Best Practices - Social Media

people standing against a brick wall looking down at their phones

Social Media's Common Risks

Social media platforms are popular tools for connecting, sharing, and collaborating online. However, the information you post or interact with can often be publicly visible and may expose personal details, professional activities, or sensitive data. Using social media wisely helps protect both your individual privacy and the reputation of the University.

This page highlights common risks associated with social media and offers straightforward best practices to help you stay safe and responsible online.

University Guidelines

All University social media accounts are expected to follow the social media guidelines, as well as the social media accessibility best practices.

Before creating a new University social media account, please consult with your local leadership, review the Use of Harvard Names and Insignias in Electronic Contexts policy, complete the Digital Accessibility for Content Creators course, create a social media strategy and editorial calendar, and email the Content Strategy team.

Questions about social media at the University can be emailed to the Content Strategy team.

Best Practices

Protect Your Personal Information

  • Be mindful about what you share online. Avoid posting any personal identifying information about yourself or others, such as:
    • Real-time location details
    • Contact Information: phone numbers, email addresses, or home addresses
    • Information commonly used for account recovery or password hints: pet names, school names, birthdays
  • Even minor details can be enough for someone to target you or your loved ones - both online and in real life.

Account Security Basics

  • Use a different, complex password for every social media account. Consider a password manager to help generate and securely store your passwords.
  • Always enable Multi-Factor Authentication (MFA) for an extra layer of protection. Avoid relying solely on SMS when possible.
  • Ensure recovery email and phone number are current and secure. Avoid using recovery methods that could be easily compromised.

Privacy Settings & Account Controls

  • Limit who can see your posts and profile by setting your profile visibility to “Friends” or “Private” whenever possible.
  • Double-check which personal details are publicly visible (e.g., birthday, location, contact info).
  • Audit connected apps and revoke access to any apps or sites you no longer use.
  • Be cautious using third-party logins; use “Login with Facebook/Google” only when necessary.
  • Turn off location tagging and be mindful of sharing photos that reveal your home, routines, or travel plans.

Behavioral & Ongoing Security

  • Never click suspicious links in DMs or emails, especially those urging you to take immediate action or request sensitive information.
  • Monitor your account activity by enabling alerts for logins or changes and check your account login history regularly.
  • Assume anything posted online could be screenshotted and shared. Avoid posting sensitive info like personal schedules, ID cards, financial details and other sensitive information. 

Related Resources

1Password Password Manager

Respond to online abuse, harassment, and intimidation

Protect Identity (tips)

Preserve Privacy (tips)