Cyber Security Guidelines for Securing Social Media …...Cyber Security Guidelines For Securing...
Transcript of Cyber Security Guidelines for Securing Social Media …...Cyber Security Guidelines For Securing...
Cyber Security Guidelines for
Securing Social Media Accounts
Version: 2.1
Author: Cyber Security Policy and Standards
Document Classification: Public
Published Date: June 2018
Cyber Security Guidelines For Securing Social Media Accounts Version 2.1 Page 2 of 19 Classification: Public
Document History:
Version Description Date
1.0 Published V1.0 document October 2015
2.0 Branding Change (ICT to MOTC) + added controls for other or changed social media platforms
November 2016
2.1 MoTC logo changed + Format Change June 2018
Cyber Security Guidelines For Securing Social Media Accounts Version 2.1 Page 3 of 19 Classification: Public
Table of Contents Legal Mandate(s) .................................................................................................................................... 4
Introduction ............................................................................................................................................ 5
Objective ................................................................................................................................................. 5
Scope ....................................................................................................................................................... 5
Intended Audience .................................................................................................................................. 5
Understand the Risks .............................................................................................................................. 6
General Recommendations .................................................................................................................... 6
Set up a Governance for Social Media ................................................................................................ 6
Account creation and administration ................................................................................................. 6
Account Login ...................................................................................................................................... 7
Password Management ...................................................................................................................... 8
Information Sharing / Acceptable Usage ............................................................................................ 8
Configure Privacy Settings .................................................................................................................. 8
Monitoring .......................................................................................................................................... 8
Third Party Solutions ........................................................................................................................... 9
Incidents: In case of any suspicious activity ........................................................................................ 9
Recovery Plan ...................................................................................................................................... 9
Security Awareness ........................................................................................................................... 10
Securing Most Common Social Networking Sites ................................................................................. 10
Facebook: .......................................................................................................................................... 10
Twitter: .............................................................................................................................................. 11
Instagram: ......................................................................................................................................... 12
LinkedIn: ............................................................................................................................................ 12
WhatsApp ......................................................................................................................................... 13
Snapchat ........................................................................................................................................... 15
Tumblr ............................................................................................................................................... 16
YouTube / Google ............................................................................................................................. 17
Telegram ........................................................................................................................................... 18
Cyber Security Guidelines For Securing Social Media Accounts Version 2.1 Page 4 of 19 Classification: Public
Legal Mandate(s) Emiri decision No. (8) for the year 2016 sets the mandate for the Ministry of Transport and
Communication (hereinafter referred to as “MOTC”) provides that MOTC has the authority to
supervise, regulate and develop the sectors of Information and Communications Technology
(hereinafter “ICT”) in the State of Qatar in a manner consistent with the requirements of national
development goals, with the objectives to create an environment suitable for fair competition,
support the development and stimulate investment in these sectors; to secure and raise efficiency of
information and technological infrastructure; to implement and supervise e-government programs;
and to promote community awareness of the importance of ICT to improve individual’s life and
community and build knowledge-based society and digital economy.
Article (22) of Emiri Decision No. 8 of 2016 stipulated the role of the Ministry in protecting the security
of the National Critical Information Infrastructure by proposing and issuing policies and standards and
ensuring compliance.
This guideline has been prepared taking into consideration current applicable laws of the State of
Qatar. In the event that a conflict arises between this document and the laws of Qatar, the latter, shall
take precedence. Any such term shall, to that extent be omitted from this Document, and the rest of
the document shall stand without affecting the remaining provisions. Amendments in that case shall
then be required to ensure compliance with the relevant applicable laws of the State of Qatar.
Cyber Security Guidelines For Securing Social Media Accounts Version 2.1 Page 5 of 19 Classification: Public
Introduction Social networks / media is an organization’s identity in the virtual world. This social identity is very
much linked to its corporate public image and needs to be protected as much in the virtual world as
in the real world. The social media account if not secured may open a floodgate to compromising and
maligning your corporate public image.
This document provides mitigation advice and security controls to help reduce threats such as
unauthorized access as well as steps to follow in order to retrieve a stolen account.
Objective Provide necessary guidance to help organizations manage their social media accounts securely.
Scope All organizations having social media presence.
