When it comes to social media safety, users are often unaware of the ramifications of their online posts. Many don’t realize they may be putting their personal data — and, by extension, their company’s data — at risk. While you may not be dealing directly with your customers, you’re only one step away from your clients on some social channels, and many organizations have spent a lot of time, money and effort to create brand loyalty through those channels.

Social media should be fun. We shouldn’t have to be so careful about what we do and say online, but cybercriminals aren’t going anywhere, and social media presents a natural gateway for bad actors to get what they want.

“I Thought That Was Safe to Post”

In many cases, there are common social media mistakes that employees don’t even realize they’re making. For instance, what if you’re taking a team selfie in the boardroom at the end of a strategic meeting and there’s information from a projector up on the whiteboard? Patrick McBride, chief marketing officer for ZeroFox, has more than two decades of cybersecurity experience and has heard many nightmarish stories about social media posts gone awry.

“With these posts, you could be inadvertently giving away confidential plans, financial information or other intellectual property,” he said. “Those kinds of things happen all the time.” Any information traditionally considered personally identifiable information (PII) is fodder for bad guys to monetize, McBride warned.

“Things like your Social Security number, your age, where you grew up, your mother’s maiden name and date of birth should be kept private,” he noted. “A lot of people put birthdates in the social platforms because they like to get the ‘Happy Birthday’ message.”

Armed with this information, hackers can increase their odds of engineering a successful password reset. Plus, PII only gives malicious actors more ammunition to launch social engineering attacks.

What Is Safe to Post?

According to McBride, anything outside of PII should be relatively safe. Generally speaking, the less you share about yourself or your company, the better. However, it may not be as much about the content as who can see it. That’s where privacy settings on social media can make a meaningful difference.

“Some of the social platforms have gotten better at pulling things together into a single place,” McBride said. “The platforms are making it easier for you to lock down content, but most preferences are open by default.” McBride also suggested ensuring that privacy settings are as restrictive as possible and auditing them at least annually.

Secure Social Media Tips and Tricks

Social media safety means showing without showing too much, according to independent security researcher Rod Soto. “Most of all, you want to protect as much of your sensitive, private information as you can.”

Soto offered seven recommendations for anyone who wants to participate in social media and mitigate the risks of the internet at the same time. Some of these may appear too restrictive, but I have to agree with him here — I’ve seen employees’ social media posts cause irreparable harm to either the individual or the company far too many times.

The first tip cannot be stressed enough:

  1. Think before you post. A post stays on the internet forever, even if you delete it. Not only will it remain public, but those who see it in the future may not have the context needed to understand it.
  2. Do not use your actual name. Use a nickname or some other moniker that does not give away your identity.
  3. Do not announce or reveal your location when you are away from home. Be mindful of backgrounds, people and landmarks that could reveal too much information — unless, of course, you mean to show them.
  4. Whenever possible, customize your privacy settings based on who you want to see your posts. In many cases, social media helps communicate and share special moments with friends, family and acquaintances. Target with your posts. Consider having one account for communicating only with people you trust and another account for acquaintances and the general public.
  5. Protect your accounts by using multifactor authentication (MFA), not repeating passwords and not recycling your security questions and answers.
  6. Don’t repost, retweet or share without scrutinizing or verifying. Many memes and pieces of viral content are inaccurate or exaggerated. Links, files, games or applications sent to you by anyone (including your family) could compromise your systems. Remember, the sender may already be compromised.
  7. Freedom of expression does have consequences. Employers, organizations, people or even friends may not like what you post.

Enterprise Best Practices for Social Media Safety

Many of the best practices and policies that help organizations increase social media security awareness in their workforce start at the top and work their way up and down the corporate hierarchy.

“It is very important for organizations to clearly state and promote security awareness in their employees, and this includes the use of social media in corporate related events,” noted Soto. “There are many times where employees themselves reveal sensitive corporate information by inadvertently revealing it on their own personal social media. This usually gives criminals enough information to target employees and executives.”

Soto advises that corporate social media accounts be considered assets in information security policies. As such, a safe social media policy must be implemented and followed. In addition, corporate accounts must also be monitored for threats.

McBride echoed this sentiment and added that best practices for social media safety should ideally be incorporated into standard security training administered by an organization’s IT or security team: “Focusing on how to identify social engineering tactics, impersonating accounts, scams and fraudulent posts, as well as how to strengthen account security settings to prevent account hacking, will help employees stay safe on social and protect both personal and corporate social accounts.”

Keeping employees off social media is like trying to keep a bee from honey: If you prohibit social completely, you will likely be stung. A middle ground must be established, and the best solution is to include everyone in the process instead of restricting their online behavior. As you develop your policies and practices around social media, remember that people respond well when they feel empowered and involved.

More from Data Protection

Data Privacy: How the Growing Field of Regulations Impacts Businesses

The proposed rules over artificial intelligence (AI) in the European Union (EU) are a harbinger of things to come. Data privacy laws are becoming more complex and growing in number and relevance. So, businesses that seek to become — and stay — compliant must find a solution that can do more than just respond to current challenges. Take a look at upcoming trends when it comes to data privacy regulations and how to follow them. Today's AI Solutions On April…

Defensive Driving: The Need for EV Cybersecurity Roadmaps

As the U.S. looks to bolster electric vehicle (EV) adoption, a new challenge is on the horizon: cybersecurity. Given the interconnected nature of these vehicles and their reliance on local power grids, they’re not just an alternative option for getting from Point A to Point B. They also offer a new path for network compromise that could put drivers, companies and infrastructure at risk. To help address this issue, the Office of the National Cyber Director (ONCD) recently hosted a…

Why Quantum Computing Capabilities Are Creating Security Vulnerabilities Today

Quantum computing capabilities are already impacting your organization. While data encryption and operational disruption have long troubled Chief Information Security Officers (CISOs), the threat posed by emerging quantum computing capabilities is far more profound and immediate. Indeed, quantum computing poses an existential risk to the classical encryption protocols that enable virtually all digital transactions. Over the next several years, widespread data encryption mechanisms, such as public-key cryptography (PKC), could become vulnerable. Any classically encrypted communication could be wiretapped and is…

How the CCPA is Shaping Other State’s Data Privacy

Privacy laws are nothing new when it comes to modern-day business. However, since the global digitization of data and the sharing economy took off, companies have struggled to keep up with an ever-changing legal landscape while still fulfilling their obligations to protect user data. The challenge is that there is no one-size-fits-all solution regarding data privacy's legal requirements. Depending on the location and jurisdiction, data privacy laws can vary significantly in terms of scope and enforcement. But while the laws…