Information security in social media

The focus of this page is on social media, particularly from the point of view of information security and privacy at the university. Read more about social media in the additional reading for this study material.

In recent years, online communication has changed as services based on networked communication have emerged and even replaced some of the more traditional means of online communication, such as e-mail. These services are often called by the umbrella term social media. Especially Facebook is used around the world for both private and commercial communications.

Social media services can be very useful for study and work purposes as well as other communication. However, you should always keep in mind that communication in these services is rarely private. This is why social media – as well as other means of communication – can have unwanted consequences to thoughtless actions that were deemed harmless at the time.

some2015

Information security and privacy protection in social media

As communications in Facebook, Twitter or other similar services are rarely limited to two parties, you should always consider the audience of your message and the way you present it.

The same is especially true for pictures: if you upload pictures to the Internet, always consider what kind of pictures they are, who are in them, and who you and the other people involved want to display them to.

Limiting visibility

In many services, it is possible to hide messages, photos and other information behind a password or restrict their visibility to a limited group. It is a good idea to think twice before sharing photos of the crazy afterparty of an academic dinner with your mother-in-law or a future employer – not to mention complete strangers. Remember to review the privacy settings of the services you use and adjust them to your needs.

You should also keep in mind that legislation concerning privacy applies to publishing photos of people online. Always ask the people in the photos for permission before you publish them. In particular, you cannot publish the names of people in pictures that are displayed to the world without their permission.

Scams and malware

Social media is no exception to the rest of the Internet when it comes to scams and malware. Scammers and criminals try to exploit the feeling of familiarity and safety related to social media in many different ways:

  • infiltrating people’s social circles by posing as a person they know
  • spreading malware or similar programs through an attractive link on a circulating message
  • forwarding malware or personal information in the form of a game, a competition, a survey or a quiz

The picture above shows a scam message circulated through social media. If a user clicks the link, they will be targeted by malware, a phishing attempt or a similar attack.

Your online footprint

Regardless of privacy settings, some social media services reserve extensive rights to use the information and photos provided by their users. You should always read the terms of use of the services you use to ensure that you know what you are agreeing to!

Finnish experts on information security have compiled the Pilviohje wiki to make it easier to assess the usability, safety, and terms of use of online services. By reading the wiki you can get an idea about what kind of problems may be related to different services, even popular ones.

Unfortunately, some services have developed a habit of changing their terms of use “on the fly”, sometimes even without separate notice. The changes may serve to weaken the privacy protection of users. Deleting your user account may also turn out to be harder than expected: some services have hidden the user account deletion behind a number of steps, and the service may retain the right to use the information and files you have provided even after you have deleted the account.

As identity theft and similar activities are becoming more and more common, it is particularly important to keep track of what kind of information concerning you is available in the open web. For instance, a malevolent person might be able to take an instant loan of several hundreds of Euros in your name by combining pieces of information you have carelessly provided to different sources.

When you upload personal information or photos of yourself or other people on the Internet and make them freely available to everyone, you should always keep in mind that you might lose control over how they are used.

It is particularly important that you review the terms of use of all applications you use: regardless of privacy settings, many services reserve the right to collect, use and distribute the information and files of their users as they deem fit. The only way to prevent this activity is to not use services that do not respect privacy!