10 IT Security Best Practices to Protect Your Social Media Reputation — and Your Birthday Party

It was a birthday I’ll never forget. I know what you’re thinking: close friends, colorful streamers, a big birthday cake and Katy Perry’s “Birthday” softly playing the background.

Nothing could be further from the truth. My quiet birthday dinner at a casual restaurant was interrupted by the rapid buzz of numerous emails being sent to my mobile device. After hearing more than five messages come in, I began to suspect an IT security emergency and sheepishly pulled out my phone to check.

I was shocked and horrified to see a series of brand new messages from LinkedIn, all containing negative comments about me regarding professional posts that I’d made over the past few weeks. One comment, for example, visible to all my professional contacts, read, “Why would you want to do business with a liar like Neil?”

A Not-So-Happy Birthday

As I excused myself from the table to review the content more closely, I realized that the comments had come from one of my Facebook friends. A couple days prior to my birthday, that friend sent me a message. He accused me of having him removed from a Facebook group of which we were both members. I explained to him that I was not an administrator of the group, so I didn’t have the authority to take such action. It was clear that he was experiencing mental duress, so I chalked his accusation up to whatever personal situation he was going through at the time.

Clearly, he didn’t believe me. As I prepared for my quiet birthday gathering, he reached out to some of my other Facebook friends. He told them, “Our friend Neil is having a medical emergency. I need to get in touch with his family right away. Do you have his phone number?” Eventually, one of my friends believed him and capitulated. As a result, I received death threats via voice mail and text messages on the afternoon of my birthday. This persisted until my mobile provider blocked his communications entirely later that day.

10 Social Media Tips to Protect Your Personal and Professional Reputation

At this point, I’ve virtually assured that none of you will invite me to your next birthday party! So here’s my early birthday present to you: 10 ways to leverage IT security best practices to protect your personal and professional reputation on social media.

1. Use Different Account Names for Personal and Professional Social Media Accounts

Your professional reputation is of utmost importance, and it’s available globally on a 24/7 basis to anyone who wants to see it. Be very careful not to use the same social media handles for your personal and professional accounts. Instead, maintain a professional distance between the two.

2. Use Different Profile Photos Across Social Media Accounts

Remember that images can easily be found using search engines, making it easy for potential troublemakers to dig up all your accounts in one fell swoop. Utilize unique profile photos to differentiate between your personal and professional accounts and change them on a regular basis. This is especially important if you have a unique name, since you’re easier to track down in search engines to begin with.

3. Differentiate Between Personal and Professional Contacts

Looking back, I should never have accepted the Facebook friend’s LinkedIn contact request. Only a small percentage of your contacts should be considered both professional colleagues and personal friends. Otherwise, you risk having your professional reputation damaged by a potentially unstable personal acquaintance. Similarly, allowing your professional contacts to view your over-the-top bachelor or bachelorette party photos might not be in your best interest.

4. Limit Visibility of Personal Accounts in Search Engines

Recently, I’ve noticed that certain social media sites permit you to decide whether you want your account details to made available in major search engines. Since social media sites are so good at generating potential contacts for you nowadays, you probably won’t miss out much by suppressing your personal information on search engines.

5. Limit the Amount of Personal Information You Provide

Social media providers encourage you to include as much information as possible to present you with compelling content and targeted advertising efforts. However, you should be judicious about doing so. My stalker capitalized on my interest in American playwrights like Tennessee Williams to break down social barriers to information sharing and encourage me to share even more detailed information about myself.

6. Use Social Media Privacy Settings

This was a tough lesson for me at the time. I must confess that prior to the incident, my Facebook account probably operated with the default settings that were recommended by the social media provider. This permitted my stalker to methodically comb my Facebook friends list for a weak link who would reveal privileged information to him. He was also able to see photos of my family members so he could reach out to them, knowing that they would be more concerned if I’d experienced a supposed emergency.

After reading this, invest 10 minutes to adjust the privacy settings for your favorite social media account. I promise it’ll be time well-spent.

7. Use Different Passwords Across Social Media Accounts

Admittedly, I also made this mistake and reused passwords across accounts. I shudder to think what might have happened if the stalker had been able to compromise my password and hijack multiple social media accounts with fraudulent content updates.

8. Perform Routine Contact Cleanings

I’ve been a social media proponent for more than a decade. But it’s important to remember that everyone you’re connected to is privy to everything you make available about yourself. If one of your contacts becomes unstable or his/her own account is compromised, this data could be a gold mine for a malicious actor.

9. Report IT Security Incidents to Law Enforcement

Cyberstalking was such a new phenomenon at the time of my incident that local law enforcement simply took my report and advised me to block the contact on all my personal and professional accounts. This seemed like a light touch considering the fact that cyberstalking is a felony in the state in which I live. Furthermore, I had written proof of multiple death threats. However, the only way to force law enforcement to take these incidents seriously is to ensure that they’re properly documented and tracked.

10. Educate Contacts on Best Practices

I’m personally supporting #StompOutBullying Day on Oct. 2, 2017, and there are many additional resources available on the internet to help you learn more about protecting yourself. For example, you can check out our companion blog about how you can use dating applications more safely.

Cyberstalking is the most severe form of bullying. So please share these tips with your children, friends and less experienced professional contacts who might be unaware of the potential dark side of public information sharing.

Conclusion

Despite my experience, it is my belief that 99 percent of people in the world have good intentions, but society pays more attention to the negative 1 percent. However, as the line dividing the professional and the personal increasingly blurs, you need to be more vigilant than ever.

Neil Jones

Market Segment Manager for Application Security

Neil currently serves as IBM's world-wide Market Segment Manager for Application Security. He possesses more than 10 years of experience in the IT security space, and has worked in a variety of different roles in the field, including product marketing, sales and even product pricing. He's been a designated Certified Information Systems Security Professional (CISSP) since 2008. In his spare time, he's an avid hiker, traveler and social media fan.