An official website of the United States government
Here's how you know
A .mil website belongs to an official U.S. Department of Defense organization in the United States.
A lock (lock ) or https:// means you’ve safely connected to the .mil website. Share sensitive information only on official, secure websites.

HomeNewsroomNewsArticle Display

Article - Article View

Social media security

PETERSON AIR FORCE BASE, Colo. -- Social media is an integral part of our daily lives. It is an asset that keeps us connected and offers a platform to communicate what we think, how we feel, and what we are doing. Like any asset, our social media identity and the information we share must be defended and protected against nefarious actors.

Cyber-attacks are clear and present dangers that many of us already know. However, many of us are unaware of a concept known as social engineering. In the context of information security, social engineering is the manipulation of people into performing actions or divulging confidential information. Social engineering means tricking people for the purpose of information gathering, fraud or system access.

Chances are that you have family, friends and co-workers linked to your social media accounts. The decisions you make regarding your privacy settings and sharing of passwords affects not only you, but also your online connections. Be mindful that nefarious actors are known to troll unprotected social networking profiles in hopes of collecting and exploiting information obtained from the profiles. Although you may not be their primary target, these actors gather information on people and organizations associated to your profiles. As a result, heavy consideration should be given to these protective measures:

Use a strong password. At least 20 characters long, which is either randomly-generated (i.e. LauH6maicaza1Neez3zi) or a random string of words (i.e. "hewn cloths titles yachts refine"). Use a unique password for each website or service you use. That way, if one account gets compromised, the rest are safe.

Use an e-mail provider with two-factor authentication. For example, systems like Gmail's two-factor authentication provide an additional layer of security by having outside users verify identity through text message or additional email response.

Select third-party applications with care. There are thousands of applications built by external developers that enable a multitude of capabilities through social media accounts. However, you should be cautious before giving up control of your account to someone else. Revoke access for any third-party application that you do not recognize through the applications tab in your account settings.

Make sure your computer and operating system is up-to-date with the most recent patches, upgrades, and anti-virus software, and that all your computers and mobile devices are protected by secure passwords.

Keep your email accounts secure. Twitter, Facebook and Google+ all use email for password resets and official communication. Change your email passwords, and use a different password for your social media accounts.

Review your authorized applications. Log in to Twitter or Facebook and review the applications authorized to access your accounts. If you do not recognize any of the applications on Twitter, contact Twitter immediately by emailing a security ticket request to hacked@twitter.com.

Minimize the number of people who have access to the account. Even if you use a third-party platform to avoid sharing actual account passwords, each person who has access opens avenues for phishing or other compromise. Log out of Facebook and Twitter when you use a computer you share with other people. If you forget, take time to log out remotely.

Check for signs of compromise. Checking your email address and authorized apps weekly or monthly can help detect unauthorized access and address the problem before access is abused.

Change your password regularly. Changing your social media passwords quarterly or annually can reset the clock if a password has leaked.

Practice Personal OPSEC. Never post sensitive information such as date of birth, social security number, and home or unit address. Do not geo-tag photos or post the location they were taken, particularly if photos are of government facilities or installations. Also, consider making your profiles private, meaning that they can only be seen by "friends" or "friends of friends." If your social platform allows you to hide your connections or friends, consider activating this option. Take time to talk to your family, friends and co-workers about personal OPSEC in the event they post sensitive information about themselves or others.

If you suspect that your social networking profiles and accounts are being targeted or compromised by a malicious cyber-attack, you must be proactive and swift to mitigate the threat. The steps you take can help greatly reduce the risk of exposure and vulnerability to social engineering to both you and the people you connect with online.

In addition to criminal investigations, fraud and counterintelligence mission areas, Air Force Office of Special Investigations keeps our Air Force community safe in the cyber world. AFOSI offers world-class training in forensics, interrogations, crime scene processing, firearms and much more. The agency operates in more than 40 overseas locations and in all 50 states.

For information about cyber threats or AFOSI and its recruitment process, contact AFOSI 8th Field Investigations Squadron at 556-4347 or visit www.osi.af.mil.

Peterson SFB Schriever SFBCheyenne Mountain SFSThule AB New Boston SFS Kaena Point SFS Maui