In several aspects, your social media profile is a lot like your diary. It’s a place where you share your thoughts, but – at the same time – you need to be mindful about it and ensure that only the worthy get to see them. After all, when you confide in your friends, you expect them to keep personal matters to themselves.
Now imagine what could happen if someone were to obtain access to your social media accounts or intercept your private messages some other way. This would be the equivalent of putting your personal diary on public display! But the good news is, there are things you can do to prevent that from happening, so your social media experience stays rewarding, positive, and safe.
Below, you’ll find several tips and tricks on how to keep your social media accounts secure, so no one gets to meddle in your business:
1. Know that not all passwords are created equal
One measly password is all that stands between hackers and your personal information. While there are other measures you can take, such as two-factor authentication (which we’ll get to in a minute), it’s on you to fortify your first line of defense.
First and foremost, you should design your password to be complex and in a way that makes it as hard to guess as possible. You could either come up with one yourself or generate one with a password generator (most modern tools come with built-in functionality that does that for you).
Don’t forget to make your passwords varied and strong. This means longer than 8 characters (as many as the social media platform allows you to input), with capital letters and special symbols included. If you feel like the password would be hard on your memory, there is an easy solution that involves using a password manager. It also happens to be much safer and more user-friendly than the old-fashioned approach of writing your passwords down on a piece of paper.
At no point should you resort to reusing your passwords; every account you make should have different login credentials assigned to it. While there’s nothing wrong with using the same email address (as long as you’re using the best practices to protect the email account), every individual password you’re using should be unique.
The reason being is that you want to stay safe in the event of a breach that often results in hackers leaking every user’s login credentials and posting them in public. Such scenarios tend to turn into a giant free-for-all where would-be hackers are blindly trying out these leaked login credentials on random websites in hopes of getting in.
When people reuse their passwords, chances are it’s due to convenience. However, it comes at the expense of their security. Given how simple a password manager is to use, there’s no excuse not to keep your passwords unique, varied, and strong.
Last but not least, know the power of two-factor authentication and use it to further bolster the security of your accounts. In a nutshell, it keeps you safe even in the event of someone compromising your password. Once you’ve enabled it, any time someone tries to log in to your account, you will get a prompt to enter a string of randomly generated characters that is only valid for a couple of minutes. You will receive it through your phone or another device.
A word of caution: avoid using a work email address when signing up for social media accounts. Since you never know who besides you has access to these email addresses (and who is monitoring them), this can quickly turn into a cybersecurity disaster. Besides, to strengthen your email security keep an eye on the DMARC report and ensure no fraud happens.
2. Maintain control over who can access your social media accounts
The more people can access your account, the greater the chances of misuse, but there’s more to it than using a password manager and practicing proper cyber hygiene. The first that comes to mind is the environment from which you’re accessing your social media platforms of choice. If it’s from your home, it’s generally safe to stay logged into your accounts since an unauthorized third party would have to physically break into your room to do any damage (or take control of your browser).
However, if you’re doing so from a public computer or any device used by more than one individual, it’s a whole different story, and you should always log out after you’re done. In case of the latter, make sure never to leave the device unattended. You may be using every single tool in a cybersecurity professional’s book of tricks, but what good will that do if you’re not exercising some basic amount of caution?
Let’s be honest here: stumbling upon a Facebook profile belonging to a person who forgot to log out in a cybercafe or library does invoke a certain bit of curiosity. And not many would be able to resist the temptation to check out what lies inside.
At the same time, when you’re in a public setting, people may be looking over your shoulder as you type in the password or when you’re exchanging sensitive information online. So never forget the importance of being aware of your surroundings at all times.
Finally, be sure to use separate profiles when managing a fan page or the one dedicated to a business or find another way to do that doesn’t involve sharing your login credentials with another person. Ideally, if you want to permit someone else to operate these pages on your behalf, do it in such a way they only receive access to these specific pages and not your entire account.
For instance, using software exclusively designed for this purpose, you can grant a team member the necessary access without revealing your password.
