Facebook, MySpace, LinkedIn, Twitter, Ning, Digg, MeetUp, blogs, etc., -- the number of social networking sites and tools is exploding. Social networking is the killer app of the Internet for everyone – not just the texting teenybopper crowd. Such sites have breached the walls of the corporate firewall, are a part of our most important smartphone apps, are a vital tool for any serious job search, and are the new way to connect with current and new friends. Social networking is about self forming groups, a dynamic author Clay Shirky examines in his book Here Comes Everybody: The Power Of Organizing With Organizations. But using social networking tools and sites seems to be in direct conflict with another important principle of using the Internet – protect your identity from identity theft. Participating in online social networking sites leaves a trail of personal information that can make stealing your identity a whole lot easier. What’s a current-day Internet user to do? Should we go blithely along like a fish protected in a larger school of potential identity theft victims, or maybe we should forego social networking altogether? No and no. Instead each of us should take responsibility for protecting ourselves. On the following pages, I bring you my top 12 tips to help you practice safe social networking.
(To quickly flip through this list, check out the slideshow version, 12 tips for safe social networking.)
Social networking means opening up and sharing information online with others, but there’s some information you should never share online. Protecting yourself from sharing Too Much Information (TMI) can save you from identity theft and even protect your physical safety. So let's start with the obvious … never share your social security number (including even just the last 4 digits), your birth date, home address or home phone number (although sharing your business phone is ok ). Of course, you should protect all of your passwords, PIN numbers, bank account and credit card information.
But I advise you to never share the state where you were born as this information can be used to obtain your social security number and other identity information. Facebook, for example, allows you to restrict who can see your birthday or your hometown (often times the same as your city of birth.) But not every site has these options. In those cases avoid the problem altogether by not entering information you don’t want to share. If the sites you are using don’t offer these kinds of protections, e-mail them and request these features. If enough of us make the request, they’ll get the message.
TIP 2 – Customize privacy options
Social networking sites increasingly give users more control over their own privacy settings. Don’t assume you have to take whatever default settings the site gives you. Check out the settings, configuration and privacy sections to see what options you have to limit who and what groups can see various aspects of your personal information. Facebook probably has some of the broadest privacy options, giving you control where no one, friends, friends and networks, or everyone can see basic info, personal info, photos, friends and postings.
Search is a new area where users are gaining control of what others are allowed to see. Some sites let you set limits on who can see search results about you on the social networking site.
If you’ve just joined a social networking site, or even if you have been a user for some time, log onto your account and view and adjust the privacy settings –new settings are often added over time.
TIP 3 – Limit work history details on LinkedIn
Would you put your full resume online for everyone to see? Probably not. It would be too easy for identity thieves to use the information to fill out a loan application, guess a password security question (like hackers did with VP candidate Sarah Palins’ Yahoo account) or social engineer their way into your company’s network. Limit your work history details on sites like LinkedIn. If you feel you need the added information to help in a job search, expand the details during the job hunting process and then cut back later after you have a position, leaving just enough information to entice recruiters to contact you with interesting new positions.
LinkedIn also offers some capabilities to restrict information. You can close off access by others to your network of contacts, something you don’t have to share if you don’t want. This is a common practice by sales professionals and recruiters not wanting to expose their valuable network to others who might poach customers or prospects from them.
TIP 4 - Don't trust, just verify
There are lots of reasons (most of them bad) why someone might impersonate or falsify an identity online. It could be as a prank or for “fun” such as those who impersonate a celebrity as satire. Faking an identity has a legit side too – it can be used by people who simply want to conceal who they are in order to protect their real identities. But its also the first step of those who want to embarrass or defame someone else by impersonating them, or steal an identity for financial gain or other crimes. Two security researchers demonstrated at the Defcon/Black Hat 2008 conference how easy it is to set up a Facebook or LinkedIn site using a false or impersonated identity, including links to malicious sites.
The question becomes, how can you verify that the page page belongs to who you think it does before sharing too much information or clicking on links? Start by being on the lookout for anything unusual or out of the ordinary. If the content on the site doesn't look like or sound like the person you know, avoid it. E-mail or call your friend to verify the site is legit. Let them know, too, if you think someone else is faking your friend's identity online.