Managing Your Digital Footprint: The Importance of Social Media Security

Written By Lindsay Dumas

When considering our instinct to safeguard personal and informational security, trust is often anchored in what we can physically perceive. Tangible items like wallets, social security cards, and safety deposit box keys evoke a sense of security because we can see and touch them. In contrast, our online personally identifiable information, pictures of our homes, details about our children's schools, and insights into our family's routines shared on social media are intangible. Yet, their potential damage, when accessed by the wrong individuals, is equally severe. As technology advances, these digital aspects become increasingly susceptible to misuse and will continue to pose substantial risks.

Social media platforms have gained notoriety for utilizing and retaining the personal information and behavioral patterns of their users, primarily for micro-targeting purposes.  The flood of relevant recommended products, services, and advertisements on these platforms is not a result of fortunate guesswork but rather stems from a profitable industry. Users often unknowingly provide the requested information, contributing to a lucrative for-profit system. These platforms generate revenue by capitalizing on user-driven data collected from each account, often engaging in the sale of this information to third-party organizations. Notably, the default account privacy settings, which facilitate easy access to personal information, are pre-selected during the account creation process. Unless actively changed by the user, these settings allow continued access to personal information.

Did you know: Between January 2021 and June 2023, Americans lost $2.7 billion to scams that originated on social media, compared to a loss of $700 million to website scams and $1.8 billion to email scams, according to a report from the Federal Trade Commission.

In the digital age, privacy and security are closely intertwined. The ever-evolving sophistication of social engineering, coupled with the rapid advancements in AI that provide threat actors with an increasing advantage, underscores the critical importance of safeguarding information vulnerabilities within your social media accounts. The multitude and diversity of online threats may seem daunting, even for professionals. However, developing an understanding of how social media platforms utilize your information and recognizing the potential threats arising from the exposure of sensitive information, is a crucial first step toward proactively securing your data. To aid you in this process, we will go over the potential threats to non-secure accounts, followed by a review of how to fix those vulnerabilities and button up your social media settings.

Privacy and security threats to non-secure social media accounts include but are not limited to:

  • Micro-targeting- Social media platforms gather detailed information about users, obtained from personal and behavioral data accessed through accounts. This enables the platforms to develop marketing and advertising strategies based on information specific to an account, such as political views, relationship statuses, sexual preferences, religious affiliations, and frequently visited places. These platforms can then use the data to target users with messages specifically tailored to them, or sell the data to external advertising technology (adtech) companies.

  • Advertising Technology (Adtech)- According to Grand View Research, the global adtech market was valued at $987.53 billion in 2023, and is projected to grow at a rate of 16.1% from 2024-2030.Adtech provides a service to companies looking to generate revenue online by using results from collecting and processing information of user activity. Data from user tracking typically forms the foundation of a company ad campaign. These adtech companies also sell the data to intelligence platforms. Commonly tracked user data includes:

    • Referring sites – Where the user came from;

    • Overall experience on-sites, including mouse cursor movement;

    • Events (scrolling, clicks, views, etc.);

    • Search queries;

    • Time of each session;

    • Behavior on sites, including preferences to certain topics and interactions with the page’s content (downloads, clicks, etc.);

    • Transitions to another site through links and ads;

    • Demographics (if not blocked or obscured), including computer settings, interaction with ad content, and direct feedback (comments, etc));

    • Location Data.

  • Data Scraping- Social media data scraping involves the automated gathering of online data using pre-programmed bots. These bots navigate common social media platforms and websites, copying requested information. The collected data is then organized into a spreadsheet, database, or another document for subsequent use. It's important to note that as long as the data is deemed publicly available, the practice is considered legal.

  • Reputational damage- During pre-hire checks, employers often scrutinize a potential job candidate's social media posts for any red flags. In fact, a recent survey by The Harris Poll found that 70% of employers believe that all applicants' social media profiles should be screened, and 67% say they use social networking sites to research potential job candidates. For those using social networking to research candidates, more than half (55%) have found content that caused them not to hire the applicant. Public posts featuring questionable behavior or comments can create perceptions of unprofessionalism, unpredictable judgment, or a personality that may not align with the company culture, among other considerations.

  • Cyberattacks - Threat actors can utilize personal information found on social media accounts to enable several different types of attacks, including malware attacks, phishing attacks, and social engineering attacks. 

  • Data breach- A data breach is characterized by the unlawful and unauthorized acquisition of personal information, jeopardizing the security, confidentiality, or integrity of such data. The definition of personal information typically varies based on state law.

  • Credential theft- Credential theft allows criminals to reset passwords, lock victims out of their accounts, download private data, gain access to other computers in the network or wipe the victim's data and backups.

  • Social media impersonation- Social media impersonation is a form of digital identity theft where a cyber-criminal or scammer creates a profile on a social platform using personally identifiable information stolen from an individual, such as their name, location, and photograph. The initial step involves manipulating the victim’s contacts into believing that the fake profile belongs to someone they can trust. Once this trust is established, the perpetrators exploit those who interact with the fake account, soliciting things like money, information, or even attempting to discredit the legitimate account owner.

  • Identity theft- Identity theft and identity fraud are terms used to refer to all types of crime in which someone wrongfully obtains and uses another person's personal data in a way that involves fraud or deception, typically for economic gain.

Understandably, the array of potential threats can be overwhelming. The good news is that there are simple and straightforward steps you can take right now to significantly reduce your exposure to these risks.

The first place to start is account privacy, which is typically set to public by default. Navigate to the settings section of each major social media platform and switch your account from public to private. Also, set up two-factor authentication using an authenticator app for extra security. 

Take Note:

Facebook- One nice feature of Facebook is that you can choose to hide comments containing certain words, phrases or emojis from your profile. Under Profile and Tagging, you can customize that list to reflect your preferences. Go through the rest of the settings in this category while you are there and make sure to toggle Yes to Review Posts and Tags to your account before they can appear on your profile.

LinkedIn- We suggest staying away from All LinkedIn Members whenever possible, especially for things like Who Can See/Download Your Email Address, or Profile Discovery Using Phone Number under the Visibility of Profile and Network section. 

Instagram- Consider creating a Close Friends List, accessible through Account PrivacyWho Can See Your Content. This adds the option to share more personal posts to only Close Friends, which would ideally be a small, carefully curated list of safe close friends and family. 

X/Twitter- The Settings and Privacy section are more difficult to find on  X.  On the bottom left column of the landing page menu click on More. This will bring you to Settings and Privacy. Find Account Information and make sure you have the Protect Your Posts and Protect Your Videos option enabled. In Apps and Sessions you can also ensure  that the third party apps with access to your account are ones you have given permission to.

A proactive approach to your digital privacy and security can prevent you from becoming a target of such threats. Secure your accounts today to ensure a safe and continued enjoyment of these platforms in the future. If you are curious as to how a threat actor could use publicly available information against you and how to further your online security, please send us a message.


Lindsay Dumas
Previous

Romance Scams, Ransomware, & Virtual Kidnappings: Exploring 2023 Crypto Crime Trends
Next

Optimizing Event Security: The Importance of OSINT