Wednesday, February 26, 2014

Social Media Self-Defense: Not just a war-time activity

The U.S. Government throughout World War II used a variety of methods to persuade its citizens to rally behind the war effort (Olson, 1998).  One of the most popular catch phrases of that era still applies in today's landscape of social media and networking:

Essarge loose lips poster

The great many benefits reaped through the advent of new technologies that are bringing our world closer and closer together by the minute come with inherent risks.  Without care and attention, every user of social media puts at risk information that can be used and abused by others.  For that reason, social media security and social media policies must be vital elements of every effort to engage online, whether personal, professional or as an organization.

What do I mean by "Social Media Security" and "Social Media Policies"?

Let me give you my simple definitions of each of these:

  • Social media security is the state you achieve through the creation of habits that govern -- strictly in many cases -- what, when and how you engage with social media, what information you willingly provide and what other information you seek to protect.   Oh yes, you should also know that you never fully reach the "state" of security because the social media landscape is constantly changing and dangers, new and old, continue to surface and resurface.  But be vigilant, and as safe as possible.
  •  Social media policies are the doctrines, or codes, established by employers and other organizations that serve as guidelines for how those associated with the organization engage in social media engagement as that engagement relates to the practice of their professional responsibilities.

How can I keep my ship Afloat?

There are many, many ideas and tips available to help you surf social media with greater security.  Rather than write about some of the most often shared tips, I'd ask that you take a look at this fun little video from Toshiba.

Now that you have those basics in mind, let's get a little more granular:
  • We are what we Tweet...for all posterity:   Are you aware that the Library of Congress is archiving every Tweet emanating from a U.S.-based Twitter account?  In short, if you post it, consider it permanent.  
  • Secure your computer:  I'll also mention where the video above left off.  Make sure the machines you use have the latest and greatest software to protect you.  The Privacy Rights Clearinghouse gives some great information on firewalls, antivirus software and more.  
  • Use Bookmarks...or URL be sorry:  Don't go to your preferred social media services through email links or another website.  You could be entering your account name and password into a fake site where your personal information could be stolen. These types of phishing scams are everywhere.  Only use hyperlinks from sources you trust.  I hope you are growing more trustful of Liebling Realized, so I'll offer this hyperlink Information Security Buzz where you can read more about avoiding phishing scams.  
  • Take the time to add contacts:  Services like Facebook, Google+ and Klout are really persistent in asking you to link accounts so you can easily share contacts between services.  DON'T DO IT!  Once the sites have the information of your friends and peers, it falls under their terms of use, which could open up that network of contacts you've work so hard to develop to unsolicited marketing and promotions.  
  • Be mindful of location preferences:  GoogleMaps, OpenTable, FourSquare and other social
    media sites and applications can make use of the GPS location settings on your smartphone if you let them.  So, don't let them  (Thanks to John W. Tomac for the illustration below, which ties up my post pretty well).  You'll have to lose some of the conveniences these services provide for the sake of security, but it might be beneficial in the long run. 

Parting Shot

Are the benefits of social media and social networking vast for us personally and professionally?  Undoubtedly.  At the same time, an almost as vast set of risks can come into play.  Mitrano (2006) phrased this situation well, for me anyway: "New technologies alarm us for very real reasons but can and must be addressed in ways that do not crush innovation and fun" (p. 22). 

Hear, hear!  

Mitrano, T. (Nov/Dec 2006). A wider world: Youth, privacy, and social networking technologies. EDUCAUSE Review, 41(6), pp. 18-28. Louisville, KY: EDUCAUSE.

Olson, T. (Feb 23 1998). Loose lips sink ships. Scholastic Update, 130(10), pp. 15-17. New York, NY: Scholastic, Inc.


