of defence, it is more important than ever for you to choose passwords wisely, and make them different from one site to the next. Incorporating numbers, letters and special characters like !, $, and * into your password makes it stronger. Microsoft has provided guidance on protecting your account.
Use a free password generating tool like LastPass if you can’t come up with a good one yourself. I’d also recommend changing your password at regular intervals, and never use the same password at more than one site.
- Suite security -- Protect your PC with an internet security suite that includes antivirus, antispyware and firewall technologies. Remember to schedule updates daily and to scan the whole machine for malware weekly.
- Always automate software updates -- If you’re already using anti-malware software, be sure to install updates which include the latest malware definitions. Do the same with updates to your operating system, web browser and other key applications. However, watch out for fake software updates like emails that purport to be from Microsoft or Adobe which require you click on a link to update your computer. Try using Secunia PSI, a free tool, to double-check that any automatic update is genuine.
- Check shortened URLs – Especially on Twitter with its 140 character limit, and Facebook, the use of URL shortening has exploded. But these anonymous links can lead to a malicious payload. If you use TweetDeck then set it to display a preview of the shortened link including the full URL , its page title and number of visitors. Also most web browsers offer a plug-in that shows you the long version of the URL when you hover over a shortened link.
Jeff Horne, director of Threat Research at internet security software supplier, Webroot (www.webroot.co.uk)