Law enforcement members have a lot to worry about when it comes to their social media presences and online privacy. Criminals may scope out officers on Facebook or Twitter, and the email accounts of anyone at a police department are probably going to be of some worth to crooks.
With that in mind, one UK police organization recently published a guide for officers on how to enable the strongest privacy settings on social media, as well as more securely use various web browsers and mobile operating systems. And it turns out, everyone probably can learn something from this pretty decent guide.
"We live in the age of the digital, with information readily accessible to all who seek to find it, including those who we wish to keep it safe from. With every tweet, like or share, our digital footprint grows. It is our responsibility, as individuals, to keep our data safe," Richard Berry, National Policing lead for Communications Data and Chair of the Data Communications Group writes in the report, "Stay Secure Online 2016."
The report, dated July 2016, was issued by the UK National Police Chiefs' Council, and produced by The Risk Management Group.
The guide starts with some general principles and reminders about the digital footprints that we leave everyday while using websites and social media networks. Geo-location data may be published online; email headers and other records may reveal your IP address; the contact information of who runs a website is often publicly available; and insecure networks, such as public WiFi hotspots, can leave your traffic exposed to interception.
"Never leave an unwanted and unused account lying dormant. If it is hacked and misused, you might not notice the fact."
Since the guide is geared towards law enforcement members and their families, it then spells out how a criminal might use all of this information and more. According to the guide, criminals may search LinkedIn for anyone with a job title such as "investigator," then go on to find more info on personal websites, and then focus on family members.
In response to that threat, the guide lays out, in quite some detail, how to lock down your various social media accounts. Turn on Facebook login alerts so you receive a notification if a third party accesses your account; make sure that your account doesn't appear in search engines outside of Facebook; don't use your work email for LinkedIn and restrict which users can see your profile photo; and turn on Twitter's two-factor-authentication and other login security settings, to name just a few.
And then if you don't use any of social media accounts anymore, you should really shut them down, the guide continues.
"Never leave an unwanted and unused account lying dormant. If it is hacked and misused, you might not notice the fact," it reads.
When it comes to web browsers, the guide covers HTTPS encryption, deleting browsing histories, and making sure that websites cannot access your microphone or webcam. And as for securing smartphones, the guide recommends keeping Bluetooth off whenever it is not in use, and using a backup email address that won't identify you.
Journalists, activists, and lawyers can probably pull something useful out of this guide for their own information security. Naturally, the threats to each will likely be different, but there are skills and techniques in here that don't only apply to law enforcement.
The guide certainly isn't perfect though. In the introduction section, it recommends users regularly change their passwords. This, arguably, means people are more likely to use quick, weak and easy to remember throwaway passwords. Instead, the guide should perhaps emphasise the use of a password manager, and make sure that every password on each site is unique.
Regardless, this is an in-depth guide for anyone who wants to brush up on their account or device security and privacy.
Get six of our favorite Motherboard stories every day by signing up for our newsletter.