  1. Mike,

    I like your ship metaphor - great summary of privacy. I'm going to piggyback on two important points you brought to the forefront because you expanded my thought process on them:

    1. Use Bookmarks...or URL be sorry (nice play on URL by the way) - For this point you discussed phishing scams where you think you are logging into Facebook, but it's really a phony site. In addition to phony sites, it's important to keep in mind that using public wi-fi or computer stations (i.e. European internet cafes) can be another threat. So, while you may be logging into the real site, proceed with caution because users often allow the computer/site to remember their password by careless error. Programs such as cookies can be used by hackers to access your accounts. Me personally, I tend to not log into things like bank accounts or email when using someone's wi-fi because you just don't know what their security settings are or who is lurking.

    2. Be mindful of location preferences - To add on to your point, many of us have commented on refraining from using FourSquare or tagging ourselves at specific locations, but another thing to consider is turning off your location setting in your accounts and/or phone. Even if you are adding a post to Facebook and didn't check in to a location, it may stamp where you were when you posted and the time. That's enough information for lurkers to work with.

    You mentioned in prior posts that you work at a college and utilize social media to communicate with students. Besides providing best practices on what content to and not post, do you also provide education to your students about social media risks and safety? Also, have you experienced issues where the school's Facebook or Twitter account was compromised. If so, how did you mitigate the issue?

    1. Social media in the college environment is pretty interesting. First, we've not had any of our accounts hacked. While I know if could happen at any point, our protocol is to change social media passwords quarterly so at least I have comfort that it is a moving target.

      As you might expect, many of our students are pretty experienced with social media when they get to us. We don't have specific social media workshops for them. Instead, during both freshmen and transfer orientation, social media best practices are brought up during discussions of time management, personal security, classroom decorum and general civility towards others on campus. Our thinking has been that, with the traditional college-aged student, social media has been a part of everyday life throughout their teenage years. Rather than separating social media out as a stand alone subject, we raise those issues in a variety of subject areas to reflect and mindful of how pervasive it is in all different aspects of their life.

      I'd be interested to hear whether people think that approach is sound or whether it should stand alone so please feel free to comment.

      During the personal security discussion is when they are introduced to our social media policy so they have a sense of what our expectations are, etc.


  2. Mike,

    I'll be honest - I was not aware that the Library of Congress is archiving tweets, so thanks for sharing!

    You suggest that readers be wary of URLs, which is a great tip; I've received several Direct Messages on Twitter that include URLs that are actually phishing scams. One of your suggestions is to only use hyperlinks you trust. What makes a hyperlink trustworthy, especially for people using social media for information discovery?


    1. Good question. I probably haven't thought this through as much as I should, but I think source is the biggest factor for me. If it is a link embedded in an email or a document, the identity and extent of my relationship with the person from whom I've received it is key.

      Also, the link address itself. Have you ever noticed the odd formation and construction are of many of the spam links we receive? If they used links or something, they'd be even more successful. I suppose they don't use services like that because they'd then have to identify themselves with the URL services which leaves more of a trail.

      Microsoft offers some good advice on how to spot the scammers at this site.


    2. Good point! Many of the spammy URLs that we receive have strange construction. They also sometimes try to use familiar words - like Google, for example - but break them up strangely ( or some such).

      The Microsoft article has great advice. I'd add:

      -If an email seems too good to be true (Please give us your bank account information so we can send you this million dollar inheritance!) it probably is... so don't click the link.
      -If the link looks strange but comes from a friend (like Twitter DM spam), ask them if they sent it before clicking.

      Great work, Mike!

    3. Thanks Kait. While I wish those poor folks with the rich prince who passed away in Africa were actually in a position to send me funds, I'm not willing to put my information at risk.

  3. Hey Michael,

    Great post. I love how you brought up quite an old example about security from World War II and tied it in with today’s current social media security concerns. As I look through many of our classmates’ blogs and ponder the various concerns about identity theft and other potential security risks surrounding social media, it does strike me that the things we should be looking out for have been things we always have been looking out for.

    By this, I mean to say, we should always be wary of how we share information and interact with people in the real world. When we meet someone at a local coffee shop, we will rarely say an incredibly loud, offensive joke that your friend might get but those sitting next to you would not. When making a purchase, we wouldn’t flagrantly pull out our social security number or credit card number so easily as to make it viewable to anybody who passes by. We are often wary of strangers that may be too interested in our business and tell our children not to talk to them. The Internet is basically structured the same way. Then, why are we more comfortable about sharing so much of ourselves on our social networks in ways that we wouldn’t have previously? Social media only heightens the dangers and makes it easier to make these ‘real world’ mistakes.

