Social Media Privacy Safety Kit

(Click on each infographic to view full size or download)

About this kit

This information kit and guidelines within, aims to help the reader mitigate risk by understanding how to limit personal information available on open and some closed sources. This information is often used by persons or groups with ill intent to support preparations for hostile acts and thus limiting this, significantly reduces risk. 

Anyone can be a target

Please see the separate infographics below for personal and business use of social media for specific guidelines

Kit audience 

Anyone who feels that they may be at risk by a non-professional adversary. This kit is not aimed at the information security professional, rather any “regular” social media user who may be at risk.

What does this kit cost?

This kit is offered to the public at no charge.

Why is it free?

Privacy awareness should be available to everyone and we believe it’s our social duty to help promote this.

Social Media

Social media refers to internet based platforms used for information sharing, communities, and to connect to people with similar interests. Social media can be defined as a virtual space to socialize and to both share, and gain information. 

Social media is often used for both personal and business use and thus, we encourage you to see the separate personal and business infographics at the end of the kit.

The concern

Whether a for profit offense, or to inflict physical harm, both sophisticated, and less sophisticated criminals and hostile gain tremendous amounts of information from social media. This information is critical in helping the hostile to select and harm the targets. The more information that is shared on social media, the easier it is for the hostile to profile their target, identify vulnerabilities, and design a plan to harm them. 

Much of what is posted on social media platforms enables this target “profiling”, by gaining information on location, financial status, business interests, social interests, frequented locations, preferences etc. Limiting this information makes a target much less attractive and unless specifically targeted, the hostile will usually select an easier target, with readily available information.

Direct and indirect methods

The easiest for the hostile is to simply see what information is available on social media using direct methods such as looking at what’s publicly available, or befriending/connecting with their target or people associated with the target. Available information may include the targets name, photo, home town, current town, phone number, email, check-in’s (offering predictability), interests (likes), etc. 

When the information above is limited (as it should be), the hostile may use more sophisticated, indirect methods such as befriending or connecting with friends and colleagues and seeing what information is shared with them about the target, liking posts the target is tagged in, and eventually befriending the target - once the target is familiar with them though interests, common friends, groups etc. 

What social media is covered in this?

As opposed to providing a “privacy manual” per platform, we’ve chosen to provide guidelines are applicable for any social media platform, with relevant adjustments for personal and business platforms.

Things to consider (and limit)

  • Who can find you?

    • Is your account under your real name (as per terms of use?)

    • Is your account searchable by search engines?

    • Is your profile picture of your face and available to the public?

    • Is your location visible to the public?

  • Who can befriend you?

    • Can anyone send you a friend request?

    • Can anyone see who you are friends with/connected to?

  • Predictability

    • Who can see your interests, groups, posts, likes, comments?

Limiting the above makes the social media user almost invisible to people they are not connected with in the physical world. In short, this keeps us safer - remember, privacy is more impactful than it seems.

Location

  • Are your photos automatically geo-tagged with location of the photo?

  • Consider how easy it is to find a home address, address of a friend or business partner just by extracting information from a posted photo

  • Don’t include any personal information or location indicators on your photos, especially at home/work.

    • Look closely at your photos before posting

Passwords

  • Use robust passwords and change them regularly

  • Do not use the same passwords for multiple accounts

  • As soon as you learn of a data breach on a service you use, change all your passwords 

Look deeper

  • When an unknown person send a friend or connection request, look at their profile to assess if they are who they say they are

  • As a rule, don’t befriend/connect to people you don’t personally know, but if you must:

    • Google their name, does their photo match? 

    • Do a reverse image search on their profile photo

    • When did they join the social media platform?

    • How many friends/connections do they have?

    • Watch their profile for a few days

    • Do you see them befriending/connecting to your friends/connections

Privacy and Safety Checks

  • Most social media platforms have built in privacy checks; use them, and rectify any issues

Business versus Personal Social Media Usage

  • As business use of social media is based on exposure, sharing, and often building a community, at first glance, it may seem more difficult to limit information when social media is used for business 

  • In fact, the opposite is true, using social media platforms for business usually doesn’t include personal information such as social friends, home addresses etc.

  • With that in mind, using social media for business still has potential vulnerabilities and certain steps can be taken to limit these whilst not limiting the effectivity of the business effort.