Social networking sites allow you to express yourself and keep in touch with coworkers, associates, friends by exchanging messages or comments and posting personal profiles describing you and your interests.
If practiced safely, there can be many positive aspects of social networking. You can connect with friends and other like minded individuals. However, you should understand how posting too much information on your profile and communicating with people you’ve only met online can put you in potential danger.
Comments made online as a representative of your employer that are deemed detrimental to your employer may result in disciplinary action up to and including termination.
DID YOU KNOW?
Some sites and services ask you to post a “profile” with sensitive information such as your age, sex, hobbies, and interests. While these profiles help you connect and share common interests, potential exploiters can and do use these profiles to search for victims.
Users may pose as someone else, essentially pretending to be a different person or a person of a different age, without others knowing. Unfortunately, these types of individuals have taken advantage of the ability to falsely represent themselves online via social-networking profiles, in order to entice or sexually exploit users.
You can’t “take back” the online text and images you’ve entered. Once online, “chat” as well as other web postings become public information. Many web sites are “cached” by search engines, which means that photos as well as text can be retrieved long after the site has been deleted.
Users have been denied entry into schools; social organizations and even denied employment because of dangerous, demeaning, or harmful information found on their personal sites or blogs.
- Never post your personal information, such as your phone number or address.
- Be aware that information you give out in blogs could also put you at risk of victimization. People looking to harm you could use the information you post to identify you or gain your trust. They can also deceive you by pretending they know you.
- Never give out your password to anyone other than a trusted long time friend.
- Only add people as friends to your site if you know them in person.
- Never meet in person with anyone you first “met” on a social networking site. Some people may not be who they say they are.
- Think twice before posting your photos online. Personal photos should not have revealing information, such as employer names or locations. Look at the background of each picture to make sure you are not giving out any identifying information without realizing it. The name of a mall, the license plate of your car, all contain information that could potentially reveal your location. And never post sexually explicit or provocative photos of yourself or your friends.
- Never respond to harassing or rude comments posted on your profile. Delete any unwanted messages or friends who continuously leave inappropriate comments. Report these comments to the networking site or Internet Service Provider if they violate that site’s terms of service.
- Check the privacy settings of the social networking sites that you use:
- Set privacy levels so that people can only be added as your friend if you approve it.
- Set privacy levels so that people can only view your profile if you have approved them as a friend.
- Remember that posting information about your friends could also put them at risk. Protect your friends by not posting any names, passwords, ages, phone numbers, employer names, or locations associated with them. Refrain from making or posting plans and activities on your site. This should include vacation plans that may indicate you will be away from home for an extended time.
- Because users often post detailed and specific information about themselves on social networking sites (such as phone numbers, addresses and work schedules) they can be more easily stalked by strangers.
- Always remember that what you post online is not private. Employers as well as others may go online and find out things about you – from your profile, or from someone else’s. Some users have lost jobs because of information posted online.
- It is extremely important that you understand how Facebook applications work and how to change your privacy settings in order to share only the information you want to share. WiredSafety has created this tutorial that explains these applications and how you can adjust your privacy settings at Facebook. Please see that link under the Additional Resources at the end of this document.
Webcams, microphones, and digital cameras allow you to post videos, photos, and audio files online. This equipment allows the user the ability to engage in video conversations with a variety of individuals.
DID YOU KNOW?
Webcam sessions and photos can be easily captured, and users can continue to circulate those images online. In some cases people thought they were interacting with trusted friends, but later found that their images were either distributed to others or posted on different web sites.
Use webcams or post photos online only if you are dealing with a trusted friend.
Ask yourself if you would be embarrassed if your friends or family saw the pictures or video you posted online. If the answer is yes, then you need to stop.
Be aware of what is in the camera’s field of vision and remember to turn the camera off when it is not in use.
Be careful about posting identity-revealing or sexually provocative photos. Don’t post photos of others — even your friends — without permission. Remember, once such images are posted, you give up complete control of them and you can never get them back.
INSTANT MESSAGING, CHATROOMS, MESSAGE BOARDS & EMAILS
Instant messaging (IM) is an easy way to stay in touch without having to wait for an E-mail response. You type a message and click “send.” That message instantly appears on another person’s screen wherever he or she happens to be. You can exchange instant messages on computers and cell phones or between computers and cell phones or any other Internet-connected devices.
