Cybercriminals and hackers are targeting social media accounts more than ever before — Mark Zuckerberg was even a victim. In light of this new threat, we asked IVY Member Joseph Steinberg to share some of his secrets for staying safe on social.
Joseph Steinberg is a cybersecurity expert and entrepreneur. He is CEO of SecureMySocial, which recently brought to market the world’s first system to warn people in real time if they are making inappropriate social media posts. He is also the inventor of several other popular cybersecurity technologies, and the author of books and an Inc. column on information security and business-related topics.
Joseph sat down with IVY Magazine to offer quick tips for protecting yourself on social media, how to safely use public Wi-Fi, how to pick strong and easy-to-remember passwords, and more.
Joseph is an IVY Member (NY). Connect and collaborate with him here.
What some easy ways to stay safer on social media?
- Enable dual-factor authentication: Twitter, for example, allows people to turn on a feature that requires users logging into an account for the first time from a particular device to enter a one-time code that the social media platform texts on such occasions to their cellphones. Such a security system makes it harder for criminals to hijack someone’s account and would have prevented a hacker from taking over Mark Zuckerberg’s Twitter account without gaining access to Zuckerberg’s phone. If you use Twitter, Facebook, and/or Instagram regularly, you should be using multi-factor authentication to secure these accounts.
- Utilize strong passwords for social media accounts: “dadada” is not a strong password. That may seem obvious, but Mark Zuckerberg apparently used exactly that password to secure his LinkedIn, Pinterest, and Twitter accounts.
- Do not reuse social media passwords on multiple accounts or for other accounts: A leak of Mark Zuckerberg’s LinkedIn password would not have led to his Twitter or Pinterest accounts being hijacked if the passwords were different (and not similar enough for someone to extrapolate. For example, if your LinkedIn password is LinkedIn123 then a hacker may try Twitter123 for your account at Twitter.)
- Utilize social media alerts: People using a social media alert systems receive warnings if inappropriate tweets are issued from their accounts (the tweets could be automatically deleted if the alert system is so configured), so they would know immediately that their accounts had been hijacked and be able to react far faster than otherwise. Zuckerberg’s accounts may have been restored to his ownership faster if such a system had been in place.
- Do not accept “friend” or “connection” type requests from unknown parties: The people issuing those requests may have nefarious purposes for trying to access your personal information, and obtaining control of your social media accounts may be one of their goals.
- Practice good general information-security hygiene: There are ways that doing so can help protect social media accounts, for example, by preventing malware from capturing relevant passwords and one time codes.
What about public Wi-Fi? Is it significantly less safe than a private network?
Safe is a relative term. Public Wi-Fi is generally-speaking not as safe as using a private connection that has been properly secured. There are also different types of public Wi-Fi – a shared guest network in an office, to which only authorized guests have been given access, is different than a Starbucks Wi-Fi network which, in turn, is different than a Wi-Fi network setup with no security at all.
From a practical standpoint – people are going to use public Wi-Fi – so the question is how to do so in as safe as possible a manner, not whether public Wi-Fi should be used.
Public Wi-Fi is a great convenience that most of us – if not all of us – utilize regularly. There is little doubt, however, that using public Wi-Fi creates serious cybersecurity risks. At the same time, cybersecurity practitioners who preach that people should refrain from using public Wi-Fi are about as likely to succeed in their effort as someone telling people to abandon insecure computers and instead use un-hackable typewriters. As such, here are 9 suggestions as to how to use public Wi-Fi safely:
- Turn off Wi-Fi on your mobile devices when you are not using Wi-Fi and do not want to use it. This will prevent you from unknowingly connecting to a network with the same name as one to which you have previously connected. As an added bonus, turning off Wi-Fi will also conserve battery power.
- Do not perform sensitive tasks over public Wi-Fi. Do not bank online or shop online from such connections. If you need to perform a task of that sort, turn off Wi-Fi and use your cellular connection. If you don’t have a cellular connection on your computer or tablet, consider “tethering” the non-cellular device to your cellphone.
