Securing Social Media
By Senior Airman Kayla McWalter, N.H. Air National Guard Joint Force Headquarters
/ Published August 03, 2015
PEASE AIR NATIONAL GUARD BASE, N.H. -- Over the past several months, there have been multiple news reports of threat actors using social media sites such as Facebook, Twitter, YouTube and more to target government or military personnel and their families. These threat actors are likely collecting all available information, such as names, addresses, photographs that are potentially embedded with Global Positioning System, or GPS, information, military units and organizations.
Posting information to social media sites without carefully considering the intended audience may have detrimental effects towards the individuals associated with the information posted, their families or the organizations.
The process called Geotagging is an automatic function of any smartphone that many people are unaware of. Geotagging adds geographical identification to photographs, video, websites and text messages. It is the equivalent of adding a 10-digit grid coordinates to everything you post on the internet.
Photos posted to photo sharing sites like Flickr, Picasa and Instagram can also be tagged with location, but may not be an automatic function. These sites allow people to tag a location on their photos, even if their camera does not have a GPS function or was turned off. A simple search for "Afghanistan" on Flick reveals thousands of location tagged photographs that have been uploaded.
Tagging photos with an exact location on the Internet allows random people to track an individual's location and correlate it with other information.
Military members deploy to areas all over the world some locations are public, others are classified. Members along with their loved ones should not tag their uploaded photos with a location. Publishing photos of classified locations can be detrimental to mission success, and such actions are in violation of the Uniform Code of Military Justice.
Below are tips to follow in order to avoid exposure of any sensitive or personal information.
For organizational social media sites:
· Consider the target audience of the site, and restrict access according to the target audience
· Validate all posts to social media are not shared publicly
· Set appropriate roles for social media site administrators
For personal social media accounts:
· Use a dedicated email address for social media sites - not associated with the same account used for banking or other sensitive information
· Create a strong, secure password. Where possible, use two-step verification such as Google 2-Step verification.
· Do not click on embedded hyperlinks within suspicious emails
· Do not open attachments within suspicious emails
· Do not post personal identifiable information publicly on social media sites
· Require login approvals when accessing social media accounts from unusual devices
· Log out after each session
· Change passwords on a regular basis
· Limit or don't allow tagging of pictures
· Limit the amount of personal information you post
The Internet makes it easy for people to misrepresent their identities and motives. Consider limiting the people who are allowed to contact you on these sites. If interacting with people you don't know, be cautious about the amount of information that you reveal, or agree to meet them in person.