Like chatrooms, you need to be careful about whom you IM with and what you type. Never give out any personal information in an instant message unless you are 100 percent sure of who is receiving it. Some instant message services make it possible to exchange messages with several people at once — just like a chatroom. So make sure you know everyone on your IM list.
DID YOU KNOW?
Some instant messaging software can be used to send your picture — in real time — along with your words. Be careful about your privacy and take steps to protect it. Remember don’t send anyone your photograph online.
Some services encourage you to post a “profile” with sensitive information such as your age, sex, hobbies, and interests. These profiles can help you meet similar people, but they can also make you the subject of harassment, even if you don’t post your name and address or other information. If you don’t have a public profile, you’ll be safer and avoid a lot of hassles.
Be sure you know who is receiving the IMs you send. Even if you do know the recipients, anything you type can be forwarded to other people. There is no way to “take back” something once you send it. Be careful about using video or digital cameras and sending images of yourself during an IM session. Remember, you don’t have to respond to any messages especially if they are rude, annoying, or make you feel uncomfortable.
SITUATIONS TO AVOID
There are chatrooms, newsgroups, web sites, and other places online containing things that may make you feel uncomfortable. It may be sexual and/or violent in nature. It may be hateful, repulsive, or unpleasant. It really doesn’t matter what it is. What matters is that you have the right, and the tools, to leave any area where you feel you shouldn’t be
Be especially wary of any “get rich quick” schemes. These can promise to help earn you lots of money in your spare time, offer to help you lose weight quickly, or promise to enhance your appearance. If something sounds “too good to be true,” it probably is. Participating puts you at risk of giving up your privacy and your family’s financial security..
The most serious risk you can face involves the possibility of someone using information posted about you — or information about where you go online — to harm you. The number of users who are molested or abducted as a result of contacts made on the Internet are relatively low, but when it happens the results can be tragic.
Online enticement of children for sexual acts is a serious offense. If you are approached in this way, immediately report it to the CyberTipline at www.cybertipline.com or by calling 1-800-843-5678.
HARRASSMENT AND BULLYING
When you’re online, especially in bulletin boards or chatrooms, you may get messages that are mean or hurtful. Don’t take it personally. The best thing to do if you encounter such messages or people who send them is to ignore them. If someone sends you messages or images that are indecent, lewd, or obscene with the intent to abuse, annoy, harass, or threaten you, report it immediately to the Internet Service Provider.
Avoid anything that may hurt or offend people. Don’t risk getting into trouble. You need to respect other people’s privacy, so don’t do anything to annoy, harass, or hurt other people. Remember that you are responsible for your behavior online.
Online enticement for offline sexual activities. (No one should be making sexual invitations to you online – and it’s an especially serious crime for adults to do it.)
The most important thing to remember is that when you’re online in any kind of a public forum, anyone can read what you post. You should also remember that people you first “meet” online may not be who they seem to be.
KEEP YOUR IDENTITY PRIVATE
If you’re communicating online, avoid giving out your full name, your mailing address, your cell or home phone number, the name of your employer, or any other information that may help someone determine your actual identity. The same goes for your family and friends. Never reveal anything about other people that may possibly put them in danger.
Always remember what you post online is not private. Employers, and others may go online and find things about you – from your profile or someone else’s. Some users have even lost jobs because of information posted about them online.
MEETING IN PERSON
It is dangerous to get together with someone you first “met” online. Remember, you never know if people you first “meet” online are who they say they are. If you want to meet with someone, discuss it with a trusted friend first, and never go to the meeting by yourself. Arrange to meet in a public place like a coffee shop or mall that you are comfortable with. Both of you should bring a friend along on the first meeting.
Never respond to E-mail, chat comments, instant messages, or newsgroup messages that are inappropriate or make you feel scared or uncomfortable.
If you get a message like that, don’t respond. Instead, show it to a trusted friend and report the incident to your Internet Service Provider if appropriate. Sending a response just encourages the person.
TALK TO YOUR FRIENDS
Talk to your friends and review your plans with them to get a second opinion.