Intended Audience Staff authorized to manage and use the corporate social media accounts.
However, private individuals may find the document useful too.
Cyber Security Guidelines For Securing Social Media Accounts Version 2.1 Page 6 of 19 Classification: Public
Understand the Risks Social media accounts related to government, semi government and national events represent an
ideal and logical target for our nation’s adversaries, as social media is seen as the virtual identity of
the governmental entity.
Further being a government accounts, they have a huge following and the followers have implicit
trust in them.
The risks associated with such social media profiles are:
- Leaking of confidential or inappropriate information
- Vandalism of content, spreading malicious content
- Legal implications
- Blackmail
General Recommendations
Set up a Governance for Social Media Define a policy for usage of social media in your organization, on a minimum, the policy should
include the following:
Identify who in the organization is authorized to engage in social media on its behalf?
Who controls and owns the information into a social networking site?
What information are the stakeholders passing on to other people?
Seeking consent from stakeholder prior disseminating information related to them.
Explicit procedures on social media networking. Who would the corporate account follow or
be influenced with etc.
How would information received from the follower network be broadcasted? i.e. re-shared
or re-tweeted etc.
Defined process for Incident handling / recovery plan in case of breach or malicious attacks.
Hardware and software authorized to access the social media account from.
Account creation and administration In order to create and manage account ownership it is recommended that organizations have:
A dedicated corporate email (usually used as the username), should be used to create and
maintain a social media accounts. This email address should be a generic/nonspecific
enterprise email account for logging into social media networks. Individual enterprise email
addresses are easy to guess and decrease the security of social media accounts.
Cyber Security Guidelines For Securing Social Media Accounts Version 2.1 Page 7 of 19 Classification: Public
Each social media channel/account should be associated with a separate and unique
corporate email. Example: the Username/Email associated with corporate twitter is different
from the Username/Email used on Facebook
Do not use the same passwords for social media that you use to access company computing
resources
Private emails should not to be used to manage and access a corporate social media account
such as twitter account or Facebook page
The social media account page should feature the communication department approved logo
and the profile text should include references that this account is “the official” account of the
organization.
Organizations should define which organizations / agencies they may follow. E.g. Government
agencies may follow other government agencies, verified accounts or trusted sources.
It is not recommended to follow individual users.
It is not recommended to access / re-post / re-tweet / share “unverified messages” with
imbedded links and URLs.
Account Login Configure social media accounts to use secure sessions (HTTPS) whenever possible. Facebook,
Twitter and others support this option. (Note: This is extremely important when connecting
via public Wi-Fi networks). QCERT can help you configure your account to use HTTPS at all
times
Login should only be from a dedicated corporate owned / managed device ( PC or Mobile
device)
Login should be from a trusted network, refrain from using public/open Wi-Fi networks like
café’s, airports, etc.
● Mobile devices linked to your corporate social media accounts should be adequately
protected using biometrics, strong passwords. We recommend that an extra layer of security
by securing the apps with an additional PIN / Password, which is different from the one, used
to access the device. This may be possible through use of certain third party applications.
Disable the geo-location feature while posting or tweeting.
Cyber Security Guidelines For Securing Social Media Accounts Version 2.1 Page 8 of 19 Classification: Public
Password Management Always use strong and secure passwords to access social networks. The passwords should
comply with the corporate password policy.
Change passwords frequently. Have different passwords for different accounts.
Use multi-factor authentication for social media accounts (if supported by the provider).
Never share your passwords with anybody.
Information Sharing / Acceptable Usage Do not disclose any official information upon registrations of social accounts.
Restrict employees from posting official and sensitive data or information over social
networks.
Only authorized personnel should be allowed to operate corporate social media accounts.
Do not post any information that may be discriminatory, disparaging, defamatory or harassing
comments regarding the organization or its employees or any third party in their electronic
postings or publishing.
Configure Privacy Settings Review and revise as necessary the default privacy settings offered by the social media
networking sites.
Monitoring Limit corporate social media account access to an authorized employee in order to control the
content distribution over social networks. This could be the Public relation officer (PRO),
official spokesperson, etc.
In case where more than one person has access to the corporate social media account,
internal procedures should be defined to regulate this activity, this should include training
user on usage of social media, active monitoring, and use of social media management
solutions and / or any other compensating controls as deemed necessary.
