Door number 4

What activities in social networks have to do with IT security

Many people make and maintain contacts via the internet, sharing photos and videos online with family, friends and colleagues. They create a personal profile on Instagram, TikTok, Facebook etc., which, in addition to basic information about themselves, can also contain information about hobbies, family relationships or professional careers.

Social media are full of the exchange of information, photos of friends and videos from vacations. This massive amount of data also brings risks that you should be aware of. Then you decide by yourself where and when you disclose information and which services you do or do not use.

What is dangerous about leaving a lot of data about yourself on the internet?

Once data, images or texts are on the Internet, you have lost control over them. If something has been shared online, you can't get it back. It is almost impossible to delete something completely on the Internet, because you often don't know who has already seen, shared or even saved the data.

In addition, videos, texts and especially images can be published by third parties on other sites on the Internet or misused for other purposes.

Identity theft is one of the risks of the digital age. Criminals take over the identity of another person in order to impersonate them, communicate in their name, or possibly misuse them for criminal offenses or illegal online transactions.

To do this, it is often enough to copy a person's profile picture and name and create a new user account. The more information the criminals find about you in social networks, the more genuine they can make look the fake identities.

Another variant: the criminals hack existing real user accounts and take control of them.

If it is publicly visible on the Internet that you are a member of a certain social network and, for example, your name and e-mail address can be viewed, criminals can use this to send you targeted phishing e-mails, such called spear phishing. And again, the more information an attacker has about you, the better and harder the attacks are to detect.

Then, for example, you receive a fake email from the social media provider asking you to check your data. Attached is a link that leads to a fraudulent page. If you enter your access data there, they are in the hands of the criminals.

Cyber criminals often send messages that contain a link to manipulated websites. Malware is then spread via these pages. A well-known example of this is the “Koobface” worm, which was spread via Facebook and MySpace. From previously infected accounts, invitations were sent to other users to watch a video. When the recipient clicked on the link, they were redirected to a fake Facebook or YouTube page, where they were prompted to download the Flash player. Behind the offered download was the worm, which was able to spread further and further.

Those who know a lot about you and your interests can formulate messages that interest you and are more likely to entice you to click.

Every social network offers numerous settings to protect your privacy. Use them especially if you want only your friends to see your profile and posts. You can also set search engines to ignore your profile. The less personal data you publish, the less of a target you are for criminals who want to take over your digital identity, for example.

Only include people you know in your friend or contact list and by whom you are sure they are authentic user profiles. If you receive dubious contact requests from friends ask outside social networks about the authenticity of these messages.

If you want to close an account, back up your data outside the network if necessary and then delete it from the account. Follow exactly the provider's procedure for deleting the user account. In some cases, this also includes not logging back in within a certain period of time.

When registering for a service, only disclose as much of yourself as is absolutely necessary. And: Is what the service considers necessary really necessary? For example, you should hide your date of birth, if possible. If data is requested that you do not want to provide, consider whether you really want to use the service or whether there might be an alternative.

Social networks are operated by profit-oriented companies, most of which finance themselves through advertising. The general terms and conditions (GTC) provide information about how the provider handles your personal data and how it is passed on to the advertising industry. Familiarize yourself thoroughly with the GTC and data protection regulations before you create a profile.

Some social networks grant themselves rights of use to your publications. This means, for example, that you transfer the rights to use your photos and videos to the operator of the social network. It is also quite common for granted usage rights to remain in effect even if you leave the network and delete your profile. Before publishing, consider whether you want to share the rights on your images and texts.

Secure passwords are an important part of personal IT security. The longer a password is and the more character types (upper and lower case letters, numbers, special characters) a password contains, the more difficult it is to crack. See also door number 2.

No password should be related to your family, hobbies, job, etc. This is especially true if there is a lot of information about you in social networks.

And: Set a separate password for each of your online accounts. If one account is hacked, the others are still protected. Password managers can help you create and remember passwords. See door number 3.

If you use social networks via apps, always make sure that you use the latest version and install (security) updates immediately or even (semi-)automatically. Install apps only from official and secure sources, such as the official app store on your mobile device.

This page is largely composed of information and texts taken from the websites of the German Federal Office for Information Security (BSI) on the subject of security in social media security in social media.