One Step Ahead: TMI: The Risks of Sharing Too Much Information on Social Media |
|
December 8, 2015, Volume 62, No. 16 |
Another tip in a series provided by the
Offices of Information Systems & Computing and Audit, Compliance & Privacy
Many of us use social networks to share moments in our lives, our opinions, exciting trips and adventures, or just a night out with friends, but we often do so without fully understanding the consequences of sharing “too much information” (TMI). Here are a few things to consider before you upload your next post:
• Private postings can often easily be made public. Even if you allow only a small number of contacts to see your post, those contacts may have privacy settings that allow sharing of your content with an undefined set of their contacts. Additionally, any recipient of your post can take action to copy your content and trigger “viral” spreading thanks to the speed and power of Internet sharing.
• Some information should not be posted. Don’t share personal, confidential or otherwise sensitive information on social media if it could cause harm to an individual or individuals. Some information, such as health, financial and other highly personal information, is almost always sensitive. Also, posting your own location and even the location of people you know can be a dangerous practice for victims of harassment or stalking, burglary or people with other privacy concerns.
• Some information may lead to “spear phishing.” You may share information about yourself that may not seem to be sensitive (e.g., birthday, job title, education, names of friends and relatives, likes and dislikes, or favorite charities), but phishing scammers may piece this information together and use it to send you an email that contains information or appears from an individual or business that would make you think that it is legitimate. This is known as “spear phishing.” The email may cause you to provide password information or click on a link or attachment that contains malware.
• Protect all confidential, copyrighted and proprietary information that you have access to as part of your employment at Penn. For example, never share confidential student data (e.g., grades), patient data (e.g., health information), employee data (e.g., performance information), Social Security numbers or other personal data via your personal social media sites. Refer to Penn’s policies on privacy and social media guidance at http://www.upenn.edu/privacy
For additional tips, see the One Step Ahead link on the Information Security website: www.upenn.edu/computing/security/ |