In this week’s Cyber Risk Report we briefly discussed the fact that millions of individuals are victims of their own carelessness by freely posting information such as vacation plans and family photos on social networks and by storing Personally Identifiable Information (PII), such as medical records and financial information, on mobile devices. Users are sometimes not properly educated when it comes to what types of information should be shared, and with whom they should be sharing this information. This lack of education and subsequent “overposting” of personal details is now trickling down to our youth, some of whom are under the legal age to even utilize some of these social network sites.
I’ve spoken to several groups of young (ages 5-13) kids in the past few months at various venues – schools, Take Your Children To Work Day, etc. – and I’m sure to the surprise of probably nobody, almost all of them are using cell phones, sending/receiving email, browsing the Internet, posting/watching YouTube videos, and even a small percentage of them already post/share via their own Facebook profiles. This is a bit disturbing considering that Facebook prohibits the use of its application for anyone under the age of 13, and almost all of the children I’ve spoken to are not yet 13!
It is highly recommended, especially in the case of minors, not to provide personal details such as gender, complete birth dates (including year of birth), home addresses, family photographs, and name and location of schools currently attending. In addition, there are settings in applications such as Facebook that can be leveraged to minimize the amount of “Friends” that are allowed to view your personal information.
Here are some guidelines to be followed by both adults and minors (those who are at least 13 years old, of course!) when posting and sharing personal information via social networks:
- Do not share too much information – in other words, include the minimum amount of information. For example, chances are your “Friends” should already know if you are male or female! See the list at the end of this post for the types of personal information that should NOT be shared.
- Do not post pictures, video, or words that can damage a reputation (including your own!) or hurt someone’s feelings.
- Pictures, particularly with EXIF data embedded, should be avoided if at all possible. EXIF data may include, among other things, date, time, and GPS location data of photos, which could provide details of where you live, go to school, or work.
- Tagging photos – restrict who is able to see your photos.
- Post only information that you are comfortable with other people (meaning potentially EVERYONE!) seeing.
- Do not post information about upcoming trips, vacations, etc. Share where you’ve been, not where you are going! To keep it simpler, always post in “past tense”!
- Reputation – once information is posted, it is available for reference by others FOREVER!
- Remember…. Teachers, parents, coaches, college recruiters, prospective employers, and the police may end up seeing the information you post! Are you sure you want to take that chance???
Avoid sharing any of the following information via social networks:
- Your age
- Your gender
- Your Social Security number
- Your street address
- Your phone number
- Family financial information – bank account and credit card numbers
So now what? It’s obvious to all of us that the Internet is a valuable resource and I’m sure we can agree that leveraging the ubiquitous connectivity to the Internet provides us with a plethora of opportunities to express ourselves, quickly locate information, and communicate with our friends, families, and coworkers. However, I think that sometimes we move a bit too quickly into some of these Internet-generated opportunities without understanding the full consequences of our actions. So I ask you to please take some time to think about the information you post to web sites or social networks prior to doing so, because once it’s “out there” it is “out there” for good!