01 Feb How to secure your social account
In this post we will show you the vital Social Media Security settings that you should deploy on your social accounts. Within this post, we will include the most popular networks, which are Google, Facebook and Twitter. Other networks should have similar settings that you can deploy.
We provide a range of social services to our clients and as we are a very security orientated business, the first thing we do is secure our clients social accounts. This extends beyond just securing the social account, but also securing the email account. Email is commonly the most insecure aspect of any business. It serves as the key to all your accounts as passwords, password resets and other emails will be sent to your email account. By obtaining access to your email account, an attacker can then obtain access to all other websites that you use that email address with.
Why would someone want to attack me?
There are many reasons, almost all of which are not personal. The attacker is usually a bot, which will attempt to gain access to random accounts to obtain information or further access.
Do not take an attack personally, instead, focus on securing your accounts and tracking any unauthorized accesses to your account.
It is highly recommended to change your password before you add security so that you can be sure that your password is fresh and you are the only person who has this password.
GMail / Google
e-mail is such a weak link in the chain that Gmail recently announced that it would be displaying warnings if your account was the subject of State Sponsored Attacks.
If an attacker can gain access to your email account, they can then reset your passwords for all services you have that use that email account. The attacker could reset the password for Facebook, Twitter, Paypal etc and the password reset email would be sent to your email account where the attacker could
While you will likely never see this warning, there are ways that you can obtain data about who has accessed your account and from where.
For this example, we will focus on GMail as that is the main system we use and are most familiar with. However, these settings are for your whole Google account which includes all Google services and not just GMail.
Google has two locations for this data, one shows just access to GMail and the other shows access to your Google account.
Last Account Activity for GMail
Scroll to the bottom of your emails and you will see “details” linked. Clicking on this link will open a new window showing your last logins to GMail.
Last Account Activity for your Google Account
Visit https://security.google.com/settings/security/activity?pli=1 and you will be able to see the logins for your entire google account.
Here you can see all activity for your entire google account. Both of the above locations can be used to make sure that there are no unauthorized accesses to your google account.
Google provides both 2 step verification as well as text alerts. 2 step verification will send a text message to your mobile when you login from a new device, which includes a verification code for you to use to confirm you are the account holder. Text alerts will send a text message to your mobile to inform you if anyone tries to login from a new device. Both of these are excellent features which help to secure your account and keep you informed.
You can access your security settings via https://www.google.com/settings/security
Facebook is becoming a popular target for attacks as it can be used to easily spread infections via malicious links. It is vital that you secure your facebook account especially if you are a business.
Login to your facebook account, click on the gear cog at the top right and select settings (see image below).
Next, click on “security” from the menu on the left. First, lets look at who has been loggin into your Facebook account, which you can find via the last two options which are “Recognised Devices” and “Active Sessions”.
This section will display all the devices that have been seen logging into your facebook account. Any items in this list are classed as trusted and you will not be notified when these devices access your facebook account. Check this list and if you see any that you do not recognise, click on remove to remove them from the list. If any of the devices you remove are actually you, it is fine as they will be added to the list again when you next login.
Within this section, you will see all active sessions which is similar to recognised devices, except that these are devices that will not need to login as the access details have been saved such as your phone, tablet, pc, laptop etc. Just as you did with recognised devices, check this list and click on End Activity for any sessions that you do not regognise. If any of them are you, they will be added to the list again when you next login.
Facebook provides a lot of security options, which I will run through below with a brief explanation of what the option does.
Enables a secure connection between you and facebook, encrypting the connection and preventing a “man in the middle attack“.
Send notifications to you when an unrecognised device logs into your facebook account. This can be done via text message and email.
This is a 2 step authentication process, sending a verification code to your phone when you login from a new device. The verification code needs to be entered into facebook to confirm you are the account holder.
An excellent recovery method that allows you to generate codes which can be used to recover your account should your account be hijacked or hacked. Save these codes somewhere safe.
Twitter has been a bit lapse when it came to security in the past. They were quite late implementing a 2 step authentication system which resulted in many big Twitter Accounts being hijacked. This caused twitter to finally implement some great security methods, similar to Facebook.
Login to Twitter and click on the gear cog and then “settings” (see image below).
Click on “Security and Privacy” from the menu on the left.
Here you can add your mobile number, if you have not already done so. Once your mobile number is confirmed, you can select “send login verification to” your mobile number of the twitter app, depending on which method you prefer. This is 2 step authentication and is a pretty good security option.
Unfortunately, with Twitter, there is nowhere to see who accessed your account, unlike GMail and Facebook.
Never click on a link in an email. This is a common tactic used to steal your login details by pretending to be facebook when they are not.
Use strong passwords. We recommend using randomly generated passwords so that they are almost impossible to guess. We use an online password generator.
Use a good anti virus and make sure that you regularly update the virus definitions and perform regular scans.
I prefer to use AVG for all our computers as it is free and lightweight as well as catching a large proportion of viruses and malware.
Here are a few good free online anti virus scanners which can be used on demand should you be unable to install anti-virus due to an existing infection:
Trend Micro – House Call
Use a good anti virus and protection app for your phone or tablet. We suggest using 360 Security or AVG as they are lightweight and secure you against malware apps, suspect links and damaging web pages. You can also wipe your phone remotely if it is stolen, ensuring your data is protected and you can even locate your phone remotely.