The best digital safety defense starts with a good offense. Proactively set up virtual walls to shield personal information and property against online threats.

• Separate personal/private versus public: Separate your personal and professional accounts as much as possible. In general, do not use Cornell email or texting services for personal or private communications or comments and do not use personal/private email or texting services for Cornell communications.
  • Regarding social media, faculty and administrative thought leadership is best expressed on open platforms such as LinkedIn.
  • Ensure Facebook posts are disseminated to Friends Only and be careful about tagging others, which expands the reach of your posts to their networks. Do not include any mentions of Cornell University, your degrees, studies, or affiliations in your bio.
  • Remember to use similar privacy settings across the platforms owned by the same parent company. For example, tightening privacy on a Facebook account but leaving the associated Instagram or WhatsApp accounts unsecured can mean details and photos posted on Facebook data might still be accessed via Instagram or WhatsApp. Google and YouTube account data are linked, and Apple accounts and devices automatically connect with each other.
• Enhance privacy settings: Review your privacy settings to understand who has access to your social media content. To keep an account purely personal, use a nickname, hobby, or something general as the account handle and name. Do not use your full name, which is searchable for affiliations. Review your followers list to ensure you personally know all of your followers.
  • Hide email information on all social media channels. Most platforms offer alternate ways to contact you, such as private messages on that channel. 
  • Review and maximize your Facebook privacy settings and be careful about what personal information you link to your account. For instance, avoid adding links to relatives and spouses. Ensure your posts are set up to post to Friends Only. Compared with other current social media platforms, Facebook algorithms allow more access to your content and comments by sharing your information widely and encouraging other users to save photos. 
  • For Instagram, make sure you lock your account to private, change your profile photo to a nature setting or pet photo, and do not include any identifying information in the bio or account username.
• Protect your passwords: Avoid impersonation and similar hacking activities by ensuring your Cornell accounts and all of your personal accounts use highly secure passwords that are unique to each account. Password protection can be further enhanced via two-factor authentication requirements, or by using a password protection manager.
• Install regular updates: Update your phone, computer software, and apps regularly. This will ensure you have the latest security protections on your device.
• Use private web browsers and ad blockers: Advertisements and other pop-ups are usually generated by artificial intelligence (AI) programs that tailor the ads to your browsing and search habits. Choosing private or incognito options for web browsers helps restrict the amount of personal browsing and search information available to these AI programs. Consider using an ad blocker service to further restrict the number and possibly malicious pop-ups on your device.
• Always use a secure Wi-Fi connection: Use secure internet connections (eduroam at Cornell and many other colleges and universities). Avoid using public Wi-Fi, as it can be unsecured and vulnerable to attack. If you must use public Wi-Fi, then also use the VPN service offered on your campus, or a VPN service offered by reputable companies (e.g. Express VPN, NordVPN, etc).
• Be vigilant of phishing attempts: Beware before you click or reply. Learn to spot fraudulent email and detect internet fraud.
• Audit yourself: Conduct periodic audits of your online presence to understand search results that return for your name and any past social media content that could be taken out of context or used against you by an online harasser. Everyone with a digital presence should be aware of and monitor the online information that exists about them, even dating back years. Conduct searches on personalized search engines like Google and also on non-personalized search engines like DuckDuckGo.
• Monitor your accounts: Log in to your social media and email accounts weekly. If you are not using your social media accounts, consider deleting, deactivating, or hiding them.
• Report exposed information: If your account monitoring or audit finds that your private details have been shared publicly (a form of online harassment known as doxxing), report that malicious content to the online platform. This guide from DeleteMe provides details on how to report doxxing on Facebook, TikTok, X, Discord, Instagram, Reddit, Twitch, YouTube, and Google.