Regularly monitor the access granted to authorized user accounts and revoke the access of
employees who leave the organization or no longer have a business need to use social media.
Have a third party individual, who is not responsible for content, continuously monitor social
media accounts for unauthorized or unusual postings.
Cyber Security Guidelines For Securing Social Media Accounts Version 2.1 Page 9 of 19 Classification: Public
Third Party Solutions The organizations should consider usage of a social media management solution.
Incidents: In case of any suspicious activity Please report to QCERT ([email protected]) or call (+974 4493 3408) if you see any of the
suspicious symptoms below:
Automated likes, favorites, follows/un-follows or friend requests
Private messages being posted to your friends (this can be hard to spot unless
someone points it out to you)
Unexpected email/push notifications from the social network, such as:
Warning that your email address has been changed
Warning that your account was accessed from an unknown location.
Status updates/tweets that you didn’t make
Changes to the profile or pictures on the account.
Recovery Plan Please report to QCERT ([email protected]) or call (+974 4493 3408)
Collect all logs, traces, artifacts of malicious activity for investigation and possible legal
requirements.
Immediately change account passwords.
Verify and change the password for the associated emails and back up emails
Verify the password recovery options set for the social media account; verify the alternative
email address that has been setup.
Verify auto forward options if any setup for the account and associated emails.
Visit the applications page of the social network and remove any apps you do not recognize.
If the account continues to behave erratically, we recommend you revoke access to all
applications.
Cyber Security Guidelines For Securing Social Media Accounts Version 2.1 Page 10 of 19 Classification: Public
Security Awareness Employees managing and / or maintaining the organization’s social media accounts shall be
sensitized and educated on information security. They should be made aware of prevalent
threats such as Phishing and social engineering.
Securing Most Common Social Networking Sites
Facebook:
a. Ensure you're using a secure connection whenever one is available, click Security in
the left pane of Facebook's Account Settings and make sure Secure Browsing is
enabled.
b. The security settings also let you enable log-in notifications and approvals, and view
and edit your recognized devices and active sessions.
c. Security Tips:
i. Protect your password.
ii. Use Facebook’s extra security features.
iii. Make sure your email account(s) are secure.
iv. Logout of Facebook when you have finished your work.
v. Run anti-virus software on your computer.
vi. Think before you click or download anything.
d. Enable 'Login Approvals' from the 'Account Security' section of the account settings
page. Follow the link - https://www.facebook.com/notes/facebook-
engineering/introducing-login-approvals/101501726182589201
e. Update your accounts as per new security tips and guideline of Facebook. You can find
them at https://www.facebook.com/help/3792207254659722
1 This link may change. Refer to Help Section available on Facebook if this link no longer works 2 This link may change. Refer to Help Section available on Facebook if this link no longer works
Cyber Security Guidelines For Securing Social Media Accounts Version 2.1 Page 11 of 19 Classification: Public
Twitter:
a. When you sign up for Twitter, you have the option to keep your Tweets public (the
default account setting) or to protect your Tweets.
b. Accounts with protected Tweets require manual approval of each and every person
who may view that account's Tweets.
c. Security Tips:
i. Use a strong password.
ii. Use login verification.
iii. Government organizations shall get their account validated and verified You
may verify your Twitter account by following instructions and filling up a form
on Twitter (https://support.twitter.com/articles/20174631)3.
iv. Watch out for suspicious links, and always make sure you're on Twitter.com
before you enter your login information.
v. Never give your username and password out to untrusted third parties.
d. Using SMS text message login verification: To set up SMS text message login
verification:
i. Go to your Security and privacy settings on twitter.com and select the option to Verify login requests.
ii. When prompted, click Okay, send me a message. iii. If you receive our verification message, click Yes. (Note: you'll have to enter
your password). iv. You can generate a backup code by selecting the option to Get backup code.
Write down, print, or take a screenshot of this backup code; this will help you access your account if you lose your phone or change your phone number.
e. Update and follow the best practices mentioned by Twitter regularly. You can find
them at https://support.twitter.com/articles/760364
3 This link may change. Refer to Help Section available on Twitter if this link no longer works. 4 This link may change. Refer to Help Section available on Twitter if this link no longer works.
Cyber Security Guidelines For Securing Social Media Accounts Version 2.1 Page 12 of 19 Classification: Public
Instagram:
a. Security Tips:
i. Pick a strong password.
ii. Make sure your email account is secure. Change the passwords for all
of your email accounts and make sure that no two are the same.
iii. Logout of Instagram when you use a computer or phone you share with
other people. Don't check the "Remember Me" box when logging in
from a public computer.
iv. Think before you authorize any third-party app.
b. Update your accounts as per new security tips and guidelines of Instagram. You can
find them at https://help.instagram.com/3690011498433695
LinkedIn:
a. Security Tips:
i. Change your password regularly.
ii. Sign out of your account after you use a publicly shared computer.
iii. Manage your account information and privacy settings from the Profile and
Account sections of your Privacy & Settings page.
iv. Keep your antivirus software up to date.
v. Do not put your email address, home address or phone number in your
profile's Summary.
vi. Consider turning two-step verification on for your account.
vii. Be informed about reporting inappropriate content or safety concerns.
b. Update your accounts as per new security tips and guidelines of LinkedIn,
https://help.linkedin.com/app/answers/detail/a_id/267/~/account-security-and-
privacy---best-practices6
5 This link may change. Refer to Help Section available on Instagram if this link no longer works 6 This link may change. Refer to Help Section available on LinkedIn if this link no longer works.
Cyber Security Guidelines For Securing Social Media Accounts Version 2.1 Page 13 of 19 Classification: Public
a. Impostor Alerts: Enabling this setting in WhatsApp will give you notice that you
may be communicating with an imposter. The way to protect yourself is to go
to the “Settings” icon at the bottom right of your WhatsApp screen (if using
mobile), open up the Account settings area, and turn on the "Show Security
Notifications" setting.
b. Privacy Settings:
i. Lock WhatsApp: Protect the app with a password or PIN. WhatsApp
itself doesn’t offer such a function, however you could look at secure
alternatives where available.
Currently no such feature is available on iOS / Android.
ii. Block WhatsApp photos from appearing in photoroll: You could restrict
your WhatsApp photos from appearing in photoroll.
i. iPhone: Go into your phone’s Settings menu, then ‘Privacy’,
‘Photos’, and deselect WhatsApp from the list of apps whose
images are fed into the photo stream.
ii. Android: Using a file explorer app like ES File Explorer, find
WhatsApp’s ‘Images’ and ‘Videos’ folders. Create a file within
each called ‘.nomedia’. That will stop Android’s Gallery from
scanning the folder.
iii. Hide ‘last seen’ timestamp: You can disable or restrict who sees your
‘last seen’ time in WhatsApp’s ‘Profile’; ‘Privacy’ menu, in Android, iOS,
Windows or Blackberry. Be aware though, if you turn it off, you won’t
be able to see other users’ ‘last seen’ times either.
iv. Restrict access to profile picture: If your WhatsApp sharing is public,
anyone you’ve ever spoken to – even if you’ve just replied to an
unwanted message – can download your pic from your WhatsApp
profile and, using Google Image search, very quickly find out more
about you. Set profile picture sharing to “contacts only” in the Privacy
menu. For corporate accounts, the profile image should be the
corporate logo.
Cyber Security Guidelines For Securing Social Media Accounts Version 2.1 Page 14 of 19 Classification: Public
c. WhatsApp scams: WhatsApp itself will never contact you through the app.
Also, WhatsApp does not send emails about chats, voice messages, payment,
changes, photos, or videos, unless you email their help and support to begin
with. Anything offering a free subscription, claiming to be from WhatsApp or
encouraging you to follow links in order to safeguard your account is definitely
a scam and not to be trusted.
d. Lost / Stolen Mobile: Deactivate WhatsApp if you lose your phone. WhatsApp
recommends that you immediately activate WhatsApp with the same phone
number on a different phone, with a replacement SIM. Only one number on
one device can use the app at a time, so by doing this, you can instantly block
it from being used on your old phone. If that is not possible, WhatsApp can
deactivate your account.
e. Be careful what you talk about: Don’t send personal information if you can
possibly avoid it – addresses, phone numbers, email addresses – and never
send your bank, QID or credit card details, or your passport or other
identification details.
f. WhatsApp Web:
i. Although WhatsApp Web was designed to make life easier by accessing
WhatsApp on your desktop, the service is prone to misuse. Just anybody
who has access to your phone and WhatsApp application can initiate a
web session, scan your WhatsApp security QR code and have complete
access to your WhatsApp chats. This can be avoided by ensuring that
you do not let anybody else have physical access to your phone, in case
where you do need to share, make sure the application is locked with a
PIN.
ii. Remember to logout of WhatsApp Web: The mirroring service makes
life easier while working on PC. However, most users are unaware that
they should ideally logout of WhatsApp Web on Google Chrome
browser either from their mobile or the browser.
iii. WhatsApp web should only be accessed from a dedicated corporate
device
Cyber Security Guidelines For Securing Social Media Accounts Version 2.1 Page 15 of 19 Classification: Public
g. Encryption:
i. First, make sure that WhatsApp has access to your camera. You may
have already allowed this when you installed WhatsApp, but if you did
not, it is an easy setting in your Applications area of your phone.
ii. Next, open a conversation with your friend in WhatsApp and then select
the person’s name at the top of the conversation. This will open the
contact window for that person. Near the bottom of that screen you will
see a setting for Encryption.
iii. Tap on the encryption field, and you will be presented with a screen that
displays a QR code as well as a 60-digit decimal code that represents the
contents of that QR code.
iv. At the bottom of the QR code screen, there is a link that will enable you
to scan your friend’s code, and they can do the same for your code. This
is why you need to allow camera access in WhatsApp, even if only
temporarily.
v. Deactivate the access to the camera when done.
Snapchat
a. Privacy:
i. Keep your Snaps and Stories friends-only: Snapchat sets your account
options to friends-only by default. This means only people you have
added as a friend that have added you back can send you Snaps or view
your own. We strongly recommend keeping it that way so you know at
all times who is viewing what you create. Don’t change your settings to
‘everyone,’ as that means literally anyone with a Snapchat account can
send you messages or see your Stories.
ii. Make sure you know (read: really know) who is on your friends list. If
another user tries to add you as a friend, check whether you know who
it is before accepting it. If the username of the person who added you
does not appear to be anyone you know, it could be a spambot, or an
Cyber Security Guidelines For Securing Social Media Accounts Version 2.1 Page 16 of 19 Classification: Public
overly curious stranger who has no reason to learn about your life via
Snapchat. It is best to ignore these requests.
iii. If you don’t want it to be permanent, don’t Chat or Snap it: Snapchat
content expires after a set time, and Snapchat should also notify you if
someone screenshots one of your Snaps or Chats. But don’t let that fool
you into complacency – your Snaps can definitely be saved (and shared)
for posterity without your knowledge.
iv. Snapchat Live: If you ever try to submit something to a “Snapchat Live”
story — the collection of stories Snapchat creates for events, holidays,
locations or various other reasons — keep in mind that it has the
potential to be viewed by the entire world if it is selected. Therefore,
before trying to submit something, make sure you are comfortable with
that.
b. Passwords: Refer to Error! Reference source not found. section above.
Tumblr
a. Passwords: Refer to Error! Reference source not found. section above.
b. Enable Two-Factor Authentication
i. Click "Settings" under the Account menu at the top of the Dashboard.
ii. In the Security section, enable “Two-factor authentication.”
iii. Enter your phone number.
iv. Now decide whether you would like to receive the code via text or through an
authenticator app. We recommend both in case you need to use one as a
backup.
v. Follow the steps laid out in the Settings page
c. Application Lock: Set up the passcode lock in your account settings on mobile (if
available – it is still in the process of rolling out). This will let you require a passcode
or Touch ID to enter the Tumblr app on your phone.
d. Logging: Enable “Email me about account activity” turned on in your account
settings.
e. Never give an application access to your Tumblr account unless it is from a source
you trust.
f. Always logout of your session once you have finished your work. by clicking on the
account menu at the top of the dashboard and then clicking “Log Out” at the top of
the menu.