Regardless of whether your friends are Internet novices or technology gurus, there may be things you know about the Internet that they don’t. This is a great opportunity for you to show them what you do online and, maybe even, help them get more out of the Internet themselves.
WHAT TO REPORT
- Anyone you don’t know who asks you for personal information, photos or videos.
- Unsolicited obscene material from people or companies you don’t know.
- Misleading URLs on the Internet that point you to sites containing harmful material or information other than what you were originally looking for.
- Anyone who wants to send you photos or videos containing obscene content of individuals 17 years of age and younger. (The possession, manufacturing, or distributing of child pornography is illegal.)
- Online enticement for offline sexual activities. (No one should be making sexual invitations to you online. This is an especially serious crime for adults.)
If any of the scenarios above happen to you or a friend, immediately contact your internet provider.
QUICK TIPS FOR KEEPING YOURSELF SAFE ON SOCIAL NETWORKS
- Put everything behind password protected walls, where only friends can see
- Protect your password and make sure you really know who someone is before you allow them onto your friends list
- Blur or morph your photos a bit so they won’t be abused by cyberbullies or predators
- What you post online stays online – forever!!!! So thinkb4uClick!
- Don’t do or say anything online you wouldn’t say offline or at the office
- Protect your privacy and your friends’ privacy too! Make sure to get their okay before posting something about them or their picture online.
- Check what your friends are posting/saying about you. Even if you are careful, they may not be and by doing so they may be putting you at unnecessary risk.
- What you think you see on line may not be exactly what you get! You never know!
- Unless you’re prepared to attach your Facebook/MySpace etc. to a job application…don’t post it publicly!
- Employers take the images that users are portraying on social networking sites very seriously. They look at these images as a reflection of your personal character.
ADDITIONAL RESOURCES FOR SOCIAL NETWORK SECURITY
Higher Education Resources
Cornell: Social Networking
Indiana University: Knowledge Base Article on Social Networking
NDSU: Student Affairs Statement on the Use of Virtual Social Networks, Faculty and Staff Training and Awareness, What’s Your Virtual Etiquette?
RIT: Safe Social Networking and Blogging, RIT Information Security Facebook Page, RIT Information Security Twitter Feed
University of Iowa: Social Media Use on the Internet: A Guide for University of Iowa Employees
University of South Carolina: Video on Social Networking: Security and Privacy Implications (select Security Videos under Resources)
EDUCAUSE “7 Things” Publications: 7 Things You Should Know About Facebook, 7 Things You Should Know About Facebook II, 7 Things You Should Know About Flickr, 7 Things You Should Know About Ning, 7 Things You Should Know About Twitter, 7 Things You Should Know About YouTube
EDUCAUSE Resource Page: Social Networking
NCSA: Social Networking Safety Tips, What College Students Can Do (includes social networking tips), What College Admins Can Do
Industry & Other Resources
DarkReading: ‘Robin Sage’ Profile Duped Military Intelligence, IT Security Pros
Department of Defense: Social Media Hub
Engadget: Effectively Manage Your Facebook Privacy Settings with Three Simple Lists
Focus: The Security Risks of Social Networks
InformationWeek: Social Network Security Policies Lacking
McAfee: Social Networking Threats: New Report From McAfee Labs
New York Times: “For Those Facebook Left Behind” (July 7, 2010)
NSA Fact Sheet: Social Networking Sites
OnGuard Online: Quick Facts, Social Networking Sites: A Parent’s Guide, and Safety Tips for Tweens and Teens
SANS Training: Social Engineering (in development)
Social Media Governance: Online Database of Social Media Policies
Sophos: Recommendations for Facebook Settings and Facebook Worm – “Likejacking”
StaySafeOnline.org: Social Networking Safety Tips (Word or PDF), Social Networking Safety Tips for NCSAM 2010 (Word or PDF), Social Networking – Protect Yourself (for Home Users)
UBM: 10 Social Networking Security Trends to Watch
US-CERT National Cyber Alert System Cyber Security Tips: Staying Safe on Social Network Sites (ST06-003)
Wired: Facebook Backlash Sparks Transparency Tools
WiredSafety: facebook Settings Tutorial http://www.wiredsafety.org/fbprivacy/index.htm