Social media security

social media security
Social Media Security (CC)

This Massive Open Online Course (MOOC) looks at the security issues connected with social media platforms such as  Facebook, Twitter, LinkedIn or Google+.  This MOOC builds on content from the Information Security modules that is part of the BSc (Hons) Business Information Technology programme. This MOOC covers topics including…

  • Controlling privacy settings
  • Choosing and managing passwords
  • Physical security precautions
  • Location settings and social media

Improve your understanding of social media security and avoid becoming a victim of hackers and scammers.

Privacy settings on social media

Privacy settings on social media

Privacy settings should be used to protect yourself when you are using social media websites.

Privacy settings and social networking

privacy settings twitter

About 75% of students use Twitter constantly throughout the day – are you an active social media users? Have you looks at the privacy settings on your social media accounts? Did you know that about 10% of young people fail to secure a job because of the public content they have on their Facebook profile? The following series of  videos explain how you can control your privacy settings on Facebook and Twitter.

Who can see me on Facebook?

Who can see your stuff on Facebook – MOOC

Who can look you up on Facebook?

Who can look you up on Facebook? – MOOC

Who can contact you on Facebook?

Who can contact you on Facebook? – MOOC

Twitter privacy settings

How to change privacy settings on Twitter – MOOC

Activity 1 – Privacy settings

  1. Make sure you are not signed in to Facebook
  2. Go to a popular search engine such as
  3. Type in the profile name you are currently using for Facebook
  4. Click on your profile
  5. View the content on your profile that is visible to others. Can you see any phone numbers, posts, pictures or videos?
  6. Is there too much content visible? Write down what content you would prefer to be private
  7. Now login to Facebook
  8. Go to the privacy section and change your privacy settings

Passwords and online profiles

A password is used to block other people from accessing your information. The best password is something others cannot guess or easily break using ‘cracking’ software. Despite knowing this we all tend to use special dates, pets names or even a city for even the most important passwords. Passwords with a mixture of characters, numbers and punctuation marks are stronger making them harder to guess or break.

It is all too easy and convenient to set one password for all your online profiles but this makes it too easy for others to access all of your profiles (which are probably connected via links). If you have more than 5 different passwords chances are you will eventually forget one of them. Your social media profiles are secure but you still need to remember the password for each site.

You could create a word document and use a system to hide the passwords within a large essay or document – for example the first character of each line could be a character in the password. This will allow you to access your password without anyone else guessing it. Name the document in a way that does not hint that it is hiding your passwords. You could also consider keychain software that securely stores multiple passwords – obviously protected with a password.

Is your password secure? Interview with Dr Andrew Schofield – MOOC

Activity 2: Generate strong passwords

  • Create a new password with a password generator. Change the options to produce new passwords.
  • Use a password strength indicator to show the strength of your new passwords. Compare this strength with your existing passwords.

Activity 3: Password selections

Consider the following passwords. Write down which you think are the strongest.

Abc123 A1b2c3d4
R4c7x3E1f R4c7x3e1f
Password P@55WORD
Go!jets#1!! Admin
M^s1ster|$ alw4ysf1ne! Sister
Manchester MaNcHeStErM16

Now create a password using the elements from the following list. Consider the previous advice to create the password.

Dad See Cat £ : Home Helps 5 8 3
1 0 Mum Sister Brother Happy House Sad Wet Hot
Boy Girl Day Night Today Next Love Water Ball Pray
2 4 6 7 Swim Big You 9 See 10
Dog * Yellow Month Year March Phone Manchester Uk London

Physical security

Physical security is all about the unauthorised access of personal property and its protection from damage and harm. There are many risks. For example, leaving a personal device lying around, clicking on unknown links 0r opening emails that appears to be from a friend.

Leaving computer unattended

don't leave your computer unattended and logged on

Do you recognise this situation? By walking away from your computer while it’s still on or leaving your social networking sites logged in you are making your personal information vulnerable. Always log out. Then close the browser window. But even closing the web browser window doesn’t guarantee you have logged out. Once you have finished working on any computer anywhere, it’s important that you log out and shut the computer down. Never use pubic WiFi for accessing sensitive information such as online banking or logging into social media profiles.

Don’t leave valuables lying around

don't leave your phone unattended

Leaving mobile phones lying around or letting friends and family borrow them isn’t always a good idea. This simple action could be the beginning of many problems. For example, if you don’t lock your messages and log out of all your social media sites you are asking for “social media fun”. don't leave your phone unattended

Anyone with access to your phone can access your social networks and do something apparently in your name “for fun” or worse.

