Becoming social media safe and savvy

Social media has changed the way we live our lives, and not just because of the exponential increase in cat-related pictures, cartoons, videos and GIFs. Social media allows us to communicate across physical boundaries, share photos and videos, make our voices heard in different forms and to interact with others in innumerable ways. It’s a major source of news and information (and disinformation), a method for promoting anything from social causes, and issues, to brands, support networks and creating networking opportunities. Social media is everywhere, it’s powerful, and therefore it can be dangerous to our privacy and security, when the appropriate preventative measures aren’t taken.

“Privacy and security risk comes from app permissions, terms of service agreements, the collection of personal data and the very information-sharing nature of social media,” says Gordie Mah, Chief Information Security Officer at the University of Alberta. “Information Services and Technology (IST) and the Information and Privacy Office (IPO) jointly review privacy and security risks related to social media and other platforms on an ongoing basis, but at the end of the day, all U of A faculty, staff and students play an important role in protecting their – and the university’s – information,” he adds.

Awareness to the privacy and security concerns that social media poses hit an all-time high last year when the Government of Canada banned the short-form video sharing app, TikTok, from government owned-devices following a review of the social media app by Canada’s chief information officer, saying it posed an unacceptable level of risk to privacy and security. Since then, 10 provincial governments have followed suit. While the U of A has not banned the use and download of TikTok on university-owned devices, the recommendation is to log in social media platforms through web browser, rather than the app, whenever possible.

The first step in protecting ourselves is being aware of and understanding the risks so that we can make simple changes that can have a big impact on increasing our online security. Social media companies, like all companies in today’s digital world, are not immune to cyberattacks, Mah says. Steps such as enabling multi-factor authentication (MFA) on social accounts whenever possible and limiting or simply not sharing personal information such as your birthdate, address, phone number or real-time location, can go a long way towards preventing privacy breaches.

By their very nature, social media platforms require our personal and sensitive information. But we can be smart about what we share and how we share it. Add this to the increasing complexity of data security, the new normal of hybrid and remote work, and the need for awareness of social media safety and security is now greater than ever. 

“Remote work is a new reality and that presents new risks,” Mah explains. “People might access work apps through a home computer that’s not monitored with U of A systems, they might use a personal device that has social media apps to access work. IST has systems in place to mitigate risk and protect our community’s information, but it’s  always an on-going concern.”

By understanding the risks, being proactive and following recommended security practices, U of A community members can protect their information and contribute to a safer digital environment. When using social media, here are a few helpful steps you can take to protect your personal information and that of the university:

1. Enable multi-factor authentication (MFA) on your social accounts whenever possible. 
2. Access your account through a web browser instead of through the app. This can provide additional security, as apps can ask for or require access to other functions of mobile devices.
3. Ensure you set and/or update your privacy settings on every social account you use.
4. Limit or don’t share personal information such as your birthdate, address, phone number or real-time location.
5. Be cautious of suspicious messages or links, even if they appear to be from someone you know.
6. Report any posts or messages that appear to be scams.
7. Use unique and complex passwords. View these tips on how to create strong passwords. 
8. Avoid logging into accounts while using public Wi-Fi networks, which can be more vulnerable to cyberattacks.
9. Protect your computer with anti-virus software and keep all software, including your operating system, up to date.
10. Be aware of the news regarding social media platforms. Recent data breaches or news about the activities of social media companies can help us take preventative action or make informed decisions.

For more information on staying cyber safe while using social media, including specific risks you should be aware of, refer to the CISO’s Social Media Privacy and Security web page.

A brief history of social media privacy breaches*

*Not an exhaustive list

Looking for more? Check out these additional resources:

• Privacy and Security Best Practices for Sharing Information
• Privacy and Security: Online Meetings and Classes
• Guidelines for Working Remotely
• How to Stay Secure: Information Security Safeguards While Working from Home