Main Nav

Security Awareness on Social Media

Social media is one of the fastest growing areas of online activity, and one of the fastest growing areas for malicious cyber activity. Even if your organization blocks access to social media sites, there are a tremendous number of risks you have to make your faculty, staff and students aware of. Here are some of the key points we recommend in any awareness program concerning social media sites.

Privacy & Social Media: Privacy does not exist on social media sites. Yes, there are privacy options and controls, but too much can go wrong and your sensitive information can end up being exposed. Things such as your account being hacked, your friend's accounts being hacked, privacy controls changing, getting the privacy controls wrong, or people who you thought were your friends are no longer your friends. Long story short, if you don't want mom or your boss reading it--don't post it. This means being careful and watching what your friends post about you, including pictures. If nothing else, remember that employers now include sites like Facebook and Twitter as part of any standard background check.

Scams & Social Media: Social media websites are a breeding ground for scams. If one of your friend's posts seems odd or suspicious, it may be an attack. For example, your friend posts that they have been mugged while on vacation in London and need you to wire them money. Or perhaps they are posting links about great ways to get rich, or some shocking incident you must see. Many of these scams or malicious links are the very same attacks you have been receiving in e-mail for years, but now bad guys are replicating them in social media. If you see a friend posting very odd things, call or text them to verify that they really posted the information.

Work & Social Media: Do not post anything sensitive about work. Be sure you understand your organization's policies about what you can and cannot post about your job.

Social media is a powerful way to communicate and stay in touch with people around the world. We do not want to scare people away from it. Instead we simply want to make people aware of the risks so that they can leverage technology more effectively.


Lance Spitzner is training director of SANS Securing The Human program. His job and passion is to work with organizations around the world to help them build high-impact awareness programs. Learn more and access free awareness resources at

Tags from the Community