According to the reports on daily journals & magazines, some countable group of ‘US privacy and consumer protection groups’ filed a complaint with US Federal Trade Commission (FTC) accusing Facebook of “unfair and deceptive” practices. Moreover, they called on the FTC to further investigate Facebook’s privacy practices and force it to take steps to guard better against security breaches.
Above this, daily getting multiple queries on ‘accounts getting hacked’,’identity thefts’,’spreading hoax aka spams’ through the social networking portals… The sole thing i would like to say as a Security consultant as well as a, well versed Web 2/3.0 user is, *You could never get hacked by anyone, till you let it…*, as the techniques perpetrators use, to get through your account, is ‘your’ online published captivating content about yourselves and a bit of ‘social engineering tactics’ which informally means, “To indulge a user with fake identity, to gain user’s ‘trust’ and aftermath getting valued information through continuous interaction from the user”.
In response to the complaints by various ‘consumer protection groups’, the social networking company has added several new security tools to help prevent hacking and increased privacy options. Yet, no matter what FTC finds or what social networking firms add up, a perfectly better approach to ‘user security and privacy’ would be to ensure whether the users are aware of social networking risks and accountable for what types of information are they willingly sharing.
Some general best practices added with some instigating common sense that users should get aware with, includes:
- Keeping your ‘personal information’ to yourself: Never post your ‘full name’, social security number, address, phone-number, and other credential numbers beholding your accounts or other personal objects. Be cautious about posting information that could be used to identify you offline (school, college, work place etc…).
- Post only those information that you are comfortable with others seeing and knowing about you. Keep in mind many people can see your page (except your accepted friends).
- Remember that once you post the information online, you can’t remove it. Even if you delete the information from a site, older versions exist on other machines and cache mainframes.
- Read the Privacy Guide of Social networking portals. At the bottom of every page, there would be a link for “Privacy”. This page contains the latest privacy functions and policies set up by the firms which helps you ensuring your privacy settings setup.
- Choose your ‘Friends’ carefully. Once you have accepted someone as your friend, they will have access to any information about you (including photographs) ‘that you have marked as viewable by your friends’.
Organizations, corporates and institutions should also find better ways to provide ongoing safety awareness, to people understand escalating risks and threats lurking online if they are willingly sharing too much credential information which may captivate intruders.
Individual users need to be more accountable for securing their sensitive and personal credentials. Is it a ‘networking portal’s’ responsibility, if users decide to post their ‘valuable credentials’ or share their credit card number online?
#This published post can also be viewed here.