3 things you can do to make social networks more secure

6 Feb 2018

Image: Eugenio Marongiu/Shutterstock

Mark Stockley, senior security adviser at Sophos, gives his advice for safer social networking.

It’s Safer Internet Day 2018, a day designed to “promote the safe, responsible and positive use of digital technology for children and young people”.

Like any technology, the internet and the software that runs on it has plenty of bugs, and there is much that could be fixed or improved in the service of keeping young people safe.

Future Human

But that’s only half the story.

The internet and its social networks are driven and shaped by how we use them. Our children aren’t just inheriting some technology, they’re inheriting culture and behaviour, too.

And that’s why I’m looking at the other side of the coin: three things you can do for your social networks.

1. Turn on 2FA

Two-factor authentication (2FA) keeps your account safe and secure even if your password is guessed or stolen. In exchange for putting up with the the minor inconvenience of entering a one-time code alongside your password when you log in, you’ll get an instant, permanent security upgrade that makes your valuable accounts much harder to hack.

At this point, you might be thinking that this sounds a lot like something you can do for yourself rather than something you can do for the others on your social network. It is, but losing control of your Facebook or Twitter account to some crooks doesn’t just affect you. You’ve lost an account but the friends and colleagues in your network have a fox in their hen house, disguised as you, with all the personally identifiable information they need to pass themselves off as you.

The most popular social networks – such as Facebook, Twitter, Instagram and Snapchat – have all done their part and made 2FA available, but it’s up to us to actually use it.

2. Behave yourself

A wiser person than me once said: “Before you complain about being stuck in traffic, remember: you are the traffic.” And so it goes with social media; you are the social network, and how you choose to behave matters.

It’s easy to come up with lists of things that social networks should do to make our lives easier by controlling and regulating other people’s behaviour (indeed, Paul Ducklin’s got something to say on that). It is far harder, but perhaps even more important, to look critically at ourselves and ask how we might control and regulate our own behaviour.

‘Controlling and regulating’ might sound onerous but it shouldn’t because it’s exactly what we do all day, every day, in the real world.

Of course, it’s easier in the real world where we’ve been swimming in a sea of almost constant non-verbal feedback for about 200,000 years. Online, we’re all still figuring out the very basics of what used to be called ‘netiquette’.

Teachers will tell you: if you want to connect kids with the consequences of what they say online, just have them say it aloud. That seems like a good enough place to start, so I suggest this: if you wouldn’t say something to a person’s face, don’t say it to their avatar.

3. Log out

Want to model some good behaviour for your kids, protect your account and put a stick in the spokes of your social network’s giant track-o-matic machine? Just log out.

I know, I know – if you log out, then next time you want to use your favourite social media, you’ll have to log in again. With 2FA enabled, that could take several seconds, time you could have better spent watching one-eighth of a cat video.

Logging in when you start and logging out when you’ve finished is a little inconvenient, it’s true, but it stops two kinds of attackers in their tracks.

The first is the kind of person who pretends to be you by sitting at your desk when you’re not there, or by stealing your phone if you leave it somewhere. 

The second is a hacker using an attack called a cross-site request forgery to trick you into doing something bad, like giving them access to your account without you realising.

Logging out also stops the social networks from tracking your movements around the web. The tracking beacons they use to do this, which are present on a huge number of websites, feed information about what you’re doing on the web into their giant data-collection apparatus, but only if you’re logged in.

Staying logged in after you’re finished with something is the same as writing your password on a Post-it and sticking it to your screen when you go to make a coffee. You wouldn’t do that and you wouldn’t want your kids to, either.

By Mark Stockley

Mark Stockley is a senior security adviser at Sophos and founded independent web consultancy Compound Eye. He is based in Oxford.