Language selection


Staying safe on social media

August 2019


Social media can help you connect with friends and family, share your interests with others, or get the latest news. But social media can also put your safety at risk because you are sharing personal information online. That’s why it is important to be very careful about the information you put online, to adjust your privacy settings and to limit the information you put on social media. While users can try to do their best to protect themselves, social networking sites must meet their legal obligations under privacy laws and allow their users to ensure they maintain control over their personal information.

Businesses have a legal responsibility to protect your personal information. Once it is out there, you may not be able to control what happens to it. This could pose a risk to your privacy or even make you vulnerable to phishing, identity theft or fraud.

We’ve gathered 10 helpful tips to help you stay safe on social media.

On this page

Read the privacy policy

Become familiar with the privacy policies of the social media platforms you want to join. Understanding the policies will allow you to make an informed decision on whether or not you’d like to sign up. In reading a social media policy, be sure to understand what information the organization is collecting, how they are using it, and to what other organizations it is being disclosed. If anything in the privacy policy makes you uncomfortable, then don’t sign up.

Choose your passwords carefully

Use a strong and unique password for each of your social media accounts to prevent your accounts from being hacked.

Avoid obvious choices such as your mother’s maiden name, child’s name, pet’s name or anything else someone may be able to guess through information you have posted. Passwords should also be eight or more letters, numbers or symbols.

Also allow multi-factor authentication where possible. Multi-factor authentication is an extra layer of protection that requires additional identification, such as a connection to a separate device, an ID, or even fingerprint or voice recognition. Multi-factor authentication is a great tool for sensitive accounts like mobile banking or password managers.

Finally, you should choose a password that you will remember, but won’t be easy to guess. You may want to use a phrase for your password, or the acronyms method, where you use the first letter of each word in a sentence. For example, “I always play tennis with 2 friends on Thursdays at 4.” could become this password, “Iaptw2foTa4.”

Understand and manage your privacy settings

Find out how to adjust your privacy settings, customize them so that information is shared only in the ways you want it to be. Review and update these settings regularly, since social media sites can change their settings.

This regular review process can be especially important for parents and families who want to ensure information about children is shared only with those they know well. It’s best to choose the highest and most restrictive security settings available and not give out information like your phone number, birthday, social insurance number, address and location, and you should consider using a pseudonym.

It is also important to remember that privacy settings are not a silver bullet for privacy protection, but they can and should help you increase the control you have over how your personal information is handled online.

Think long term

Don’t post anything you wouldn’t want everyone to see. Think carefully about the photos, comments, messages and videos you want to post online—before you post them. Would you want a potential employer to see those compromising photos?

Also, remember that regardless of the audience you choose for your posts, the organization is still collecting everything you post. While you may use tools to delete or hide information, data posted online can persist in different places. Permanent removal can be difficult if not impossible.

Be considerate and get consent

Consider the privacy of others and get their consent before you share their photos or other personal information online. When you post about friends or family, or tag them in images, it affects their privacy, too. When posting pictures that involve other people, judge if it’s appropriate, or if there are any potential negative consequences.

Review regularly

Review your social media profiles and posts on a regular basis—what may have seemed like a good idea at the time may not seem like such a good idea months or years later. Delete content that you are no longer comfortable with.

Avoid fraud and theft

Limit identifying details and don’t share your location. This type of information can leave you vulnerable, including to identity fraud or theft. Posting pictures while overseas can let would-be burglars know exactly when you are not at home. Think carefully before you decide to tell the world exactly where you are or where you’ve been.

Watch out for scams

There are many scams that involve trying to get you to provide personal details. These details can give scammers access to your bank account or credit card, for fraud.

“Spear phishers”, for example, target users of a specific social media sites by masquerading as a member of that community. The scammer creates a fake account imitating a real person, including photos, occupation and other details, increasing the probability of gaining the trust of the target. Attacks can take the form of a direct message containing questions or links to other sites, or malicious code embedded in a web link that prompts users for information. Ultimately, the goal is to take advantage of the user’s trust to ask for money or other information that may be profitable.

If in doubt, don’t open messages or click on suspicious links. Also, don’t disclose any personal information online unless you are sure you know who you are dealing with. If you aren’t sure, authenticate the message by contacting the person or organization that purportedly sent it to you.

Log off

Remember to log off and delete your web browsing history when you’re done if you’re using a shared device or computer. This simple step will ensure you don’t inadvertently give access to your social media accounts to someone else.

Close unused accounts and delete your data

Close accounts you don’t use anymore and ask the company to delete your data. If you just deactivate the account, your data may remain on the company’s servers.

Date modified: