In our last blog post we discussed all the goodies one can get from social media accounts. We talked about the content and we talked about the underlying metadata that can help investigators, attorneys and company management piece together what went on. In this segment we’ll talk about security around data in your social media accounts.
The first thing to consider is that social media is your window to the world. It is the voice by which you communicate and it is quite often directly associated with you and your company. Therefore, it goes without saying that you need to take good care of that account.
Good care of your social media accounts starts with protecting the accounts. That protection starts, but doesn’t end, with a good password. What is a good password? Previously the National Institute of Standards and Technology (NIST) recommended the following:
• Make them complicated.
• Use numbers, question marks and hash marks.
• Change them regularly.
• Use different passwords for each app and website.
Now NIST says that your password shouldn’t be so tough, but it should be long. NIST recommends that you create a long and memorable password. Think of a phrase, maybe a phrase known only to you. You can stick with lowercase letters, too. But what you shouldn’t do, is use the same password for multiple accounts. The reason is because as we have all seen organizations such as Yahoo get hacked. During those hacks, information such as passwords are stolen. Those passwords provide hackers the ammunition to get into other accounts. The hackers create dictionaries of passwords and use those dictionaries to attack other accounts.
The Importance of 2FA
The other thing to consider with social media accounts is two factor authentication (2FA). 2FA combines something you know, such as a password, and something that you are or have. 2FA can be achieved through sending a code via text to your phone or via an email to another email address after you’ve successfully provided the password to your account. That code in text or email is then supplied as the second factor. Often time providers will allow you to “save” a known good computer so that after one successful 2FA the device you are on will be allowed in each time with just the password. This practice is ok as long as you are using a device that is just yours and is protected.
The other issue with security involving social media is what security issues you may expose. The best example of this exposure is one of many games seen on Facebook. How often have you seen a post on Facebook saying “Let’s play a game” followed by a series of questions such as “who was your best friend in high school”, “what is your favorite car”, or “what is your favorite band?” On the surface, it would appear that these questions are harmless and do nothing more than help you and your friends engage in conversation regarding your likes and dislikes. In reality, many of these questions are the same security questions used for two factor authentication or for password resets. By answering these “quizzes” you are actually exposing those sensitive answers to hackers.
Confidentiality Is Key
The final security issue to consider with social media involves employees and information they provide on social media. The revealing of a confidential project, technology or business dealing (such as a sale or merger) is not that unimaginable. Employees should be trained on confidentiality of business information and what is, and is not allowed, to be spread on social media. It should be explained to employees the ramifications of not following those rules, including potentially termination.
Social media is here to stay. Social media is a powerful tool to be used in marketing, image and just getting the word out about your company. But care must be given in regards to the best use of social media and the data security around it.
by Greg Kelley, EnCE, DFCP, Chief Technology Officer at Vestige Digital Investigations
For more information CONTACT US.