Last updated March 9, 2023
Social media and instant messaging services such as Facebook, Twitter, TikTok, WhatsApp, LinkedIn and WeChat give you the power to connect with others effortlessly and share information instantly. But using these services can provide threat actors easy access to your information and devices. You can even be placing your online identity and that of your friends and family at risk.1 We all have a role to play in protecting the information we access through social media and ensuring everyone's privacy.
Instant messaging apps and social media platforms are not all created equal. In deciding what tools to use, consider both the functionality of the service and how secure and private your information and online activity will be.
Assess the risks of using a social media app or platform
- Research the app or platform - Do your research to determine whether an app or platform is trustworthy. Pay close attention to what is being said about it in the media and by other trusted sources. You need to decide if you trust the platform to provide an app that does what it claims and nothing more. While an app can have a high profile online and be beneficial to users, somewhere there’s a company operating that service and collecting your data. In many cases, it can access your device and the information on it and store it for its own purposes. Before you sign-up for a social media app or platform, find and read the terms of use and the privacy and data policies. It’s important to know what data you may be giving them permission to collect. The Terms of Service; Didn't Read website offers some insight into what you may be agreeing to.
- Review the security and privacy functions - Pay close attention to the app or platform’s security and privacy functions. Does it allow you to make your account private? Are you able to select who can see what content? Can you choose your followers and friends? Avoid using a platform that lacks strong authentication mechanisms, such as multi-factor authentication. You should also verify whether the platform provides urgent support if your account is compromised. While providers may indicate their apps and platforms have built-in security controls, particularly for instant messaging services, it’s important to remember they are not foolproof. Be cautious about the content you share, the messages you send and the people you interact with.
- Consider where your data are being stored- Think about which nation’s laws will apply to your information and your activity on the platform. Consider how this may affect your privacy. Most social media platforms and apps will store and process your information outside of Canada. This means you may lose control of who has access to your data and how it’s being used. We recommend using providers and apps that store your data in jurisdictions that have privacy protection laws equal to Canada’s.
- Think security over convenience - It may be convenient to have an app always know your location or be able to fetch your photos without approval, but this isn’t the most secure option. Be aware of the features and elements of your device that can be accessed by an app, and make sure you limit permissions. This applies to features like your camera, microphone, location and contact list.
- Stay up to date – Routinely review apps, social media accounts, and their respective security and privacy settings.
- Use strong passwords – Secure your accounts by using strong passwords. Visit the Cyber Awareness website to learn how to properly create and maintain passwords.
- Remove permissions for unused apps – Some devices support automatically removing permissions for unused apps. If your device doesn’t support this, periodically review app permissions and uninstall unused apps.
- Use two-factor authentication (2FA) – If the social media platform supports two-factor authentication, you should enable it.
- Use anti-virus/malware protection – Scan your apps periodically for malware, viruses and adware.
Learn more
University of Waterloo
Government of Canada
- Use of personal social media in the workplace (ITSAP.00.066)
- Instant messaging (ITSAP.00.266)
- Secure your accounts and devices with multi-factor authentication (ITSAP.30.030)
- Protecting yourself from identity theft online (ITSAP.00.033)
- Using encryption to keep your sensitive data secure (ITSAP.40.016)
Sources
Government of Canada, Protect how you connect, https://www.cyber.gc.ca/en/guidance/protect-how-you-connect
McMaster University, Tips on protecting personal privacy on social media, https://dailynews.mcmaster.ca/worthmentioning/tips-on-protecting-personal-privacy-on-social-media/