The report from ENISA, titled Online as Soon as It Happens, undoubtedly provides best use practices, regardless of your location. The agency notes that of the more than 400 million users of the social networking site Facebook, nearly 65 million will access the site and its features by way of a mobile device. Because the number of people accessing social media by these methods will likely increase, our good friends at ENISA understood it was time to issue a set of guidelines for educating mobile users on the security treats they face when tweeting that latest random thought.
The threat types break down into two major categories: information posted on the site voluntarily by the user, and the security of information stored on the mobile device itself. Although the anecdotes, data, and other information provided in the report are of value to anyone – or any organization – the crux of the report lies in its list of 17 ‘golden rules’ to keep in mind when accessing social networking sites via a mobile device. Feel free to read the entire report yourself. But if you don’t have the time, here is a summary of the mobile social networking golden rules, broken down by category, as provided by ENISA:
- Consider carefully which images, videos and information you choose to publish: A social network is a public space. Only post information or upload images you are comfortable with, keeping in mind that at a later stage you might be confronted with the content you uploaded. Information and pictures that you post online should be considered permanent.
- Never post sensitive information: Do not make information such as address, date of birth or financial data available in your profile.
- Use a pseudonym: You do not need to use your real name in an online profile. Using a nickname can help protect identity and privacy.
- Do not accept friend requests from people you do not know: little explanation is needed.
- Verify all of your contacts: Ensure that the people you are in contact with or who sent a friend request are really who they say they are. Do not trust them immediately.
- Use your personal email address when joining a social networking site: Use your private email address, not a company one, and do not post competitive or confidential information about your organization. Also keep in mind any other information that a post or photo would reveal about your workplace.
- Be careful how you portray your company or organization online: Consider what your employer or organization would think before posting anything online.
- Do not mix your business contacts with your friends: You have no control over what your friends may post online.
- Do not let anyone see your profile or personal information without consent: Always access your profile in a physically safe environment.
- Do not leave your mobile phone unattended: No real explanation needed here, but also remember to log out of a social network upon completion of your session to prevent unauthorized access to your account.
- Do not save your password on your mobile phone: Store passwords in a safe place, or commit them to memory. Mobile phones are too easily lost to save this information on them.
- Use security features available on your mobile device: Lock the keypad when not in use, and remember to protect the device with a PIN or password. Backup details (like contacts) to another device. Configure connections (Bluetooth, WiFi) to ensure security and firewall protection whenever possible.
- Be careful what you publish about someone else: there is a legal liability issue here.
- Carefully and completely read privacy policies, conditions, and terms of use of all social networks you use.
- Use privacy-oriented settings: control who can view your profile and postings accordingly.
- Immediately report lost or stolen devices: Immediately report lost devices to prevent access. Also change passwords to social networks to prevent unauthorized access to accounts.
- Deactivate location-based services: especially if you do not need them.