Social Media Security and Privacy Best Practices

Learn how to protect yourself from malicious threats, and to effectively plan your social media security strategy and maintain proper privacy hygiene.

The internet has provided us with some amazing ways to do our day-to-day tasks better; sharing content, thoughts, freedom to express and even getting in touch with friends have never been so simple before. As easy as it sounds, it is equally vulnerable to attacks. Most hackers either take control of your account for malicious activity or are just mere stalkers. Cyberbullying is yet another challenge. It is important for us to understand how to protect and be aware of Social Media Security and Privacy best practices.

If you’re still wondering why should you care, you should read our article on why should you care about your Personal Data Privacy. Here are some of the most important ones. The first tip is a very obvious one; using a strong password.

Do not reuse old passwords; change your password regularly, at least once in three months.

Keep Passwords Safe

  • A strong password is generally referred to as a key that has over 14 characters with at least 1 special character and numbers. There are online tools that can help you by suggesting some passwords. Random and Secure Passwords to name a few.
  • Do not use consecutive letters or numbers. For eg: abcd, 9876, etc.
  • Do not use your family members’ names, the place you work, Anniversary and Birthday dates as passwords which are commonly known to others.
  • Do substitute numbers, symbols, and misspellings for letters or words in an easy-to-remember phrase. Passphrase as some would prefer. Again, partial substitution is a good idea. For example, One Step Closer can be One$tepCl0sEr.
  • Do not use long words, quotations or phrases in your password; anyone around your desk or the keylogging tools can always track the possibilities.
  • Do not use the same password for all your email accounts.
  • Do not share password information on Emails and Instant Messengers etc.

Do not write down your passwords on a paper near your desk; or even as a saved note on your Phone.

Social Media Security

  • If you use your Gmail address to sign-in to your Facebook Account, use unique passwords for the same. Your Gmail account and Facebook’s password doesn’t need to be the same.
  • Similar to emails, do not have the same password for all your social accounts.
  • Having a base password mixed with a prefix or suffix created using the name of each website can be a good idea too. So, for example, Facebook, the password is H!Th3r3Face. For Google, H!Th3r3Goog.
  • If you have synced your email / Facebook accounts with your Phone, try enabling a passcode/pattern/fingerprint for your device.
  • It is very easy to impersonate your profile these days. A hacker generally takes the relevant details from your profile and your display pictures and create a new profile with your exact name. These fake profiles further send out friend requests to all your contacts claiming that your old account was hacked and this would be your new profile. In such a scenario, it would be a great idea to talk to your friend over the phone, before you confirm the friend request.
  • If you abandon an old email address associated with any of your social accounts like Facebook, Apple ID, Dropbox, etc. Be sure to update them with your current email address.

Two-Factor Authentications and OTPs to build effective Social Media Security

Enabling an OTP before making a fund-transfer or payment is considered safe in online banking; Most of the banks do this by default now.

Two-Step Verification adds an extra layer of security to your online Account, drastically reducing the chances of having the personal information in your account getting stolen. To break into an account with 2-Step Verification, a hacker would not only have to know your username and password, but they’d also have to get a hold of your phone. This can be a turnoff to many people considering that some of the providers send you a code via SMS, and you will need to wait for the SMS code before you log-in.


Google also introduced a USB Security Key; one does not need to look or wait for codes on the phone and then re-type it; rather he/she can simply insert the Security Key into the computer’s USB port when asked.

However, Google’s 2 Factor authentication doesn’t need an SMS too; you can use their mobile app for the secondary token. It is quite similar to those RSA token generators – find the detailed steps for Google Accounts.


Apple has introduced this option for iCloud users as well. In order to set up the two-factor authentication on Apple’s cloud storage service, users must log in to the Apple ID account, click on “Password and Security” and find “Two-step verification.” Once activated, a unique four-digit verification code is sent to the registered mobile number via SMS or Find My iPhone. The unique code will be asked every time there is suspicious account activity, like login from an unfamiliar device. This way, unauthorized access to the accounts can be blocked.


Facebook calls it code generator; Once you log in, you can then get to the security settings and enable this feature. As a review, you can also check on the logic notifications, and trusted browsers to verify if those are the machines/connections you used in the past.

Read these official notes from Twitter for detailed steps on how to effectively plan your Social Media Security Strategy.

Email or Message Attacks:

  • Do not click on suspicious links in email, text or WhatsApp messages. The probability of doing this on smartphones is even higher; so be sure about what you click on your phone. There are also good chances of you landing upon a Phishing link or a malicious app that gets installed on your device.
  • Never provide personal information on any websites. Think before you click or download anything. Some deals may be too good to be true; for eg: A free Airline ticket or a 100,000,000 GBP lottery price.
  • Manage your subscriptions; clicking on the ‘Unsubscribe” option in the spam mail is usually a bad idea. As most email providers these days do not send back “read-receipts”, hackers/spammers send you to email from the mailing list and wait for you to unsubscribe to confirm that its an email id “in use”. It’s best to just mark them as spam and leave it. You can also create some smart filters which move emails like these straight to archives or deleted items.

Password Resets:

  • Always have a secondary email configured for password-reset instructions. Preferably, a secret email address that you haven’t shared in public forums.
  • For a password reset request, choose security questions and answers that cannot be easily guessed by someone else. For eg: Do not choose a question like, what is your favorite color? and even if you end up choosing this question, the answer does not need to be black or blue always. You can even answer as weird as a cow or an elephant. But yea, do remember what you enter. These will prove essential while you build your Social Media Security and Privacy.

If you are installing any 3rd party applications to access Facebook or Emails, understand the level of access these applications have on your phones.

Keep your browser and other apps up-to-date.

  • Generally, companies like Adobe, Microsoft, Google, Apple, and a few others release software updates and hotfixes and make it available to the end-users for download. These may not be just for new features but also to fix newly identified vulnerabilities with the software. Always make a point to run an up-to-date browser. Ensure your Java and Flash Player are updated to the latest available versions. Likewise, do not ignore software updates on your smartphone as well. Do update them regularly.
  • As much as possible, do not auto-save your passwords on your browsers. If you have multiple web browsers in your machine, try to compartmentalize your workflow between browsers.
  • When using a public computer, always sign out when your session is complete to prevent other people from accessing your account. Use incognito / Private Browser window while accessing your bank accounts when in doubt that the public computer may be saving something.


Your online experience totally depends on how secure your accounts are. For many of us, businesses run on the Internet and compromising them will result in a huge impact. Always remember to report when your account is hacked; not just to your friends but most importantly to your service providers like Google, Facebook, Banks, etc. They can further block your account before it can be accessed by anyone else. 

Of course, the most obvious thing remains, Do not share your password with anyone. You may feel free to share this article with everyone around you.

Thank you for taking the time to read this long article. Let me know your thoughts and feedback.

Leave a Reply

Your email address will not be published. Required fields are marked *