    I love that you bring up the fact that every one of our tweets are being archived by the Library of Congress. It certainly makes one think twice before tweeting that one dopey joke you have to get out there knowing it will sit beside some of the greatest classic pieces of American literature and art for all eternity. The social web is a strange kind of digital permanence that will save and take in any and all information and the person who put it there has no idea what forms and shapes it can take, even if they ‘delete’ it.

    Security and privacy have come to the forefront in the debate about social media and the way we use it. With all of these tips in mind, do you practice secure social web browsing? Even as I wrote up my blog, I discovered ways that I could improve and secure my information. Was there anything you found while doing research for your post that has made you change a certain behavior or way you post on your social network?

    1. I too found ways to be more secure. One problem I think I have is that I like to socialize, meet new people, etc. In some ways, I'm probably the (harmless I hope) friendly stranger that I told my kids not to talk to. I simply like to interact. In doing that, though, I open myself up to the possibility of sharing too much information.

      In the comments somewhere else this week, Kait mentioned the "Braggodician Behavior" idea Qualman wrote about. I think he is right and wrong.

      Sometimes, people are trying to put themselves at the forefront, showing off what they do or where they are. They want to be part of the "cool kid" crowd.

      However, I think most of us, initially at least, only think about who is directly seeing it because we actually don't believe we are that important or interesting to the rest of the world. It's when that person who we didn't consider brings up to us our "braggodocious" display that we realize "our world" is even bigger than we thought.

      Thanks for commenting.


    2. Nashrid - great point about comparing how people cage their privacy in face-to-face scenarios vs. how freely some are to share personal information via social media tools. I think as end uses we tend to put faith in our account settings and trust that it will be secure enough, but as Mike noted there is a history of our posted entries being stored in a repository. We have also all heard or read the headlines about the security of these tools being compromised.

      It's funny, but reading this week's assignment makes me want to use social networking tools less. I realize that nothing is secure-proof, but boy does this shine a big bright light on some "watch-outs" that we should be paying attention. Great points guys!

    3. Nash - Your example of "when we meet someone at a coffee shop" reminds me of a College Humor video that illustrates some of the things you mention in that paragraph. It's called "Twitter in Real Life." Slightly unrelated to the discussion of privacy, but a good way to illustrate how absurd our musings on social networks can sometimes seem.

      Mike - Interesting commentary on braggadocian behavior. When I speak to my students about this behavior (I call it the Humble Brag), I let them know that while we are quick to criticize the behavior of others we may neglect to realize we participate in the behavior ourselves. I'm certainly guilty of this from time to time.

      Keeping Tara's commentary in mind, I'll ask all three of you: Considering this week's discussion of privacy, are there any social networks you currently use that you are now thinking twice about using?

    4. Funnily enough, soon after posting this, I overheard some quite loud, embarrassing conversations at Barnes & Noble while I was trying to do my homework. Needless to say, some people should learn how to exercise better caution, privacy, and security in their real life conversations as well.

      In regards to Kait's question, I have always been wary of Foursquare. I have never seen the appeal of letting people know where I am at any given moment. The very idea of that one makes me a little uncomfortable, especially after this week's readings and seeing how geo-tagging can really be dangerous.

    5. Like Nashrid, I've also been wary of Foursquare - I'm not "mayor" material anyway LOL!

      I'm still a bit cautious of Twitter as it seems more free-flowing. Maybe it's my perception, but I just have this weird feeling that I'm able to manage the security of my account much better on Facebook.

      After reviewing our security discussion, I somewhat wary of LinkedIn because it lists your job history. How easy is it for hackers to use this information to build false profiles for identity theft? Just a thought.

    6. If there was a media I would drop, it would be Foursquare, but I never joined it in the first place. I always had a concern over how easily it would allow people to track where you are, where you've been, etc.

