Mobile social networks: ENISA’s golden rules

EU cyber-security agency ENISA issued a report on mobile social networking – “Online as soon as it happens“.

From the summary:

“The report describes the social networking world and the mobile phone services allowing the users to experience the social networking sites (SNSs) on their handset, also illustrating the major risks and threats connected to their use. While many of the privacy issues originating from the web-based access to SNSs also apply to mobile social network s, there are also a number of unique risks and threats against mobile social networks. The report aims to provide a set of recommendations for raising the awareness of social networks users and in particular of social mobile users of the risks and the possible consequences related to their improper use.”

Here are their recommended golden rules “to raise awareness about the risks and threats related to the misuse of social networks, in particular when accessed through mobile phone, with advice on how to avoid unwanted consequences”:

Golden rules

Pay attention to what you post and upload

No. 1

Consider carefully which images, videos and information you choose to publish

Remember that a social network is a public space; only post information or upload images you are comfortable with, keeping in mind that at a later stage you might be confronted with the content you uploaded, e.g. in a job interview. Information and pictures you post online should be considered permanent. They can be copied and stored by other individuals and can resurface years later in search engines.

2 Never post sensitive information

Do not make information such as address, date of birth or financial data available in your profile. A criminal might access your profile and steal your identity.

3 Use a pseudonym

You do not need to use your real name in an online profile. Using a nickname can help you protect your identity and privacy; only close contacts will know who is behind the nickname.

Choose your friends with care

4 Do not accept friend requests from people you do not know

Be selective about who you accept as a friend on a social network. You do not have to feel obliged to add someone to your friends’ list. Politely refuse or simply ignore the request.

5 Verify all your contacts

Ensure that the people you are in contact with or who sent a friend request are really who they say they are. Do not trust them immediately.

Protect your work environment and avoid reputation risk

6 When joining a social networking site use your personal e-mail address

Do not use your company e-mail address but your private one and do not post confidential or competitive information about your organization. Be careful about the information you reveal about your workplace, for example do not post pictures shot in front of your office with the company’s address or logo on the background that may lead to your job or workplace address.

7 Be careful how you portray your company or organisation online

Consider what your employer would think before posting any comments or material online about your company or organisation.

8 Do not mix your business contacts with your friend contacts

You have no control over what your friends may post online or how they may portray you and consequently what your employer, colleagues and clients may be exposed to.

Protect your mobile phone and the information saved on it from any physical intrusion


Do not let anyone see your profile or personal information without your consent

Before accessing your profile through your mobile phone pay attention to the environment and people that are surrounding you. If someone is trying to see what you are doing access your profile in a safer place.

10 Do not leave your mobile phone unattended

Someone with malicious intent could update your profile and status with false details. Remember to log out from the social network once your navigation is over and not to allow the social network to remember your password (this function is called ‘Auto-complete’).

11 Do not save your password on your mobile phone

Mobile phones can be easily lost or stolen and if you save your password on your mobile device anyone who may have possession of it can access your profile, see your pictures and friends. Try to commit your password to memory and if you write it down be careful where you store it.

12 Use the security features available on your mobile phone

Remember to lock the keypad when not in use and to protect the device with a PIN or a password. Backup your details to another device such a PC in case your mobile phone is lost or stolen. Configure connections (such as Bluetooth and Wi-fi), especially in airports and public spaces, to be secure and if your mobile device has a built in firewall remember to enable it.

Respect other people’s privacy

13 Be careful what you publish about someone else

Do not upload pictures or personal information regarding other people without their consent. You might commit a criminal offence.

Inform yourself


Read carefully and in full the privacy policy and the conditions and terms of use of the social network you choose

Always be informed about who provides the service and how your personal information will be used and who has the right to access the information you post.

Protect your privacy with the privacy settings

15 Use privacy-oriented settings

Set the profile privacy level properly. Check the privacy settings of your profile — who can see your pictures, who can contact you and who can add comments in order to avoid making your profile available to everyone.

Report immediately lost or stolen mobile

16 Be careful when using your mobile phone and pay attention to where you put it

Report immediately stolen or lost mobile phone with contacts and pictures saved in its memory and personal information regarding you and your friends (e.g. those friends whose contacts on the SNS have been synchronized with the mobile phone) and change the passwords on the social networks your are a member of.

Pay attention to the location based services and information of your mobile phone

17 Deactivate location based services when not using them.

Remember to deactivate location based features of your mobile phone if you don’t need them.

ENISA: Ασφάλεια στις διαδικτυακές υπηρεσίες κοινωνικής δικτύωσης

Η Ευρωπαϊκή Υπηρεσία Ασφάλειας Δικτύων και Πληροφοριών (ENISA) εξέδωσε στις 25.10.2007 Έγγραφο σχετικά με τα προβλήματα ασφάλειας στις διαδικτυακές υπηρεσίες κοινωνικής δικτύωσης και σχετικές συστάσεις. Σε αυτό το έγγραφο, η παραπάνω Υπηρεσία επισημαίνει τα πλεονεκτήματα, αλλά και τους κινδύνους για την ασφάλεια δεδομένων που ανακύπτουν από τη λειτουργία παρόμοιων διαδικτυακών τόπων.

Επισημαίνονται έτσι οι κίνδυνοι που αφορούν συγκεκριμένα προβλήματα, όπως είναι η συλλογή μεγάλων όγκων δεδομένων που αφορούν τους χρήστες των υπηρεσιών, τα οποία δεδομένα μπορεί να πέσουν στα χέρια εκβιαστών και spammers. Επιπλέον, οι φωτογραφίες προσώπων μπορεί να συσχετισθούν με προφίλ των χρηστών, ενώ άλλοι κίνδυνοι που ελλοχεύουν αφορούν, μεταξύ άλλων, την κλοπή ταυτότητας, την παρακολούθηση και παρενόχληση και άλλα ηλεκτρονικά εγκλήματα.

Οι συστάσεις που προτείνει η Υπηρεσία αφορούν την επενεξέταση του νομικού πλαισίου και την εισαγωγή ειδικών ρυθμίσεων, τη διαφάνεια στην ακολουθούμενη πολιτική προστασίας προσωπικών δεδομένων, καθώς και την επιμόρφωση των χρηστών, ιδίως των νέων και των μαθητών, και την πρόκληση ενδιαφέροντος του κοινού για τα σχετικά προβλήματα.