- Consider using a VPN service. If you cannot use a cellular connection and must use the Wi-Fi connection for a sensitive task, consider using a VPN service; doing so adds several security benefits.
- Use encryption. Many popular sites offer HTTPS access in addition to HTTP. It is especially important to use HTTPS whenever you use a public Wi-Fi network – doing so prevents other users on the network from seeing the content of your communications.
- Turn off sharing. If you are using a computer or device that shares any of its resources, turn off any and all shares before connecting to the public Wi-Fi.
- Make sure you have information security software on any devices that will be connected to public Wi-Fi networks. For computers this means security packages that include both anti-virus and personal firewall capabilities; there are other packages designed specifically for smartphones and tablets.
- Consider using Tor. If you don’t want your browsing history to be tracked by anyone, consider browsing using Tor. The Tor Browser Bundle bounces your communications through many servers and makes tracking exceedingly difficult. There are also Tor browsers for Android devices. There is a tradeoff, however; Tor will slow down your communications.
- Do not reset passwords when using public Wi-Fi. If you can, avoid resetting passwords in a public location regardless of whether or not you are using Wi-Fi.
- Understand the difference between true public Wi-Fi, and shared Wi-Fi. There is usually a much lower risk of being mis-routed to phony sites or of malware being delivered to your device if you use the password-protected guest network at a client site, for example, than if you use unprotected free Wi-Fi offered by a public library. That does not mean that you should fully trust the network; other guests at the site still pose risks.
Any advice on passwords?
- Don’t use strong passwords on accounts that you create solely because a website requires a login, but which does not, from your perspective, protect anything of value. Doing so will preserve your memory for sites at which password strength matters.
- Understand that there are different levels of sensitivity. Your online banking password should be stronger than your password to a store at which you shop with one-time credit cards, which in turn should be stronger than the password used on a site on which you comment solely on unimportant matters.
- Whenever it is available for a site requiring security, consider using multi-factor authentication that requires you to approve logins from new devices by entering a code texted to your cellphone. For sites that need strong passwords, create an memorable, strong code by combining three or more unrelated words and proper nouns, with numbers separating them. For example: “desktop8jonathan3goats.” Such a password is far easier to remember than “w4x&Py6Q.” In general, the longer the words the better.
Ideally use at least one non-English word or proper name with which you are familiar but which others wouldn’t easily guess that you selected as part of a password (so if your significant other has a non-English name don’t use it!) – e.g., “louvre!8iyengar!3goats.”
To increase password strength even further without making memorization difficult, consider using a couple capitals that always appear in a particular location throughout all of your strong passwords, just don’t put them at the start of words (e.g., the last two letters of the second word – “louvre!8iyengAR!3goats,” or by site type – e.g., “the second letter for banks, third for credit card companies, and fourth for all other sites,” or by the letter corresponding to the length of the name of the site being accessed – e.g., the fifth letter for chase.com, etc.)
- Do not change passwords too often. This recommendation may go against conventional wisdom, but that’s because many security professionals seem to think theoretically without a good understand of human weaknesses. The AARP itself states “Change critical passwords frequently, possibly every other week.” Think about that for a moment. If you have a bank account, mortgage, a few credit cards, a phone bill, a high speed Internet bill, utility bills, social media accounts, email accounts, and pay rent or mortgage etc. you may easily be talking about a dozen or so critical passwords. Changing them every two weeks would mean 312 new critical passwords to remember within the span of every year. How many people stand a chance of remembering that number of codes, never mind complex codes? Changing passwords often makes if far more difficult to remember them, increasing the odds of their being written down and stored insecurely.
A portion of some of these responses appear on Inc. Feel free to read more about How to Be Better at Social Media Than Mark Zuckerberg, How To Create Strong Passwords That You Can Easily Remember, and How to Safely Use Public Wi-Fi.
To become a part of the IVY community and attend events near you, please visit IVY.com.