      Since I was never there, I will still try to answer the question. Of the ones I currently use, I would probably drop Facebook. My reasoning is that I use it the least (having only come back recently after having disabled my account in 2009 after 3 years of use) and find that many people do very little "serious" communicating there. It's great for personal-social use.

      I love Twitter, chiefly as an information resource, and I like LinkedIn which is growing its features and strengthening its service, I think. I would be loathe to give those use.


    7. That kind of 'geo-tagging' social networking seems to be a widespread issue now, beyond Foursquare. You can't post anything from your phone anymore without it broadcasting where exactly you are posting from. Invasion of privacy has become the norm and its up to you what you want to share on Twitter, LinkedIn, etc. It just take a lot more elbow grease to protect yourself through your own personal privacy settings.

  4. The embedded video made a rather dull topic very entertaining. Thanks for sharing!

    1. Thanks for visiting over from the Team 6 neighborhood!

  5. Michael,
    I thought you did a great job covering this weeks topics in an entertaining an interesting way. Not only was it visually appealing with the images and videos, the way it was written kept me interested through its entirety. I really like how you related the United States WWII campaign and the idea that "Loose Lips Sink Ships". Even though this was over 50 years ago, the idea still remains the same. Social media for personal or business use comes with a responsibility. You should always remember to post appropriate materials knowing that someone could always be watching. I also had no idea that the library of congress is archiving all tweets that are made by a U.S based account. I really have to think twice about what I post now.

    I'd also like to jump in the conversation about relating social media privacy to real-world communications. You wouldn't ever proclaim embarrassing information loudly to the world, so why do it over social media? Or maybe, you would? Here is actually a funny story about a writer who "live tweeted" a breakup that he was listening to on the roof of his apartment ( ). You always have to be aware that someone can be listening in real=life or even watching while on social media!

    1. That link is pretty eye-opening. Maybe we should be paraphrasing the golden rule -- post for others that which you would like them to post about you.

      I like your use of the word responsibility. "Being responsible" is the best chance we each have to secure communications of any kind. There are also different ways we need to be responsible. For ourselves, yes, but
      this Chicago Tribune article talks about how social media users have a responsibilities to those they post with and about. To me, it was a good look at another aspect of social media use that I hadn't yet considered.


      Kleinberg, S. (Nov 8 2012). With great social media power comes great responsibility. Chicago Tribune. Chicago, IL: Tribune Media.

  6. Hi Mike-
    I really like the images you chose for this post. They certainly say it all.

    Do you think the risks you speak of will forever be inherent in social media, or do you think advances will be made to better protect us online? It becomes a full time task, ensuring that our security settings are updated on all sites. I wonder if there will someday be one site whereconsumers can go to manage security across all platforms. I agree that we will never fully reach the “state” of security, but there should be an easier way of coordinating the effort.

    Apparently, HootSuite already offers such a service to organizations. Their “Managed Security and Compliance Services create a secure, complete environment for policy management and enforcement across an enterprise’s entire organization, protecting its brand and data against a full spectrum of security and compliance threats” (“HootSuite,” 2014). This is even more important for organizations in industries such as finance, healthcare and insurance, as well as those that are publically traded and require persistent monitoring of their brand reputation.

    You mention the permanence of online posts. It is mind boggling to consider how quickly and easily we can make a post to Twitter, for example, and how long we may feel its repercussions afterwards.

    You mention the conveniences we may have to sacrifice in order to ensure our security. The problem lies in striking that balance. How do we determine where do draw the line?

    (2014, February 26). Hootsuite launches managed social media security & compliance service for enterprises. Retrieved from HootSuite website:

    1. Thanks for posting Susan.

      In terms of determining where to draw the line, I think it becomes a really personal thing, which I guess is apropos for social media which is a very personal tool.

      For me, I post what I believe is relevant and interesting to me and I hope that those who follow me have some interest in it as well. My most used form of social media is Twitter. I like it as an information source and, I think, it actually best reflects you when you use it. You can't hide in 140 characters. The real you comes out because you have to work to make your point.

      In that work, I think, is where we each draw our own line.