Cyber security and social media

Social media has become a way of life for many people. But, as with anything else online, it’s important to be aware of the risks.

We use it to keep in touch, plan events, share our photos and comment on current events. It’s replaced email and phone calls for a lot of us. But, as with anything else online, it’s important to be aware of the risks. Check out our advice on how you can keep your social media accounts safe and secure.

Look after your logins

One of the great things about social media is staying connected wherever you are. However, it’s important to think about where and how you log in to your accounts. 

  • Use bookmarks or favorites to access social media sites, or type the URLs into your browser. Don’t access your accounts through links that someone else has sent you, or links on other websites. These could lead you to fake sites, allowing attackers to access your personal details or even install malware on your device.
  • Make sure your browser or website doesn’t store or remember your login details on shared or public devices, like library computers or shared tablets. If you do, and someone else uses that device, they’ll get access to your social media accounts too.
  • Be cautious of logging in to your social media accounts using a hotspot or free WiFi — if you’re logging on at a cafe, for example. These networks are ‘untrusted’. That means it’s possible that others could see what you’re doing when you use them.
  • If you access your social media accounts through an app on your phone or your tablet, make sure you lock it when you’re not using it.

Keeping your mobile phone safe and secure

Use strong passwords on your accounts

Using strong and unique passwords for each of your social media accounts is one of the easiest ways to keep them secure. Here’s what you need to do.

  • Use a different password for each of your social media accounts. Don’t use the same password for your Facebook account as you do for Instagram, for example. That way, if someone gets access to one of your account passwords, they won’t get easy access to your other accounts as well.
  • Make your account passwords long and strong. Short sentences make the best passwords as they’re easy to remember. For example, a string of four or more random words is just as strong as a 10 character password that uses a mix of numbers, letters and symbols.
  • Don’t use the information you share on your social media accounts to create your passwords — this information is easy for attackers to find out. For example, if you share pictures of your dog online, make sure you don’t use your dog’s name as your password too.
  • Don’t share your passwords with anyone — not even your partner, your parents, or your children.

If you’re worried about remembering all of your passwords, try using a password manager which will store and manage them for you. That way, you’ll only need to remember the login details for the password manager itself. 

How to create a good password

Keep your data safe with a password manager

Update your privacy and security settings

Get to know the privacy and security settings for each of your social media accounts — you’ll find them in your account settings. Think about who you want to see your profile, and what kind of information you want them to see. Check your settings regularly too. They’re often updated, so review them from time to time to make sure that nothing’s changed.

Protect your privacy online

Tip: Turning on two-factor authentication (2FA) is another way to protect your social media accounts. For example, you can use an application on your phone that generates a unique code each time you log in. It means that even if someone gets access to your account passwords, if they don’t have your phone to get the code they can’t complete the log in and get into your accounts. You can usually find the option to turn on 2FA in your profile settings.

Use 2FA to protect your accounts

Be smart about making friends

Only accept friend invitations from people that you know in real life. This means someone you know personally, or someone that you know is a real person, like a celebrity or public figure.

You can identify the authentic social media profiles of celebrities, public figures and businesses by looking out for verified accounts. Verified accounts usually have a blue tick next to the account name to let you know it is an authentic account. These are often verified because they have a high likelihood of being impersonated.

Remember that if you don’t want to be friends with someone, or let them see what you’re posting on social media, you can block them.

Watch out for scams

Scammers use social media to try to trick people into giving away their personal details, financial details, or money. When you’re using your social media accounts: 

  • Be on the lookout for social engineering and scams on social media. Social engineering is when an attacker:
    • gains a person’s trust and tricks them into giving them access or information they shouldn’t have
    • researches a person and gets enough information to be able to either guess their passwords, or get them reset.
  • Be wary of opening links and attachments in social media. Links asking you to visit another website to claim a free offer or a prize are often scams. These can be used by attackers to get hold of your personal details, or even install malware on your device. Think before you click — if something sounds too good to be true, it probably is.
  • Be cautious if a friend on social media asks you strange questions — if they ask for personal details or ask you for money, for example. It could be a scammer who’s asking, not your friend. The scammer may have created an account to impersonate your friend, or your friend might have lost access to their account. If this happens, contact your friend through another channel, like over the phone or in person, and ask them about it. If it is a scam, you should be able to report the account.

Remember that what goes online, stays online

When posting to social media it’s a good idea to think about who could see the things you post other than your friends and family. For example, potential employers could see what you post online. Social media provides as much of an opportunity to create a positive online reputation as it does a negative one.

If you are posting online:

  • Don’t reveal too many personal details on social media. ‘About me’ fields are optional — you don’t have to fill them in. 
  • Don’t share anything that could embarrass you, or someone else you know. Only share things that you’d be happy for anyone to see, or that you’d be prepared to say in real life. Keep an eye on what others post about you too.
  • Remember that Twitter is open to everyone by default — anyone can see what you’re posting

  • Remember that anything you post online stays online, so think before you post.

Close your old accounts down

If you have any old social media accounts that you don’t use anymore — remember Myspace? — close them down. Don’t leave your personal information out there unused and unloved. Otherwise, you run the risk of someone else using it without your knowledge.

Visit CERT NZ for more information. 
Visit ACSC for more information.