Over the last two weeks, Twitter, one of the world’s most popular social media applications, has changed rapidly. After billionaire Elon Musk bought Twitter for $44 billion, he fired top executives and laid off half of the company’s 7,500 employees, announced a major drop in revenue, and scrambled to assuage skittish advertisers.
But the rollout of a new Twitter Blue subscription service wreaked the most havoc. Offering the checkmark stamp of authenticity that many Twitter users covet for just $8 a month unleashed a flood of parody accounts and spoofed messages. Internal numbers revealed that 140,000 accounts had signed up for Twitter Blue in just two weeks — with 20,000 of them impersonating celebrities, politicians, and popular brands.
Some of these satirical posts were comedic, like a fake PepsiCo account tweeting about the superiority of Coca-Cola. But some ramifications extended far beyond the Twitterverse. A verified account impersonating pharmaceutical giant Eli Lilly sent a spoof tweet last week about making insulin free to all customers. The next day, the real Eli Lilly’s stock price fell more than 5 percent, forcing Twitter to suspend the Twitter Blue service and roll out a gray “official” label for advertisers, news outlets, and large corporations.
Still, the risk of blatant disinformation and confusion being spread on Twitter could undermine the app, which claims nearly 250 million active users. Online privacy and digital security experts say credibility and safety are on the line — especially if hackers start impersonating law enforcement or public health agencies.
What can you do to protect your digital identity? Some prominent Twitter users are leaving the platform, while others say they’ll stay on to fight for better protection. In the meantime, the debacle provides some clear lessons on how to protect personal information and keep digital identities safe.
1. If you’re going to maintain a personal account, make it private. This option doesn’t work for businesses and other public figures that need to stay visible on Twitter and other social media apps. If you’re concerned about a spoofed business account, contact Twitter Support with a link or screenshot. If not, still consider changing your personal account to private (meaning you have to approve anyone before they can follow you) if you’re worried about a lack of privacy.
To do this on Twitter, visit “Privacy and safety,” then “Audience and tagging,” then check “Protect your tweets.” Also, uncheck “Add location information to your tweets” to toggle location sharing off and prevent spam accounts or bots from contacting you just based on your posts’ point of origin. Take similar steps in other apps to better protect your information.
2. Limit the amount of data shared with social media apps. Twitter, Facebook, Instagram, LinkedIn, and other apps generate most of their revenue through advertising. And advertisers pay for prominent spots on those platforms so they can reach the right users. That happens through data sharing — your interests, search history, follows, and other activities are shared with Twitter, which then shares them with advertisers.
You can limit this, however, by adjusting your privacy settings. In Twitter, click Settings on the left side of your feed, then click “Privacy and safety,” then “Data sharing and personalization.” There, you can opt out of “Personalized ads,” turn off “Inferred identity,” and un-check “Data sharing with business partners.” Again, take similar steps in other apps to better protect your information.
3. Beware of direct messages from unknown users. Spamming and phishing have always been common on Twitter and other social networks like Facebook and LinkedIn. Using profile information and details included in posts (if, of course, your posts aren’t protected), hackers can personally appeal to you and ask for help signing an invoice, reviewing a document, or executing a wire transfer.
But any attachments or links included in those messages will instead install malicious software on your computer or point you to illicit websites. Be particularly wary of emails that contain realistic details of your life or work but come from unfamiliar senders. These are banking on your curiosity getting the better of you.
4. Give your employees cybersecurity training to build awareness. This kind of training might seem unnecessary, but instead, it can empower staff members at your company to identify fraud, ransomware, data breaches, and other issues. The tactical goal of such training is to make users stop, read, and think carefully before responding to or clicking on any links in an email, even when it looks legitimate.
If you are asked to confirm private information via email or direct message, always obtain a second level of confirmation from the recipient by calling them or inquiring in person. If you’re asked to provide account logins, security codes, usernames, or passwords, consider that a red flag.
5. Avoid public Wi-Fi networks if you can. Unsecured Internet connections in coffee shops, libraries, and airports can put your information at risk — especially if you’re concerned about digital identity. If you must connect to Wi-Fi in a public place, use the personal hotspot feature on your phone, or browse the web using a virtual private network (VPN) that encrypts all the data in motion and at rest.
Make sure you beef up the password protection of your home modem and Wi-Fi router, as well by replacing factory default passwords with custom, hard-to-crack credentials.
6. Back up all information—on apps, laptops, desktops, and drives. Twitter and other social media apps allow users to back up activity, media, and messages, usually by clicking “Settings,” then “Your account,” then “Download an archive of your data.”
But backups should go further than this, saving all information used by all users on all devices in a regular, redundant, remote, and reliable fashion. That includes both onsite backups to convenient network drives and offsite backups to cloud services that protect your information and your digital identity in case of a hack, breach, or natural disaster.
At CMIT Solutions, we understand the risks and benefits of social media apps, and we’re here to help with identity management, security training, and proactive protection for your business.
We keep up with evolving cyberthreats and position our clients for continued success, no matter what social network or app you choose to use (or not use). If you need help enhancing your digital identity or understanding today’s issues, contact CMIT Solutions today.