Be Social. Be Secure.
Social media accounts are powerful tools and a great way to stay in touch with family and friends and keep up to date on the latest news. However, it’s important to know how to manage the security and privacy settings on your accounts, so that your personal information remains inaccessible to anyone but you, and your accounts don't fall into the wrong hands.
We strongly recommend using the tips below to help secure your accounts in tandem with platform-specific guidance.
1. Choose a strong password using three random words.
2. Use unique passwords for each social network.
3. Enable two-factor authentication.
4. Set your accounts to private and review the default privacy settings so you can control who sees what on your accounts.
5. Always lock your device or log off to prevent unauthorised access to your social media accounts.
6. Be careful about the personal information you reveal about yourself online. This can be used by cyber criminals for social engineering.
7. Use the block function to protect yourself from spam accounts and unwanted followers/interactions.
8. Do not click on links in posts, tweets or direct messages unless you are 100% certain that they are genuine and well-intentioned - they may be phishing attempts!
The following guidance is provided by each of the major social media platforms.
Facebook: basic privacy settings and tools
Twitter: how to protect and unprotect your Tweets
YouTube: privacy and safety
Instagram: privacy settings and information
LinkedIn: account and privacy settings overview
Snapchat: privacy settings
TikTok: privacy and safety
Two-factor authentication (often shortened to 2FA) provides a way of 'double-checking' that you really are the person you are claiming to be when you're logging in and using online services, such as social media. Even if a criminal (or someone simply looking to cause mischief) knows your password, they won't be able to access any of your accounts that are protected using 2FA.
Search online for instructions on how to set up 2FA for popular online services such as Instagram, Gmail, Snapchat, Twitter and Facebook.
Understanding your digital footprint
It's worth exercising some caution when using social media. Not everyone using social media is necessarily who they say they are. Take a moment to check if you know the person, and if the friend/link/follow is genuine.
Less obviously, you should think about your digital footprint, which is a term used to describe the entirety of the information that you post online, including photos and status updates. Criminals can use this publicly available information to steal your identity or use it to make phishing messages more convincing. You should:
Think about what you're posting, and who has access to it. Have you configured the privacy options so that it's only accessible to the people you want to see it?
Consider what your followers and friends need to know, and what detail is unnecessary (but could be useful for criminals).
Have an idea about what your friends, colleagues or other contacts say about you online.
Although aimed at businesses, CPNI’s Digital Footprint Campaign, contains a range of useful materials to help you understand the impact of your digital footprint.
Social media phishing
Phishing is when cyber criminals attempt to get unsuspecting users to do 'the wrong thing', such as clicking a dangerous or fraudulent link that will download malicious software or direct them to a website that requires them to enter personal details.
Social media is a favourite method used by cyber criminals for phishing. With over 1.3 billion people logging on to their favourite social media accounts every month, and the trust that many have in the wider community of users, social media phishing represents a rich source of income for fraudsters.
How to avoid becoming a victim of social media phishing
1. Do not click on links in posts, tweets or direct messages unless you are 100% certain that they are genuine and well-intentioned.
2. Take time to consider your actions before responding to approaches on social media.
3. Ask yourself if somebody genuine would really contact you in this way with this information.
4. Recognise threats of financial issues or offers that seem too good to be true, for what they really are.
5. If in doubt, call the correct number of the organisation or individual from whom the post or tweet claims to be from, to check its authenticity.
6. Even if the post or tweet seems to come from someone you trust, their account may have been hacked or spoofed.
7. If the approach is via Twitter, note that accounts of legitimate businesses usually feature blue ‘verified’ tick to indicate that the account is authentic. They will also never request login credentials.
8. Check for the number of followers on the account. Genuine organisations – including their customer support handles – are likely to have a much larger following.
Social media and children
Most social media accounts require users to be at least 13 years old. However, it is easy to sign-up with a false date of birth. For expert advice about how to keep children safe online, please refer to: