Nich Kelly is a long-year veteran in the field of cybersecurity and has been assisting multiple companies across North America in handling various IT-related threats. Credential protection is one his primary areas of specialization.
Your social media account is a valuable asset. Not only does it contain sensitive personal information, but it also reveals who you are close with. If hackers are successful in compromising it, you might find your account ending up for sale on the dark web, your personal details harvested, and your close friends blasted with spam.
All of this is all the more reason why you must take your social media account security with all the seriousness you can muster. Below, you’ll find the most important concepts you must grasp to keep it out of the line of fire:
1. Devise a Strong Password
Your password is your first line of defense, so it makes sense to give it the time it needs. Make it easy to guess or short, and you’ll find yourself at the hackers’ mercy before you know it. While it’s hard to say what a good password is (the rules are loose to some degree), highlighting the bad passwords is much more effective at getting you on the right path:
Use anything along these lines, and the neighbor’s kids and their grandparents will be snooping around your social media accounts in no time. But if you throw in some random capital letters, numbers, and special symbols into the mix while making sure the string cannot be associated with you (no names, addresses, birth dates etc.), hackers won’t have an easy job getting through.
In an ideal scenario, you should not be using any words that can be found in a dictionary (even though this does make the password harder on your memory). The optimal password length is somewhat of a gray area, but most cybersecurity experts seem to agree it should be longer than 8 characters.
The idea is to avoid using a pattern others could exploit to guess their way in. At the same time, you want to design your password in such a way that makes it hard for others to brute force their way in using automated software.
2. Know How to Keep Your Passwords Safe
Now that you know how to come up with passwords that stand the test of time, it’s important to familiarize yourself with how to keep them safe. The last thing you’d want is someone stealing the wonderfully complex string you’ve come up with that’s being stored in a text file on your desktop (big no-no – don’t do this).
The good news is that you don’t have to resort to remembering any passwords at all because there’s a piece of software called the password manager. In a nutshell, it’s an encrypted database of passwords that only you can access. Depending on the software you’re using, it automatically detects the website you’re visiting and pre-populates the login field for you. Either way, any password you’ve entrusted it with is stored in an organized manner and searchable on command.
Do note that you’re still going to be asked to remember one master password to protect all the rest you’ve created, but apart from this, it very much lifts a huge burden you’d otherwise have to carry. Either way, when creating the master password, the same rules apply, so don’t get careless. Above all, don’t compromise any of your efforts you’ve made up to this point by choosing a password that’s poorly made.
3. Never Resort to Reusing Your Passwords
Reusing passwords is a practice employed by those who seek convenience but don’t know any better. In essence, it’s when most or all of your online accounts are protected by the very same password (and, to some degree, slight variations of it). Even if you don’t see anything wrong with it, the problem emerges as soon as one of these websites gets hacked and the passwords are leaked to the public.
From that point on, all a hacker needs to do is to guess what other websites you’ve created an account on (or get the very same information through other means), and little will be stopping them from accessing them. In an instant, you could find yourself losing access to not only one, but multiple social media accounts.
Once this happens, there will be more on your platter than not using the social media platform to chat with your friends. In fact, you could be dealing with potential identity theft issues and someone could be using your good reputation to blast other people with spam. Don’t ever allow it to escalate to this point.
Once again, this is the beauty of what a password manager can do. By eliminating the issue of remembering your passwords, you can design them to be as complex as you’d like and the software will store them for you and bring them up on command. And once you see how intuitive and straightforward it is to use, there will no longer be an excuse not to.
4. Enable Two-Factor Authentication (2FA)
It may sound like something straight up from a sci-fi movie, but all it is is a mechanism that requires an additional step before letting you log in to your account. So even if all of the other cybersecurity measures have failed for some reason, given you’ve enabled 2FA, the hacker won’t be able to complete that step.
So what is the additional step? Depending on what you’ve chosen, it can either be extra verification that’s conducted through a secondary communications channel (such as email or SMS) or an external security device (think YubiKey and similar). Now, keep in mind not all of these are created equal to the degree of extra security you’ll be getting, but they are similar to their intended purpose. Think of them as a safety net for protecting your accounts.
But why is 2FA so effective and widely recommended by cybersecurity experts all across the globe? The reason is simple: the act of illegitimately obtaining your password is something the perpetrator, in the vast majority of cases, accomplishes through digital means. An example would be planting malware on your computer or exploiting a software bug to obtain admin access to your operating system. But to pass both checks (the password and the 2FA prompt), the hacker would need access to both your devices at the same time, which is possible, but far less likely.
And this is the power of 2FA. In addition to that, a failed attempt at passing through will also let you be the wiser about the security of your account and that someone is trying to get in. In case you notice such failed attempts, you should not hesitate to change your password as soon as you’re able to (pay special attention to those coming from unfamiliar devices or regions or anything that is not of your own doing).
5. Learn to Recognize Phishing Emails
The malicious act of phishing refers to someone trying to steal sensitive data from you by resorting to manipulation and fraud. In practice, this translates to someone sending you a fake email that gives an impression it’s coming from someone else (typically, this would be either someone close to you or one of your superiors).
To get you to spill the beans and hand it over, they often resort to pressure tactics and citing some emergency. For instance, they may pretend they’re the administrator and go on to say that something is wrong with your account and that they need you to log in and update your info or something similar. Then, they give you a link that gives the appearance of leading to the correct destination, but is – in reality – nothing but a ploy to get you to enter your login credentials into a fraudulent form designed to siphon it.
Worse yet, these fraudulent web forms may damage your device in other ways, such as forcing malware onto it. Either way, if you fall for it and give them your email and password, it’s virtually the same thing as handing the keys to your home to a complete stranger. Therefore, you must learn to recognize these phishing emails, lest you risk becoming a victim yourself.
So what are the signs you should look for? To start with, check the sender’s address. Even if it seems like it’s coming from a legitimate domain, check again; it could be the case the hacker has bought a domain that looks similar, but has misspellings in it. Then, if you’re not sure if the email is legit but wouldn’t like to sit idly in an emergency, disregard the email and enter the actual website’s address in the URL bar of your browser like you normally would. This will take you to the real website (let’s say Facebook.com) and not a deliberate misspelling of the hacker controls (such as Facabook.com or something similar).
Note: one exception to the example above is when a legitimate company sends you a verification email, the purpose of which is to make sure that you are the true owner of the email you’ve entered. But this is a one-time thing that you only get after registering.
6. Think Twice Before Trusting 3rd Party Apps
Not all third-party apps are bad, but you should treat them as a potential security risk regardless. The truth of the matter is, you can never be 100% sure which ones contain malware and some of them may be nothing more than a backdoor designed to obtain access to your account. And some of them may start innocent, but later on decide to take the dark path and go rogue. The bottom line is, you never know and it becomes a matter of balancing risk versus reward. If you want to be completely safe, it might be best to avoid them altogether.
The rise of cybercrime means you can no longer take the passive approach to your education and security. Once hackers achieve their ill-founded goals, the damage they can cause to your social media account and reputation can linger around for years to come; in some cases, the damage can be irreparable. So when it comes to your security, employ the best cybersecurity practices and never forget to keep your guard up.
One of our experts will get back in touch with you soon.