Digital privacy 101
Social media best practices
Social media accounts do more than help us connect with friends and family. These days, many of us use social media even more than we realize: to read the news, find jobs, buy secondhand furniture and electronics, and similar.
Plus, many other online accounts allow you to use your social media credentials to log in, meaning that this handful of accounts can be tied to a significant portion of your online presence.
While social media adds convenience to our lives as a source of digital connection and authentication, it also introduces cyber risk in our day-to-day Internet use. For example, if any of your social media accounts are hacked, cyber criminals can wreak havoc across your connections and other accounts.
Here’s what you need to know about social media vulnerabilities and how to protect yourself.
Main social media account vulnerabilities
Informing yourself about the vulnerabilities of social media and how hackers exploit them can help you be smart when using and enabling your accounts.
Most social media risk relates to how you log in to those accounts and the type of information you share on them.
Social engineering and phishing
Social engineering and phishing are major cyber threats across the board, both for individual Internet users and for businesses. For that reason, it’s worth educating yourself about these fraudulent practices, both to protect yourself from social media hacking and to increase your overall safety online.
What is it? In short, social engineering is a form of fraud in which cyber criminals pose as legitimate actors or institutions in order to trick victims into clicking on malicious links or sharing private information (like social media login credentials). Criminals can commit social engineering via any contact method, including direct messages on social media accounts, SMS or text messages, phone calls, and emails.
When social engineering happens via email, it’s called phishing, and this is the most common form of social engineering. Hackers will go to great lengths to successfully carry out social engineering and phishing attacks, creating email addresses and URLs that appear legitimate and sending messages that imply urgency.
If you receive a message via any platform indicating that any of your online accounts have been compromised, including social media, be wary. This is often how hackers will trick victims into clicking malicious links or sending sensitive information, which then grants them accounts to social, financial, medical, or other accounts.
How to stay safe: Be cautious where you click, and be wary when you receive messages with a sense of urgency. To be as safe as possible, save the login page URL for all social channels on your browser’s bookmarks, and make a habit of only logging in to accounts through that link.
Even if you receive a message or email indicating that you need to log in to your account for any reason, do not click any link or input any credentials into that message. Instead, log in to your account through your saved URL.
Malware and keyloggers
Malicious links sent via social engineering messages and phishing emails often contain malware. Clicking even one malicious link can lead to malware being installed on your device and open the digital door to hackers.
What is it? Malware is a general term referring to malicious software. There are many different types, but the one that creates the biggest concern for social media security is keyloggers.
Keyloggers record a computer user’s activity on their computer, logging their keystrokes as they type and sending that data to the cyber criminal who sent the malware. You may notice no warning signs that a keylogger has been installed on your device, but if you log in to a social media account on a device that has a keylogger, then the criminal receiving your keystroke data can steal your usernames and passwords, the answers to your security questions, and read your private messages.
How to stay safe: Once again, be careful of the links you click on, and always opt to go to known and saved URL links to log in to accounts rather than logging in through links received via message or email. Additionally, install antivirus software on all devices and keep it up-to-date, and only install apps from trusted or known sources.
Weak passwords or authentication
Weak or reused passwords can be easily hacked by attackers, especially when not protected by added layers of authentication. That’s why it’s important to use multiple layers of authentication as well as strong and unique passwords not only across all social media accounts — especially those used to authenticate other logins — but across all your digital accounts in general.
What is it? Hackers can gain access to your passwords through a variety of methods, especially when you use weak passwords. The best way to protect against password theft is to enable multi-factor authentication on all accounts, but it’s also important to be aware of the vulnerabilities of certain authentication methods.
For example, SIM swap attacks are increasing in frequency. This is a type of cyber attack that exploits phone-based authentication, allowing attackers to remotely reset passwords by re-routing your phone number to a SIM card in their possession.