Sharing passwords

Passwords are valuable information and should not be shared.

Why you should not share your passwordWhy you should not share your password

Passwords should be changed regularly. When creating a password for social networking sites don’t ask friends for advice or set their names as the password.

Writing passwords and user names

The graph below shows some of the main methods of remembering passwords in Sweden (series 1 – blue), UK (series 2 – orange) and Germany (series 3 – grey). Graph on the way people remember passwords

The research shows that there are still some people who use same password, write them down or don’t have a method for remembering them. Even when you have created a strong password it should be changed regularly.

Same Password original size

The longer a password is left unchanged the greater the window of opportunity for a hacker to successful identify your password. Some systems force you to make regular password changes but even if a system does not require you to change a password this is not an indicator of its strength and you should still change your password regularly. Strong passwords can be difficult to remember.

Don't write passwords down

Sharing too much information

don't share too much information

Don’t display too much personal information about yourself online where it can be accessed by strangers. For example, be cautious about adding all your personal information on social networking sites. While it may look like all of these details are ‘required’ in most cases only the minimum level of information is required for registration before you can access a social network site. It is important that you set security and privacy settings to only allow friends, contacts or followers to see more of your information.

Downloading apps

downloading apps

Installing apps onto your phone is also a potential security threat. Apps may collect information about you and then unknowingly share it with third parties. In many cases you have given your permission to do this when the app was first installed. It is important to read what other people are saying about the app and to read the End User License Agreement (EULA) before installing anything.

False alerts on Facebook and other social media platforms

False alerts on Facebook

Malicious links to false videos and photos are regularly posted on Facebook and other social media platforms. They could be presented as news, events or celebrity gossip. These links can lead you to phishing sites or can start an automatic malware download on your computer once clicked.


Baiting happens when someone gives you a USB drive or other electronic media that is preloaded with malware in the hope you will use the device and enable them to hack your computer. Do not use any electronic storage device, unless you know its origin is legitimate and safe. Scan all electronic media for viruses before use and make sure you keep your anti-virus software up-to-date.


This is the concealment of hyperlinks beneath legitimate clickable content. For example, the link text or image might describe a legitimate link destination, but the actual hyperlink takes you somewhere else. When clicked, this causes a user to unknowingly perform actions, such as downloading malware or sending your ID to a site. Numerous click-jacking scams have employed the “Like” or “Share” buttons on social networking sites. Disable scripting and iframes in the browser you use. Consider further ways to set your browser options to maximize security.

Video tutorials

Physical breach

Information security responsibilities of employees

Password policy

Password policy – information security

Activity 4 – Test your knowledge

Location settings and social media


Information about the physical location of an individual can be captured and stored from social media activity. A Global Positioning Systems (GPS) receiver is found in most mobile phones. The phone can share your current location onto social media sites. Several social media networks are entirely reliant on your location information. For example, Foursquare shows your location on a map and offers a chance to meet new friends. However, you should be careful when enabling this type of information on your social media check ins. Burglars might be monitoring your checkins and planning to checkin into your home! Social Media Safety Infographic Provided By Social Media Infographic Provided by

Location settings and security

You can also use technology to fight back. There are location tracking security apps that can be used to locate a lost or stolen mobile device.

Find my iPhone

Find my iPhone is a popular security app for iOS devices that uses the phone’s GPS receiver. Users can remotely locate or wipe their iOS devices using real time location tracking. The app’s lost mode allows the remote setting of a pass code that locks the device. The second mode can erase the contents of the iPhone from any location.

How to use Find my iPhone

The next video demonstrates how to download and install Find my iPhone. It also briefly explains Find my iPhone its benefits.

How to use Find my iPhone

Activity 5: Find my iPhone

  • Open the app store
  • Login to the app store
  • Search for “Find my iPhone”
  • From the search results click on “Find my iPhone”
  • Download “Find my iPhone”
  • Follow the instructions to set it up the app

This image shows how Find my iPhone can locate a lost or stolen iPhone using GPS tracking. how to use find my iPhone

Activity 6: Test your Find my iPhone installation

  • Enable WiFi or 3G on you iPhone
  • Using any web browser login to iCloud on your computer
  • Click on “Find my iPhone”
  • You have now tracked you iPhone using GPS tracking

Do you know anyone who could benefit from learning more about social media security? Please do share this post!

This post was prepared for you by Business Information Technology students; Mohammed Anjum, Rimiz Hussain, Bilal Iqbal and Zeniab Khurshid