Becoming social media safe and savvy

The first step in protecting ourselves is being aware and understanding the inherent risks in using social media platforms.

Social media has changed the way we live our lives, and not just because of the exponential increase in cat-related pictures, cartoons, videos and GIFs. Social media allows us to communicate across physical boundaries, share photos and videos, make our voices heard in different forms and to interact with others in innumerable ways. It’s a major source of news and information (and disinformation), a method for promoting anything from social causes, and issues, to brands, support networks and creating networking opportunities. Social media is everywhere, it’s powerful, and therefore it can be dangerous to our privacy and security, when the appropriate preventative measures aren’t taken.

“Privacy and security risk comes from app permissions, terms of service agreements, the collection of personal data and the very information-sharing nature of social media,” says Gordie Mah, Chief Information Security Officer at the University of Alberta. “Information Services and Technology (IST) and the Information and Privacy Office (IPO) jointly review privacy and security risks related to social media and other platforms on an ongoing basis, but at the end of the day, all U of A faculty, staff and students play an important role in protecting their – and the university’s – information,” he adds.

Awareness to the privacy and security concerns that social media poses hit an all-time high last year when the Government of Canada banned the short-form video sharing app, TikTok, from government owned-devices following a review of the social media app by Canada’s chief information officer, saying it posed an unacceptable level of risk to privacy and security. Since then, 10 provincial governments have followed suit. While the U of A has not banned the use and download of TikTok on university-owned devices, the recommendation is to log in social media platforms through web browser, rather than the app, whenever possible.

The first step in protecting ourselves is being aware of and understanding the risks so that we can make simple changes that can have a big impact on increasing our online security. Social media companies, like all companies in today’s digital world, are not immune to cyberattacks, Mah says. Steps such as enabling multi-factor authentication (MFA) on social accounts whenever possible and limiting or simply not sharing personal information such as your birthdate, address, phone number or real-time location, can go a long way towards preventing privacy breaches.

By their very nature, social media platforms require our personal and sensitive information. But we can be smart about what we share and how we share it. Add this to the increasing complexity of data security, the new normal of hybrid and remote work, and the need for awareness of social media safety and security is now greater than ever. 

“Remote work is a new reality and that presents new risks,” Mah explains. “People might access work apps through a home computer that’s not monitored with U of A systems, they might use a personal device that has social media apps to access work. IST has systems in place to mitigate risk and protect our community’s information, but it’s  always an on-going concern.”

By understanding the risks, being proactive and following recommended security practices, U of A community members can protect their information and contribute to a safer digital environment. When using social media, here are a few helpful steps you can take to protect your personal information and that of the university:

  1. Enable multi-factor authentication (MFA) on your social accounts whenever possible. 
  2. Access your account through a web browser instead of through the app. This can provide additional security, as apps can ask for or require access to other functions of mobile devices.
  3. Ensure you set and/or update your privacy settings on every social account you use.
  4. Limit or don’t share personal information such as your birthdate, address, phone number or real-time location.
  5. Be cautious of suspicious messages or links, even if they appear to be from someone you know.
  6. Report any posts or messages that appear to be scams.
  7. Use unique and complex passwords. View these tips on how to create strong passwords. 
  8. Avoid logging into accounts while using public Wi-Fi networks, which can be more vulnerable to cyberattacks.
  9. Protect your computer with anti-virus software and keep all software, including your operating system, up to date.
  10. Be aware of the news regarding social media platforms. Recent data breaches or news about the activities of social media companies can help us take preventative action or make informed decisions.

For more information on staying cyber safe while using social media, including specific risks you should be aware of, refer to the CISO’s Social Media Privacy and Security web page.

A brief history of social media privacy breaches*

*Not an exhaustive list

March 2018

Facebook and Cambridge Analytica controversy

Revealed that political consulting firm Cambridge Analytica harvested personal data from millions of Facebook users without their consent. Data was used for targeted political advertising during the 2016 US presidential election. 

July 2020

X data breach (formerly Twitter)

A major security incident occurred on X (formerly Twitter), where high-profile accounts were compromised as part of a cryptocurrency scam. Attackers gained access to internal systems and hijacked accounts, potentially accessing private messages and other personal information.

August 2020

Instagram, YouTube and TikTok data leak

A massive data leak exposed the personal information of millions of users. The leak, caused by an unsecured server, included details like email addresses, phone numbers and profile information.

June 2021

LinkedIn data breach

A massive data breach was reported on LinkedIn, compromising the personal information of more than 700 million users. The breach involved the scraping and sale of LinkedIn data, including names, email addresses, phone numbers and workplace details.

April 2021

Facebook data exposure

It was revealed that the personal data of more than 533 million Facebook users was exposed on a hacking forum. The data included phone numbers, email addresses, birth dates etc.

July 2022

X (formerly Twitter) data breach

A hacker claimed to have the data of 5.4 million accounts for sale including email addresses and phone numbers from “celebrities, companies, randoms, OGs.” The data breach was the result of a vulnerability on Twitter that was discovered earlier that year.

February 2023

TikTok privacy violations

The Government of Canada banned TikTok from government-owned devices, and 10 provincial governments have followed suit since. Concerns surround the app’s privacy and data collection policies including allegations of sharing user data with the Chinese government.


Looking for more? Check out these additional resources: