Here’s an experiment. Have a look at someone’s LinkedIn profile. Not a connection, just someone you have heard of. Chances are you will be amazed at how much information is freely available. Not just career and education but details about volunteering, school governorships and, of course, recommendations.

Now imagine you wanted to create a highly targeted attack on that individual. Pretty much everything you could want is right there, in front of you. Put that together with all the other data that’s available and it’s no wonder spear-phishing is so successful.

Clearly humans – at least most of us -- have a strong drive to share. After all, it’s hard to argue with Facebook’s steady growth to more than 2 billion users. But when it comes to social networks it’s essential to think about who can see what you’ve posted and whether it could be exploited to attack you.

Birthdays, birthplaces, parents’ details, pets and so on. Photos from your latest holiday. Any of these pieces of information could be used to guess the answer to a security question or just figure out when you’re away from home.

This doesn’t mean you have to be paranoid or stop sharing but it absolutely does mean you should check who your friends and connections are and how you’ve configured your privacy settings.

By default, many social networking sites display a shocking amount of information about you. Without too much of an exaggeration, it’s a bit like walking around in public without bothering to get dressed. And giving your address and a housekey to anyone you meet into the bargain.

The first thing you should do is go to the privacy settings and review them so that you are in control of the information on a site, not the other way round. This is easier said than done. For a start, it’s not always obvious where the privacy settings are hidden (in LinkedIn, you need to click on the photo in the top right hand corner). And then you’ll find there are several different areas to review. In Facebook you should make a point of going through every section of Settings, not just Privacy.

As with everything to do with cybersecurity, you need to assess the risk to you. Journalists and human rights activists, for example, might choose to lock down their settings particularly restrictively but everyone should review who can see what.

You will have noticed that social networking services change and when they change so do their terms and conditions. Never assume the settings that worked last year are the best settings for today. In some cases, you may decide that the changes (for example, Facebook’s acquisition of WhatsApp) mean you simply stop using a service.

Shocking as it may sound, yes, you should read the terms and conditions. Very few of us do but it’s the only way to be sure of who can do what with the information you post. So, you might like to look through Twitter’s statement on this which reassuringly tells you that you own your content. Less reassuringly, it goes on to say that you grant Twitter a worldwide, royalty-free licence to do what they like with it – including adapting and modifying it.

Likewise, you need to be clear that once you post something you no longer control what happens to it. Not just because Twitter might decide to do something with it but because you can’t control what others do with it. Quite innocently, one of your contacts might copy or share your content and you will never know. So the basic rule of cybersecurity applies here just as it does everywhere; think before you click.

Secure passwords and multi factor authentication (where available) are particularly appropriate for social networking services. Make sure you use unique passwords, log out of websites and, if you can, avoid using shared machines to access social media.

Facebook would love to be the way that you run your life. It would make them particularly happy if you choose to log on everywhere else with your Facebook ID (as it would Google, Paypal and everyone else offering this service). Before you make Mark Zuckerberg happy, have a long think about the pros and cons of doing so. Of course it’s convenient, but you are dependent on the underlying protocol being implemented correctly and it’s been shown that this is far from always being the case. And do you want to share your friends list and let travelplan.com write on your Facebook wall?

Facebook also offers you a way to send encrypted messages in its Messenger app. Given that its business model depends on knowing as much as possible about you, it’s not surprising this feature isn’t on by default. It is reasonably easy to switch on and it uses a respected protocol which also underpins Whatsapp. But it is another example of why it’s so important to review your settings.

Most social networking services will kindly tell people where you are (if that information is available). There are plenty of examples of people assuming “location services” were turned off only to find that the metadata in a photo revealed exactly where it was taken. You might assume this would only apply to a GPS-enabled device but of course IP addresses and WiFi networks can also reveal where you are. And you might be connected through a VPN that changes your IP location, but if you’re signed into a social media service on another device that knows where you are then the VPN doesn’t make the slightest difference.

Finally, think about who you’re connecting with. Try to keep track of your ‘friends’ – to the extent that this is possible. If you join groups and communities you may be sharing information with people who are complete strangers. This is not to encourage paranoia but it would be wise not to make assumptions about social networking, In the end, these services exist to make money, not to protect your information, so it’s worth treating them accordingly.