Manage your Online Presence
Description
The Bottom Line
Threat actors can use your publicly available information to launch targeted cyber intrusions.
The Problem
Although some individuals and communities are at a higher risk of targeted attacks, cybercriminals still frequently target unsuspecting, everyday citizens using social engineering.
For spear phishing and other forms of social engineering to be effective, a threat actor must know enough about you to develop a convincing message that causes you to click on a link or share personal information. Successful social engineering attempts could lead to identity theft, account takeovers, doxxing (exposing private information about you on the internet), installation of malware, and unauthorized access to devices and data.
With so many sources of open source information, it is not hard for a threat actor to design a spear phishing attack or a more sophisticated cyber campaign against you.
Information related to your social media usage, including your interests, photos (self-posted and tagged), relationships or connections (both personal and professional), hobbies, online quizzes, and even reactions, such as likes and dislikes, can provide threat actors with enough context to create compelling spear-phishing messages. Posts about travel, such as schedules, itineraries, and locations, can also lead to targeted attacks of high-risk communities.
The Solution
Manage your social media accounts.
First and foremost, you should be aware of what your social media activity reveals about you and your pattern of life. Categories of information that you might not necessarily think about, such as the posts that you like or share, or comments that you make on others’ posts, should all be considered public information.
In addition to being mindful of what information you (and others) share about you online, it’s important to manage the settings on your social media accounts to increase your privacy and security.
Real World Example
You might not think of your fitness app as social media – but if you use it to record and share your workouts, you may be revealing a lot more about your health and pattern of life than you initially realize, as discussed in Citizen Lab’s research on “Fit Leaking.” For example, in 2018, Strava published a heatmap of global fitness activity, which allowed US military bases to be easily identified by fitness activity outlining the perimeter of bases.
USSOCOM offers one of the most comprehensive, step-by-step guides to adjusting your settings on social networking services (including Facebook, Instagram, LinkedIn, Reddit, Signal, Snapchat, Telegram, TikTok, and WhatsApp), digital ecosystems (including Amazon, Coinbase, and YouTube), and devices (including Xbox, PlayStation, Nintendo, and fitness apps). While you should refer to this guide for a thorough overview of how to protect your privacy while using online apps, here are some general best practices to prioritize:
- Make your social media account private.
- Do not make your birthdate, location, or other personal details available on your profile.
- Disable location sharing and do not use geo-location tags.
- Disable “tagging” settings or enable controls to approve/deny tags before a post is associated with your account.
- Only add friends, followers, connections, or contacts that you know and trust. Verify that the account actually belongs to the person you know and is not a false account that was created to gain closer access to you.
- Like any other application, vet any third-party app integrations to ensure they meet your cybersecurity requirements.
- Adjust settings for personalized ads to limit what information third parties receive about your account activity.
Takeaways
Do
- Exercise caution when deciding what to share about yourself online.
- Understand that other people’s posts can put you at risk if they reveal personal or sensitive information about you.
- Be aware of phishing attempts, and only add people you know and trust to your social networks.
Do Not
- Add people that you do not know to your social networks.
Project Upskill is a product of the Joint Cyber Defense Collaborative.
Prerequisites
- Module 1: Basic Cybersecurity for Personal Computers and Mobile Devices
- Module 2: Protecting Your Accounts from Compromise
- Module 3: Protecting Data Stored on Your Devices
- Module 4: Protecting Your Data in Transit
- Module 5: Securing Your Home Wi-Fi
- Module 6: Managing Your Privacy and Security Online
- Topic 6.0: Limit Your Digital Footprint