Show Menu
Cheatography

Social Media Account Security Cheat Sheet (DRAFT) by

Social media account security tips.

This is a draft cheat sheet. It is a work in progress and is not finished yet.

Social Media Safety Cheat Sheet

 
As always, please reach out to Security if you have any questions or concerns, or would like help config­uring anything!

Strong Passwords

 
Use a combin­ation of letters, numbers, and special charac­ters.

Avoid using easily guessable inform­ation (birth­days, common words).

Change passwords if account shows suspicious activity.

Store passwords in a password manager. Use a unique password for each account.

Best Practices For Shared Accounts

Use a centra­lized system to manage all corporate service accounts if possible.

Implement role-based access controls to restrict access to sensitive inform­ation and account control.

Use strong, unique passwords for each account. Use 1Password to securely share and store passwords. Avoid sharing passwords through insecure channels such as email or chat - this should ONLY happen through 1Password.

Create individual accounts for each user rather than sharing a single account.

Assign approp­riate permis­sions based on user roles and respon­sib­ili­ties. Implement the principle of least privilege, granting users only the access necessary for their roles. Regularly review and update access permis­sions as roles and respon­sib­ilities change.

Enable MFA for all corporate accounts to add an extra layer of security. This should be set up in 1Password wherever possible. If not, document in the notes for an account how the MFA is set up!

Regularly review account activity logs to detect any unauth­orized access.

Define and document clear policies for account access and usage.

Set up and maintain account recovery options for all corporate accounts. Ensure recovery inform­ation is up to date and accessible to authorized personnel.

Immedi­ately deactivate accounts or revoke access for employees who leave the company or change roles.

Regularly review and clean up inactive or unnece­ssary accounts.
 

Phishing Attempts!

 
Avoid clicking on suspicious links in messages or emails.

Verify the source before providing personal inform­ation.

Look for signs of phishing: misspe­llings, urgent requests, unfamiliar senders.

Be skeptical of unsoli­cited messages and friend requests.

Keep an eye out for anything suspicious - ransomware attacks are on the rise!

Reminder: our Security Awareness training goes over phishing inform­ation, you can always review your training, or reach out to us with any questions!

Data Violation Incidents

This chart shows the number of data violation incidents and indivi­duals impacted in the United States from 1st quarter 2021 to1st quarter 2024

Incidents are quickly on the rise.

App Security

 
Only use trusted apps and websites to access your accounts.

Review permis­sions requested by third-­party apps and integr­ations.

Revoke access for apps and integr­ations you no longer use.

Device Security

 
Keep your devices' operating systems and apps updated. Your laptops will do this through jamf settings, but your mobile devices will need to be monitored by you.

Lock your devices with passwords and biometric authen­tic­ation. These are strongly preferred over PINs, and swipe lock should be avoided entirely.
 

Privacy Check Up

 
Regularly review and update privacy settings. Be sure to check account activity regularly for any suspicious behavior.

Limit who can see your posts and personal inform­ation.

Be cautious about sharing location data.

Review login attempts and account history.

Set up alerts for suspicious activity.

Don't hesitate to report and block malicious accoun­ts/­beh­avior.

Data Compromise Counts

Annual number of data compro­mises and indivi­duals impacted in the United States from 2005 to 2023

Multif­actor Authen­tic­ation (MFA)

 
Enable MFA on all accounts. The social media account itself, AND the email account associated with it.

Use your yubikeys on your accounts! (If they are compat­ible). If they are incomp­atible, use an authen­tic­ation app (e.g., Google Authen­tic­ator).

Try to avoid SMS for the second factor, but it's better than nothing if it's all that's available.

Cost of Cybercrime

Annual amount of monetary damage caused by reported cybercrime in the United States from 2001 to 2023 (in millions).

Compro­mised accounts cost a fair amount in both time and money, in addition to the personal stress of having to attempt recovery.