Security and Privacy Guidance when using Social Media Apps

April 19, 2023

The rapidly changing nature of social media platforms creates ongoing challenges and risks to your privacy and personal information.

Your personal information is valuable. It is valued as a commodity among companies looking for new and productive ways to reach you through marketing, and your personal information is valued among cybercriminals marking you as a potential target for scams, phishing, and/or cyber-stalking.

What are the risks?

Phishing attacks and scams: Cybercriminals use phishing attacks to trick you into clicking a malicious link, downloading malware, and/or sharing sensitive information. These techniques can be used to steal your credentials, giving them access to SFU systems.

Imposter accounts: Imposter accounts (fake accounts) are typically created for the purpose of deceiving victims, leading to harmful situations such as stalking, bullying, spreading misinformation, scamming, and more. 

Malware attacks and hacks: Malware can be distributed through social media posts. Hijacked social media accounts can be used to distribute malware by posting links that friends or followers may click on directing them to download malware.

Vulnerable third-party apps: Malicious individuals and companies may be able to gain access to your social media information through vulnerabilities found in connected third-party apps. 

Password theft: Online quizzes and other social media interactions are often used by cybercriminals as a method for gathering password information or gaining personal details that are often used as forgotten password clues.

Privacy settings and data security: Users are often overwhelmed by agreement dialogue presented when signing up for social media apps and may click “Accept” without fully understanding the risks to information they place in the app, or what other information the app may have access to. e.g. unsecured mobile devices 

We recommend that you understand the risks and make informed choices when deciding to use social media platforms, and to prioritize security over convenience.

What can I do to protect myself?

Here are some recommended practices you can use to protect yourself when using any social media platform:

  1. Stay informed. Read and understand the social media platform’s privacy policy and terms of use. Before clicking “Accept”, understand what it is you’re agreeing to. Their policies and practices may not align with what’s in your best interest.
  2. Keep your information private. Don’t share personal information like your full name, birthdate, or address.
  3. Use a browser. Use the web version of social media apps. Using the web version of social media apps can help to limit the scope of information collected.
  4. Protect your content. Be mindful about sharing photos or videos on social media. Visual media such as photos and videos may contain personal information. Images are also indexed in search engines and can be used to obtain additional information about you.
  5. Adjust your privacy settings. The default privacy settings in your social media accounts aren’t always best, and you should be mindful of how you can control who sees your content, and what actions they can perform.
  6. Don’t display the names of people in your network. With access to the names and information about people in your network, you may inadvertently provide them as targets for spear-fishing.
  7. Use strong, unique passwords. Ensure you use a combination of letters, numbers, and symbols when creating passwords. Do not use common password elements such as significant personal dates or names. Use unique passwords for different apps and change them if you suspect they have been compromised. Use a password manager to help you manage your passwords.
  8. Use multi-factor authentication if available. MFA ensures that you need more than just a password to access your accounts and is an effective way of protecting your information.

What resources are available for me?

There are many resources available to SFU students, faculty, and staff to help with safeguarding your personal information. Information about SFU Information Security Services, including best practices for information security, information security training, and contact information, may be found on our website

If your use of a social media platform is part of a new or updated university initiative involving the collection of personal information, contact the Access and Privacy Program to complete a Privacy Impact Assessment before the launch of your initiative.