In today’s connected world, our online presence is central to our lives like never before. We stay connected with our friends and family wherever they are through social media. Whereas in the past our social contact was limited to those who lived or worked nearby, now, through social media, we can connect with those with shared interests or beliefs anywhere in the world. Most of us use social media to stay in touch with those they care about. However, we must also be aware that the same platforms can also be used by people we would rather not remain in contact with, giving them a lot of information about us. Our social media accounts quickly become extensions of ourselves, revealing what we like, where we are, what we are doing, what we think, and who our friends are, to anyone on the internet. Oversharing on social media can leave anyone at risk from scams, identity theft, cyber-attack, cyberstalking, online bullying, and even physical threats.

Revealing your personal data

According to figures published by Statista, 91% of the UK population are active on social media (estimated to be 94% by 2028), WhatsApp is in use by approximately 75% of people, Facebook by 70%, and Instagram by 56%. Over time, our social media accounts store increasing amounts of data about us, from our posts, likes and comments, to private messages, photos, and videos. One important thing to consider is just how much of this information we make public. Let’s take an average person, we’ll call him Alex. 

Alex was born in the UK in 1999, and signed up to Facebook when he was thirteen. Over the years as he grew up, he posted pictures and videos of himself and his friends, and they tagged each other in pictures and videos. Alex moved on, he went to college and then on to university. Throughout his time, he joined different clubs and Facebook groups, followed pages, commented on, and liked some political posts, got drunk and took some embarrassing photos, and posted some awkward comments. After graduation Alex got a job and posted pictures of his first day at work, and of course throughout all that time developed an ever-increasing list of Facebook friends. A typical social media history for someone in 2024. 

From a cyber-security perspective. Alex has shared significant amounts of his personal data online, a simple search for him on Facebook will probably reveal his picture, his age, where he went to school, where he went to university, who he knows, and where he works. All this information is useful for cyber criminals, scammers can create very convincing targeted phishing messages using all this data. There could be enough information to guess at his password or PIN code (Alex might have used a pet’s names, date of birth, children name, favourite holiday destination). There is even a risk that someone could impersonate Alex’s identity, stealing money and taking credit out in his name (what security questions does your bank ask – first school, first pet, mother’s maiden name, etc). Alex may have posted this information publicly over the years.

Cyberstalking  

Having too much personal information publicly available can open a person up to the possibility of being cyber stalked. A cyber stalker could be an ex-partner, ex-friend, or acquaintance we no longer want to see. If you are employed or own a business, an angry customer or client, or a stranger who simply became fixated on our online profile. One of the important ways of protecting ourselves and our loved ones against this threat is the protection of our devices and social media accounts, and we’ll cover this in more detail below.

Sextortion

Often, the most disturbing or heartbreaking cases of social media abuse are cases of sextortion. This can take different forms, adults who have taken intimate pictures with a partner or ex-partner being threatened with their public release (this is also known as revenge porn), a threat actor hacking an iCloud or Google account, finding photos and demanding money from the owner in order to not release them publicly. Or, in an increasing and disturbing online trend, overseas gangs targeting teenage victims by impersonating other young people and persuading them to take and send nude photos of themselves, following which they are threatened that these will be released to their friends and followers unless they send money. This horrendous type of crime destroys lives and is now being targeted by new laws to help combat it. There are things we can do in terms of account security and improved awareness. 

Protecting ourselves

There are actions that we can take to increase the security of our social media accounts. In the case of cyberstalking, one of the most important defence measures is keeping the stalker out of our accounts and devices. Think DAILY

• Device - Keep your mobile device updated with the latest security updates and make sure to set up a screen lock with Touch/Face ID and a complex password.

• Authentication - Use strong passwords and multi factor authentication on your iCloud, Google, and all social media accounts. There is no need to think up new passwords manually for every account, instead use a free password vault like Bitwarden, ProtonPass or Dashlane to generate and store them. These vaults can also process multi factor authentication directly, which is more secure than using SMS codes.

• Information - On most social media platforms, the default privacy settings are not enough. Review your privacy settings on all social media platforms to control who can see your account.

• Look - Look through the information you have posted publicly on your social media accounts, if sensitive information like your address, date of birth, email address, mobile number, or personal history is publicly available, either hide or remove it.

• Yours - Avoid logging into any social media or messaging accounts from public computers or other people’s devices, as if you don’t fully sign-out on that device then your account can remain accessible afterwards.

Securing Social Media Accounts

Below are privacy settings we would recommend reviewing for some of the most popular social media platforms:

1. Facebook

Facebook encourages us to enter substantial amounts of personal information, such as where you went to school, where you went to university, where you work, your date of birth, your relatives… the list goes on. On your Facebook profile, you can select who can see each piece of information. You should restrict sensitive personal information either to just yourself, or to your friends. In the Facebook App settings menu or on the website, you can access the Privacy Checkup which will guide you through some of the crucial privacy options. Finally, look at your friends list on Facebook. Your friends can see more about you, so make sure you know who they are.

1. WhatsApp

WhatsApp has a Privacy Checkup accessible through the app settings menu. When running this, pay particular attention to who you let see your status, when you were last online, your profile picture, adding two step verification to your account and encrypting WhatsApp backups. From the app Privacy menu, you can also turn on Screen Lock which protects WhatsApp by requiring Face/Touch ID, or your PIN when opening the app. Finally, scroll down to the Advanced submenu where you will find an option to hide your IP address in calls.

1. Instagram

This app has fewer privacy controls than Facebook. The main security control for Instagram is making your account private, which restricts your profile and posts to only your approved followers. This is especially important for the accounts of teenagers. Instagram does not provide a way to hide your list of followers (like you can on Facebook), so for teenagers it is especially important to be careful who is allowed to follow them. This is unfortunately one of the most common ways that a sextortion scam works, by getting on a teenage account holder's followers list, the attacker can see all their other followers, and know who to threaten.

Social media is now a central part of all our lives, it’s how we communicate and share with our friends and families, in many ways an online extension of ourselves, so it is important that we take control of it. Cybersecurity measures like protecting our devices with Face/Touch ID to keep them safe, strong passwords and multi factor authentication on all social media accounts helps keep hackers out. Taking control of our privacy and data by being more careful about what we post on social media, and restricting who we allow to see it, especially for our children, will make a real difference in keeping everyone safe in our digital social world.

Author: Jonathan Freedman

Useful resources:

• Cybersecurity Guides

• Guide to Dealing with Hacked Social Media account

• Guide to Dealing with Hacked Email account

• Guide: Dealing with a phishing attack

• ARE YOU SHARING SECRET DATA WITH CRIMINALS WITH YOUR PHOTOS?