If you spend much time on Twitter, you may have noticed that one of NBC’s Twitter accounts was hacked earlier today and used to distribute false messages about a terrorist attack in New York. Although NBC and Twitter quickly took action to take control of the account back from the hackers, the incident still looks bad.
NBC is taking it very seriously — as they should. The network’s Brian Williams delivered an on-air apology during the newscast tonight, and doubtless NBC’s new media team is already assessing how to prevent this from happening again.
While they react to an embarrassing breach, we’d like to encourage all of our readers to be proactive in safeguarding your social media accounts from hackers. Here are five steps you can take to strengthen your account security.
- Use a unique password for your social media accounts. You should not be using the same password for Facebook or Twitter that you use for email, or for online banking. If somebody breaks into your email account, they have instant access to your Facebook account if you use the same password. Your account is more secure if you use a different password.
- Choose strong passwords both for your social media accounts and for email. “mydogbailey12” is not a strong password. A strong password should not consist of any words that you could find in a standard dictionary of any language (unless it’s a language you invented). Instead, use acronyms that would be meaningless to anybody except you. Mix in some numbers and punctuation for a strong, hard-to-crack password.
- Always use HTTPS. HTTPS stands for Hypertext Transfer Protocol (HTTP) Secure. When you connect to a website using HTTPS, your connection is encrypted, reducing the likelihood that somebody will be able to intercept sensitive information like your usernames and passwords. Facebook and Twitter have HTTPS modes, but unfortunately, they are not enabled by default. You have to turn them on in your account settings (see how by clicking on the preceding links). This is something you can and should do right now! You can also install HTTPS Everywhere if you’re a Firefox user. This extension will force your browser to default to a secure connection on many popular websites, not just Facebook and Twitter.
- As a general rule, do not log into your social media accounts from a shared computer. You have no way of verifying that a public or shared computer is secure and free of malware. HTTPS can protect against man-in-the-middle attacks, but if you’re the computer you’re using is recording your keystrokes, HTTPS won’t save you from being unknowingly compromised.
- Think twice before authorizing a third-party application to access your social media accounts. For instance, time-wasting Facebook games like Mafia Wars are best avoided altogether. If you do want to connect a game to your account, research its origins and verify that the game is coded and distributed by a legitimate developer… before you grant it access.
Finally, an addendum to the third guideline: If you primarily post to Twitter or Facebook from a desktop or mobile application of some sort (TweetDeck, Echofon, HootSuite, etc.) make sure those applications are sending and retrieving data over a secure connection. If the application you’re using does not support HTTPS, find one that does. If you’re not sure, ask the developer.
If you follow the above guidelines in addition to making the security of your devices a priority (ensuring all of your computers have a firewall and antivirus suite installed, requiring passwords after periods of inactivity, enabling remote wipe capability on your smartphone, etc.) you’ll be better protected against hacking attempts.
Most people have no idea how unprotected they are — take action to protect your own social media accounts and make time to help others do the same.
4 Comments
HTTPS Everywhere kept freezing my browser, so I uninstalled it. Problem solved. I use AVG and several other safeguards, and am very careful where I click, and so I have never suffered a malware attack.
That’s weird. I’ve never experienced that problem.
It’s very possible that it was due to a software conflict. Software conflicts are not uncommon, especially in Microsoft Windows. Another reason why I use Kubuntu. 🙂
I completely agree that it is so important for everyone to understand and participate in their own security when online. And with the influx of devices, there is a unique opportunity for organizations and users to easily safeguard themselves with two-factor authentication, which in some cases can be used on social networks. At Symantec, we think that staying safe online requires vigilance and education on the part of the user, so posts like this are very helpful. Also, to your point on HTTPS: it absolutely needs to be turned on whenever inputting personal information. Users should also look for the green address bar, which indicates extended validation SSL (EV SSL), which undergoes the strictest vetting standards on the Internet.
Great post I must say. Your guidelines amount to fairly simple advice, but they’re valuable, considering that people treat their own personal online security as an afterthought. Looks like you do wonderful work — I’ll be sharing this post with my friends.