Government Social Media Use – A Few Tips for Employees About Social Media Security
Social media outlets like Twitter, Facebook, Tumblr, and LinkedIn are great because they allow us to maintain friends and connections across the country without leaving our homes and offices.
The downside of social media is the casualty with which we use it. Which is a big problem for government IT employees charged with managing it.
The millennial generation is especially lax with the information they share: according to a recent study, 63% of Americans have been the victim of cybercrime, but for 18-34 year olds that numbers rises to 70%. Looking at a website full of our friends or colleagues makes us lower our guard. Even the most knowledgeable government employee might potentially over-share information. Another Information Week study that analyzed more than 25 million social accounts showed that there was a 355% growth of social spam within the first six months of 2013 alone. As the frequency of social spam continues to increase, awareness of and protection against social spam must increase as well.
Don’t believe there’s a risk? In May, it was reported that Iranian hackers were creating fake social media accounts to spy on US military and political leaders.
Cyber Threats & Risks That Should be Considered
- Compromise of Official Accounts: Hackers use methods like social engineering (manipulating other users into divulging information or performing actions) to gather information. Government employees need to be extra careful not to be tricked into compromising departmental network security.
- Data Misuse: Although it is infrequent, the main security risk with data misuse is the potential for government employees to over-share information publicly or even through a private message. Something as simple as sharing the name of a project you just completed or expressing frustration with a type of security implemented by your department is over-sharing and can be used by a hacker. If you are using social media to process, store, or transmit federal government information, your social media use could be violating the Federal Information Security Management Act (FISMA).
- Identity Theft: Putting too much information on your social profile can potentially enable a hacker to gather that information and compromise the security of other online services or applications by pretending to be you.
- Reconnaissance: Reconnaissance is the way in which hackers collect information about the person, people, or organization they intend to attack. This being said, information posted or shared through social media could become the subject line of a phishing email or could contribute to an elaborate social engineering scam. Social media users should be aware of what they are posting, and if you receive emails that seem a little bit too similar or too related to something you have recently posted, use extreme caution and contact your network security personnel.
- Third-Party Applications: Social games and apps hosted on platforms like Facebook are a few of the increasingly popular third-party applications that are used to further “connect” you through social media. Third-party applications are known to access users’ profile sometimes without the users’ knowledge. Although the applications often do not contain any malicious coding, hackers could potentially access the applications and have access to your information.
- Viruses: Despite being one of the most documented types of cyber threats, viruses are still used highly effectively. Hackers embed malware in social media websites and third-party applications, which when passed on unknowingly by infected users, are shared with your contacts.
Simple Ways to Mitigate These Threats
To the technologically-uneducated social media user, these threats may seem like a laundry list of reasons not to use social media. However, there are a few ways to lower your risk.
- Access Control: Maintain control lists that are up-to-date and that manage who can access media accounts and give authority to an account administrator.
- Employee Awareness: As an employee, make sure you’re aware of your department’s policies and regulations regarding internet and social media usage. As an employer or department head provide regular information sessions to educate your employees about how to safely use social media. The second study mentioned in the introduction also stated that 1 in 21 social media messages sent across Twitter, Facebook, Google+, and YouTube contains risky content and 1 in 200 contains spam. Awareness is the first line of defense against subjecting your department to security risks.
- Incident Reporting: Keep incident reporting a high priority by communicating the importance of reporting suspicious activities and immediately taking action to regain control of the account
- Monitoring: Make sure that any official agency social media accounts are carefully monitored and that all information released is approved for release.
- Privacy: Use discretion when posting about your work, including information about projects, promotions, even job listings. Never use or post your work email or phone number.
- Security Settings: Make sure you apply all of the security and privacy settings offered by social media websites. Use strong, unique passwords and opt for multi-factor authentication when available.
- Social Media Policy: Make sure you follow your departmental social media policy.
- Third-Party Applications – Only use trusted applications and limit the amount of information your third-party applications have access to.
As the world becomes more technologically driven, there are more security risks. However, you can enjoy connecting via social media without becoming an easy target. By doing a little bit of research, being aware of your department’s policies, and spending a few minutes updating your security and privacy settings, you can enjoy the benefits of social media without compromising your personal or departmental security.