Three Social Media Mindfulness Tips from a Cybersecurity Guy
America’s latest favorite pastime is (apparently) the demonization of social media, and our War on Cool Technology.
What’s old is apparently new again, as we complain ON social media, ABOUT social media, lamenting the future of humanity as the evil companies we once hailed as visionaries continue to pick apart our privacy and — dare we say our liberty and way of life — piece by piece.
We launched the same angry salvos at the oil companies, the big banks, and reality TV. Don’t forget our national campaigns against fast food, video games, and the vulgarity of nearly every genre of music ever created.
As with all of these scenarios promulgated over time, it’s easier — and somehow slightly empowering — to blame someone else for the current cybersecurity and privacy plight. The greedy CEOs. Big Brother. The Russians. The Millennials.
Anyone, it seems, but us.
The decision to use social media, and the decision on what you share with whom, is a choice. It’s not a right, and it’s certainly not mandatory.
Your digital privacy, just like your own safety and your own physical security, is yours to manage.
The problems usually being when we look to “Them” to manage these things for us.
When there’s a catastrophic event, like a natural disaster, we decry that “they” need to do something about it. “They” could be the cops, the government, the victims themselves — but certainly not us.
When there’s a data breach, we want “them” to fix the problem and make us whole. We want tougher privacy laws and more rigorous punishment for the criminals who have harmed us. We want more sophisticated security systems to make the technology safer. We want more business controls for these companies and their leaders so they can’t take advantage of us.
By God, someone owes us some answers here!
Most of us have never reviewed an Acceptable Use or Privacy Policy for our favorite social media websites. Most of us don’t know even the basics of how to manage the privacy of the updates we tweet, the pictures we post, and the activity we share.
Despite all of the changes that developers have made to their platforms to help us manage our data privacy and security, at a painstakingly granular level — we continue to fail. And we continue to bitch about the erosion of our privacy.
The way I see it, ladies and gentlemen, there are two viable options here. Either we get serious and become informed on how our data is gathered, managed, and shared across these platforms — or we stop using them.
History shows which of these we’ll likely choose.
As a cybersecurity guy, I often get asked about the best way to manage privacy on social media. Are there technical methods to block what “they” can see and what “they” can share? Are there tools to keep information safe and stop “them” from utilizing data for self-serving purposes, without permission?
Yes. They’re already there. But you’re not using them. You’re probably not even trying. I’m sure it’s not your fault.
Kidding. It is.
Rather than drafting up a 30-page technical guide to teach you how to utilize privacy features on Instagram, or to help you understand email phishing scams and how to spot them — I thought I’d try a different (non-technical) approach.
Here are my top three Social Media Mindfulness tips, which focus on the area where security usually breaks down first, and most — the human. As you read these, conduct a mental audit of your own user behavior and then decide on how these recommendations might be applicable and helpful.
Remember, privacy is a choice.
#1. Be intentional.
From the status updates you post, to the brands and businesses you “like”, to the memes and photos you “love”, to the causes and caucuses you show support — remember that you’re giving away a bit of your attention and giving a bit of access for every action online. As much as you try to get granular with your privacy — this information is available. That’s the point of social media, jackass.
First and foremost, your online presence is the face of your own personal brand. Yes, everyone has one, even if you’re not building it intentionally. Short of leaving social media and dropping off the grid — which we both know you’re not going to do — this is something that should be actively managed. More on this in subsequent articles.
It’s safe and best to assume that what you do online is forever and conduct yourself accordingly. We joke about our grandchildren and their future descendants looking at our posts and pictures from our bachelor party in Mexico in 2012 — this isn’t science fiction, folks. Through your online legacy, you’re going to stand for something whether you want to or not. Either be OK with that and manage that legacy — or get off the platform.
Secondly, understand that everything, from your political preferences to your choice of chicken sandwich is being catalogued by default. Social media companies know the devices you’re using to access your favorite apps, which foods you like and which presidential candidate you voted for, and through analytics built from your online behavior these companies estimate your household income, your annual spend on goods and services, and even your average life expectancy.
The company uses this to discern which advertisements will be preferential to you and then show you relevant “sponsored content”.
In theory, there’s nothing wrong with this except that much of it happens without your knowledge. That’s the part of the solution that only you can own.
On social media, as in life — every click, every like, every engagement has an equal and opposite reaction. It’s time to change the narrative on this. These companies are not plotting the downfall of modern society and they’re not surreptitiously taking over the world. You’re in control, unless you choose not to be.
#2. Be interactive.
Regardless of the platform, it’s up to you to pay attention to your little plot in cyberspace. Follow request from a stranger you’ve never met? Reject it. Follow request from someone you do know? Verify it. A complete random sliding up in your DMs to chat? Delete it.
Be sure to monitor your alerts and action requests on the specific platform — often, configuration rules require your express permission to follow, share profile data, add an event to your calendar, share your friends list, etc. This includes app-based requests for things like geofilters and location sharing which should be used “only while in the app” or even more sparingly.
Finally — simply generating and proliferating the paranoia does not protect you nor anyone else. If you’ve decided to use these platforms, then also commit yourself to actively overseeing them. It’s ok to connect with friends, to follow the brands you love, and to leverage social media with a purpose — but you must actively understand and manage the tradeoffs you’re making.
On social media as in life — you either manage your existence or someone else will manage it for you.
#3. Be informed.
This one is fairly simple. It’s your responsibility to understand how data is collected, shared, utilized, and stored on social media. It’s your responsibility to take the appropriate level of caution based on the risks — and there are plenty — that you will and will not tolerate. It’s your responsibility to identify potential issues and adjust your online behaviors accordingly.
Many of the most popular social media platforms are reacting to the increasing scrutiny around privacy and security by improving the level of data control and ownership that they give their users. Some are even being — dare we say it — proactive, and pro-consumer.
The issue with this shift is that it increases your responsibility as a user of the platform to manage your own security and privacy. This means that to achieve maximum benefit of these continuous changes, you should be reviewing the privacy controls available to you and making informed, conscious decisions to manage your data as you see fit.
This is where most people fail. Ignorance is bliss, after all.
On social media, as in life — your mother doesn’t work here. Manage your own privacy, clean up after yourself, and take accountability for the disposition of your data. Stop worrying about Chinese hackers, and man-in-the-middle attacks, and how complex your password is. Take action on the privacy and security items you can control and stop doing dumb shit.
