The other day, one of our kids asked if they could have a Facebook account. “But everyone else has got one and they keep asking me to join!”, was the response to my inevitable answer. Kids are different from employees (or are they?), but the naivety with which many use social networking sites makes the average IT security officer cringe.
While the Business world is trying to work out how to grapple with the Social Networking phenomenon, with a range of responses from a total ban to embracing them as a marketing tool, the landscape of social networking is shifting underneath our feet. Businesses are trying to evaluate the risks of popular networking sites, seeing where the boundaries lie, trying to fit the obvious security scares into the IT landscape.
LinkedIn has long been the staple of the business professional, allowing contacts to be made and maintained, while treading carefully and tastefully in leveraging the network for business. There are countless sites and books that help with the process of doing this the right way, and a stringently enforced etiquette that mostly keeps the rubbish away. Monetizing the LinkedIn user base has never been a problem because it was always part of the design and an accepted approach to the business.
At the other end of the spectrum, Facebook launched without much of a clue on monetizing, grew like mad, and is now trying to tame the beast and rearrange the mess to turn it into something that pays. In the process, the underlying precept that what you put on Facebook belongs to them, not you, is coming as a surprise to many.
Twitter seems to sit somewhere in the middle, though a recent article showed that it is used in over 85% of cases to publish news – as a news aggregator it works well. Some people are amazed by twitter’s success, but it appears to be growing up as a business tool with a proper business focus, for example allowing the purchase of ‘promoted tweets.’ When combined with its purpose of spreading news that people want in the public domain anyway, they really seem to be on to something.
An opinion piece, comparing privacy settings and features of Facebook and Linkedin, had Linkedin marginally in front, but not by a huge amount, which is worrying when you consider the woeful score Facebook got. Of all the various public sites, only Google seems to have the transparency of where your data made visible (whether you look is another story) – check out the Dashboard to see what data you’re giving to them.
The true danger of information leaks on social networking sites is only just starting to show, and you’re going to want to revisit the way you use social networking sites. My recommendations are as follows, and they are as applicable to LinkedIn as to Twitter & Facebook.
- make announcements about where you’re going
- fill in details about your date of birth, star sign, photos or other personal details
- add Interests, because these have to be links now, and are therefore public to all
- put up photos of your family, your house, your kids
- remove all your personal data
- promote your business or cause through your friend networks
- keep the personal posts to a minimum
- un-tag yourself from photos when you get tagged in them
- send direct messages or even private emails, rather than comments or wall posts
- watch out what you ‘like’ – if you don’t want the general public to know
And as far as kids having a Facebook page goes, the answer is going to remain “No way!” until a few things change radically over there.
As an example, here’s what I did, broken down by privacy section. Some of the default settings here are eye-opening. If you think this minefield of settings is tricky for someone partially Internet-savvy, imagine how shy the regular user is going to be, even if they know they exist.
- Profile Information: set everything to Only Friends, also allowed Friends to post to my wall; edited individual photo albums, changing all except profile pictures to Only Friends. There are pictures of friends in these photos, some of them tagged. I don’t want their photo and name getting into the wrong hands.
- Contact Information: Hometown and Add me as a Friend are set to Friends of Friends; everything else (though there is no address or other private data in there) is Only Friends.
- Applications and websites: Edited What your friends can share about you to ensure I’m comfortable with the information that’s checkboxed being completely public and even stored anywhere on the Internet; set Activity on applications and games dashboards to Only Friends; then went in made sure the instant personalisation pilot is turned off.
- Search: Set Facebook Search Results to Friends of Friends. It means random people can’t find me on Facebook, but so what? Went in and clicked Preview my profile to see what my profile looks like to non-friends. For Public Search Results, I’m happy with the preview information going public, so I left it checked.