Recent revelations about government snooping have led to growing concern about privacy. Many people feel uncomfortable about the thought of 'big brother' being able to routinely intercept e-mails, text messages etc. For some people, this concern extends to actions carried out by providers of online services - for example, Facebook's updated Android app requests permission to read SMS and MMS messages (in order to implement two-factor authentication, according to Facebook).
Nevertheless, the Internet has become an integral part of our lives. More and more of what we do is dependent on it - banking, shopping and socialising. Increasingly, we use smartphones and tablets to do all these things and more. These days - you name it, there's an app for it! Of course, this makes our lives a lot easier. But at the same time it also exposes the minutiae of our daily lives to those who have the ability to gather the data that we share - whether its' our personal communications, our buying preferences, even our very whereabouts.
It's not simply a case of what prying eyes can see as our data travels over the Internet, it's also the mass of information that we choose to put into the public domain for all to see. If you post a 'morning after the night before' selfie on your Facebook wall, it may just be something you can laugh about with your friends, but what if your boss sees it, thereby discovering why you didn't turn up for work today? Or what about when you announce to the world, in a tweet, that you're about to go on holiday for a fortnight to Tenerife. It's nice to revel in the thought of two weeks off, of course, but what if by aggregating data about you from several places on the Internet; a criminal knows where you live? You've just told them that the house will be empty for two weeks!
It's not just the personal consequences of our over-sharing that we need to think about. Our over-sharing in social networks could also jeopardise the security of the organisation we work for. Let's suppose that we use Twitter to moan about the features we don't like in an application our company has just rolled out. We might gain the sympathy of others using the same software, but we have also tipped off a would-be attacker that the company standardises on this application. If they have been able to develop, or acquire, exploit code to take advantage of a vulnerability in the application - they might have what they need to launch a targeted attack. And the news and gossip we share in social networks could be used to lend legitimacy to a spear-phishing e-mail, sent to us or to another colleague, that delivers the malware into the organisation.
Unfortunately, the dangers aren't always obvious, and we're even more likely to be caught off-guard when using a smartphone or tablet to go online. Since they haven't been a traditional target for cybercriminals, we're more likely to feel secure. However, it's important to avoid a false sense of security when using a mobile device, as I've discussed before. It's easy to imagine, if we use iCloud, or G Cloud, that we're safe because all our data is backed up to the cloud. But remember, if someone steals your smartphone or tablet, they get access to all your information too. Cases where having a cloud account can work against criminals (as in this case) are rare. It's just as likely that the thieves will change the password and lock you out of your own account.
So what do we do, short of closing all our online accounts? Here's my baker's dozen of secure social networking tips.
- Protect your computer using Internet security software.
- Install security updates to software on your computer.
- If you wouldn't publish something on the front page of a daily newspaper, don't post it online.
- Don't use the same password for all your online accounts - if one account is compromised, they all could be.
- If you think someone may have found out your password, change it immediately.
- If your phone or tablet is lost or stolen, change your iCloud or G Cloud password immediately.
- Review your Facebook security settings carefully, ideally restricting all sections to be viewed/shared to 'friends only'.
- Set limits to what applications can do and remove applications once you no longer wish to use them.
- Disable features unless you're specifically using them.
- Don't assume that someone is who they say they are. Remember that even a friend's account may be hacked, in which case it could be a cybercriminal that's sending you a message, or inviting you to click on a link.
- Don't think you have to be honest about personal information you declare e.g. account verification data such as mother's maiden name, date of birth, etc. often don't need to be real.
- For other online activities, use only secure web sites (check that the web site address starts with 'https').
- Don't use untrusted wi-fi networks for confidential online transactions.