How to stay safe: Always use strong and unique passwords for all accounts, but don’t rely solely on passwords to keep accounts safe. Implement multiple layers of authentication on every social media account (and, ideally, all other accounts). But be sure to pay attention to the type of authentication you use! Biometrics like fingerprint and facial scanning offers the strongest protection, while phone- and SMS-based authentication are the weakest.
Public WiFi
Cyber safety means being smart about WiFi network usage.
Any time you use public or unsecured WiFi — such as at an airport, library, restaurant, venue, or other public space — be sure to avoid logging in to any accounts, especially sensitive ones like social, financial, and medical.
What is it? Public WiFi is convenient, but you shouldn’t use it how you use your own private network at home, because you have no control over the security settings in place. If settings are weak and you log in to any fully or partially unencrypted site, hackers on the network can easily access your login credentials and other private information.
How to stay safe: If you need to log in to any of your accounts in public, opt to use your device’s data rather than connecting to public WiFi. It’s always safest to assume that any public network is unsecured, so you should default to being cautious.
If you do need to connect to public WiFi — like if you’re out of data, you’re traveling abroad, or for any other reason — then you should be sure to use a strong VPN that offers encryption.
Social media best practices to avoid getting hacked
Being aware of social media threats is only half the battle. Here are the cyber safety best practices that can help you avoid getting hacked:
Use secure password management
Your password is your first line of defense on all your accounts, so be sure to always use strong, unique passwords on every single account.
Even though it’s appealing to make your life easier by reusing passwords or using ones that are easier to remember, this also makes it easier for cyber criminals to hack into your accounts. Additionally, avoid saving your passwords on your browser or device — this isn’t very secure. Opt for a password manager service, but also keep in mind that password protection is not sufficient as standalone protection on accounts, even if you use strong ones.
Implement strong MFA
In addition to using secure and protected passwords, implement other layers of strong authentication on all social media accounts.
But keep in mind — the method of authentication matters! Opt for biometrics whenever possible, and avoid phone-based authentication due to the dangers of SIM swap attacks. If you use security questions as authentication for any accounts, be sure that you never post information on your social media accounts that could help a hacker guess the answers.
Review account permissions
You may be surprised by the permissions enabled on your social media accounts, especially if you currently or have used your social media logins to access other online accounts.
Take time to go through all your social accounts and check the list of apps that have been granted access — they can add up quickly. Remove any that are outdated, ideally keeping permissions as minimal as possible.
Keep browsers and apps up-to-date
Tech developers often patch vulnerabilities as they arise, and these patches tend to be baked into regular software updates. For that reason, it’s important to always update your browsers, apps, and devices whenever updates become available.
Use antivirus software
This is pretty basic and self-explanatory, but it’s easy to overlook. Be sure to install modern antivirus software on all your devices, as it can help protect you from malware even if you’re duped into clicking on a malicious link.
What to do if you think your social media is hacked
If you’re the victim of a social media cyber attack, there are a few steps you should take to bolster your security and important safety measures to implement to prevent the damage from spreading too far.
Change your passwords
This is the very first step.
Change your password on any compromised account, but also change the passwords on all accounts — especially those with sensitive information. Ideally, you should get in the habit of updating passwords every few months, but you should definitely change passwords any time you suspect a hacking attempt.
Check where you’re logged in
Your social accounts allow you to check the locations of the devices that are logged into your accounts, and you should check this immediately if you think you’ve been hacked. Additionally, check the phone number attached to your accounts. If you see anything abnormal, like a phone number you don’t recognize, report it ASAP through the website’s customer service portal.
Damage control
In addition to taking action on your hacked social media accounts, you should also check your bank activity and credit reports to be sure that the cyber criminal hasn’t gotten access to your financial accounts.
Additionally, notify your network so that they can be on the lookout for suspicious messages from your account. Often, hackers who get into a social media account will use that as a platform for social engineering, sending out malicious links via direct message that appear to be coming from a legitimate source.
