The internet, including social media, is a vast repository of information. A determined person can dig up almost anything. For example, journalist Osman Faruqi’s real phone number ended up on Facebook, resulting in harassment.
When private or personal information about you or your organisation has been maliciously published online, it’s called doxxing.
Being doxxed is a hazard, particularly for public figures. However, most of the time, hackers or enemies with a grudge aren’t the main culprit for privacy leaks. Information can make its way to the internet through old posts you made yourself and have forgotten about, or via non-malicious mistakes made by others who accidentally share more than they should.
Once your personal information is on social media, it can be hard to remove it. Or, if removed, the record is lost forever and cannot be used as evidence.
Personal and private information about your organisation can create a target for negative or disruptive posts and comments that damage your reputation, and may even be libellous or defamatory.
How to stay safe online
Staying safe online extends beyond social media to every part of your business that operates online. Here are some steps you can follow to deal with private information that is floating around in public:
- Be careful what you post in the first place. For example, you should not post personal mobile phone numbers. Train your employees and clients not to post personal information to the internet, but rather send it privately to the specific requester. Another thing to be careful of is information getting inadvertently posted with content. Double check blog posts before you send them live to make sure they don’t have a lingering phone number, email address or, for that matter, inappropriate language from an earlier draft. If you must post a mailing address, use a PO box or office address, never a personal one.
- Check to make sure you haven’t been hacked. For individuals, the site haveibeenpwned.com records data breaches and allows you to check if you have a compromised account so you can change the password immediately. Popular sites are the most likely to be breached, so change your password on those regularly. This includes things like Facebook, LinkedIn, etc.
- Always use a strong password. If you can’t remember strong passwords, a good password manager is your friend. You can require employees to use a password manager, which will generate appropriate passwords for them. You can also use two-factor authentication.
- Don’t put anything in social media that you wouldn’t want to go public. Even if you have strong privacy settings you have little control over tech giants deciding to change their privacy settings and making information public that you had thought was private.
For example providing your phone number, is one way mobile phone numbers can end up being public. Consider carefully which apps you link to your social media account. Link only apps you need and be wary of anything that wants to post on your behalf. A third party posting app can make it easier to accidentally post to ‘public’ on Facebook when you were aiming to post to a more limited audience.
If you are a public figure or celebrity you should take special care as you are more vulnerable to coordinated attacks launched off Tweets or Facebook posts/comments you may have made ten years ago.
- Consider deleting Facebook posts and Tweets by a cut-off date. For Twitter in particular, posts tend to be in the moment and ephemeral, and may not be relevant in the future. Deleting anything more than a few months old can prevent people from going through your old posts looking for ammunition or finding outdated information that could be embarrassing.
For government agencies, deletion of posts may not be an option, but hiding or removing occasional posts with outdated information from public view is generally considered acceptable.
- Keep a record of deleted posts by archiving them. By using an archiving tool such as Brolly, you can preserve a record of all your deleted tweets, posts, and comments without needing them to remain on your profile. This will save you significant timekeeping manual records while ensuring you retain the ability to recall deleted posts if required – this is especially helpful if someone has an out-of-context screenshot of one of your old deleted posts, and you need to provide clarification.
- Find posts with personal information and hide or delete them. Before deleting, ensure you choose an archiving tool like Brolly that captures updates and changes in real time.
- Google yourself and your company regularly. By doing a search on yourself and your company you may spot an issue before it becomes too significant. For example, if you have been doxxed, you may have to change your phone number and email address. How often you should search depends on the risk that information is out there, and what kind of damage could result from having the information made public.
A Brolly social media archive saves important conversations in a secure, Australian-based location, giving you access to records and conversations regardless of whether posts or comments have been deleted, edited or hidden in the channels where they were originally published.
Manage your posts with a social media archiving tool
The best way to deal with information online that puts your privacy at risk is to make them in the first place, but we all know this is easier said than done.
If you do find yourself in a situation where private or sensitive information that should be protected is made public, make sure you have a real-time archiving tool in place and then delete, hide, or monitor the posts and comments that are putting your privacy at risk.
An archive keeps you compliant with Australian and state-based recordkeeping legislation and gives you control over your social media, removing risk and letting your social media team do what they do best, engaging with your customers and community.