3. Tweak your account’s security and privacy settings
Facebook and other social media platforms are dedicated to protecting your privacy. As such, they give you plenty of freedom in terms of who can view your profile, your posts, and any media you post. By going through it step by step, you can make sure that nothing slips through the cracks and that anything potentially sensitive your profile contains remains hidden from those who are not authorized to view it.
It goes without saying that you should mind what you post on an account you’re also using for the purposes to represent a brand, business, organization, or another entity. One way to address the issue would be to have more than one account; one for personal needs and a separate one for anything business-related. Another would be to be very strict about managing your posting permissions on a post-per-post basis. As luck would have it, Facebook makes it rather simple to set who has the permission to view your post.
You also have a say in whether you’d like to come up on searches when people tag you or not. For instance, let’s say you’re an avid party-goer and there are several opportunities for others to snap a photo of you holding a bottle of beer or something similar. In the professional world, your public image matters, and you wouldn’t want to be perceived as an alcoholic, so it makes sense to keep tagging disabled in this case.
4. Install security software and keep it updated
Any device you’re using to connect to the internet (which, in reality, means pretty much all of them) should have proper security software installed. This will keep you safe from malware and other threats that you may encounter online. We’ve already mentioned a password manager, but there are other recommended ones like antivirus software, firewalls, VPNs, etc. Below, we’ll briefly touch upon the benefits of each. Nowadays, AI software and models help in every case, and not only; you can also use AI for credit risk, AI in education, etc.
First off, we have the good old antivirus suites. For this purpose, you are free to choose from a small set of providers, making you almost guaranteed to have one available for your device and operating system, no matter how obscure. The only potential exception would be some very niche smartphones or old models that no longer receive support from the developers. The bottom line is, antivirus software will protect your device from malicious code that may be running on it by detecting it and removing any traces. This includes keyloggers, a subtype of malware designed for stealing passwords.
A firewall is a way to monitor your network and identify any suspicious activity that may be present. Think in terms of suspicious-looking IPs that are trying to connect to your device and even system processes that are trying to connect to an external server for unknown reasons. Using a firewall, you will once again attain direct control over what connections are allowed on a case-per-case basis. It’s also of utmost importance to ensure your website is secure in order to gain your customer’s trust. HubSpot’s free web application firewall automatically detects and removes potential attacks on your website.
Then we have a VPN. This nifty piece of software allows you to establish a secure connection to the internet, even if the network you’re using is not considered safe. As long as you keep it enabled, all traffic you send and receive through the internet will be encrypted, meaning that no one can intercept it and decipher it without the proper key. This helps you protect your IP, mask your current location, and safeguard your personal information and privacy.
Note: do make an effort to keep it all up-to-date (including your operating system). As new software vulnerabilities are discovered, this will keep you safe from hackers who unleash targeted attacks on outdated systems.
5. Proceed with caution when installing third-party software
Every third-party software you install on your system is a potential cybersecurity threat, despite what the developers claim. In fact, even reputable development companies can’t 100% guarantee their software is free of bugs and/or malware (they may not have detected it yet despite having the very best of intentions at heart).
Even so, checking the company’s reputation is a good starting point. With a little bit of research, it’s easy enough to gauge by reading user reviews online. In case there are any problems, they will be the first ones to be vocal about it.
Before installing third-party software and plugins, you should also check how often updates are released. Be wary of developers who have abandoned their projects years ago and are no longer releasing updates. Such software is likely to be full of holes and exploit-ready vulnerabilities that are ripe for the taking.
Finally, make a judgment call whether the software you’re about to install is even necessary. For instance, you may determine that a password manager and antivirus software are the bare-bones cybersecurity necessities, but you could live without that fancy new Twitter browser plugin that looks nice but offers little in terms of functionality.
Your social media accounts are as secure as the amount of time you’re willing to pour into your education. In the end, a lot of it depends on what you bring to the table.
Lucas Janssen is a long-time veteran in the field of cybersecurity who has been working closely together with multiple leaders in the industry – among them is the world-renowned password manager NordPass. Lucas mostly focuses on data security and constantly strives to promote good password protection habits on the internet.