Cyber Security Guidelines For Securing Social Media Accounts Version 2.1 Page 17 of 19 Classification: Public
g. Report SPAM
i. From posts on the web: From the dashboard or a search results page, click the
share menu (paper airplane) at the bottom of the post, and click “Report.”
ii. From blogs on the web: Report an entire blog by hovering over the blog's
avatar, clicking the little person silhouette, and clicking “Flag this blog.”
iii. From messages in the app or on the web: Tap or click "Mark as spam" under
the spammer's first message. Note that "Mark as spam" won't appear if it's
somebody you follow, or somebody you've already had a conversation with.
iv. From fan mail on the web: From the inbox, click the three dots at the bottom
of a spam message and choose “Report.”
v. If you do not have access to a computer now, you can use a mobile browser’s
desktop view to report spam following the steps listed above. To get to the
desktop view in iOS, open Safari and visit tumblr.com, log in, tap the share icon
(little box with an arrow) at the bottom of the screen, and tap the gray
“Request Desktop Site” button. On Android, open Internet or Chrome and visit
tumblr.com, login, tap the three dots icon in the top right-hand corner of the
screen, and check the “Desktop View” box.
YouTube / Google
a. Passwords: Refer to Error! Reference source not found. section above.
b. 2 Step Verification for your Google Accounts: Enable 2 Step verification for your
Google accounts to ensure that whenever you log in to YouTube from a new device
(or every time you log on anywhere, depending on your preference), you’ll be sent
a verification number as an SMS text or voice call. Then you can enter your
verification code to ensure that you’re the real you. This protects you against third
parties trying to log in to your account, even if they have your password
c. Always logout of your session when you have finished your work by clicking on the
account menu at the top of the dashboard and then clicking “Log Out” at the top of
the menu.
d. Account Recovery: Add a recovery phone number and secondary secure email to
your YouTube account. Not having both a phone number and a secure email means
your account could be accessed by someone who knows or guesses the answer to
your security question. Keep your recovery information secure and up-to-date.
e. Don’t give your information away via email: You shouldn’t trust emails that you
receive that request the password with which you access your YouTube account. In
fact, if it comes from Google itself, be extra wary – an attack uncovered a few
months ago shows that a malicious URL, in the guise of a company link, could make
users enter their information without realizing it.
Cyber Security Guidelines For Securing Social Media Accounts Version 2.1 Page 18 of 19 Classification: Public
Telegram
a. Passwords: Refer to Error! Reference source not found. section above.
b. 2 Step Verification for your Google Accounts: Enable 2 Step verification for your
Telegram accounts to ensure additional security. Once enabled, you will need both
an SMS code and a password to log in.
c. Account Recovery: Set up a recovery email address that will help regain access,
should you forget your password. If you do so, please remember that it is important
that the recovery email account be also protected with a strong password and 2-
Step Verification when possible. The recovery email should also be a corporate
email.
d. Screenshots: There is no bulletproof way of detecting screenshots on certain
systems (most notably, some Android and Windows Phone devices). Although
Telegram does make every effort to alert you about screenshots taken in your
Secret Chats, but it may still be possible to bypass such notifications and take
screenshots silently. As a general precaution, it is recommended that sensitive
information is shared only with people you trust.
e. Logging Out: Telegram can work simultaneously on as many devices at the same
time, as you like. You should log out of the applications if you are physically moving
away from the device where you are running Telegram. If you log out, you do not
lose your cloud messages. However, you will lose all your Secret Chats and all
messages inside them when you log out. Note that logging out doesn‘t trigger
remote deletion of your secret chat messages on your partner’s device — to do that,
choose ‘clear history’ first.
iOS: Go to Settings, then Edit, then Log out.
Android, Windows Phone: Go to Settings, then Log out.
f. Lost Phones: The phone number is the only way for us to identify a Telegram user
at the moment. So whoever has the number, has the account. There is no way to
recover / secure the data unless you have access either to the phone number or to
Telegram itself on any of your devices.
If have access to Telegram on another device
Go to Telegram Settings — Privacy and Security and turn on Two-Step
Verification. This way the phone number alone will not be enough to log in to
your account.
Go to Settings — Privacy and Security — Active Sessions and terminate your
Telegram session on the old device. Whoever has your phone will not be able
to log in again, since they don't know your password.
Cyber Security Guidelines For Securing Social Media Accounts Version 2.1 Page 19 of 19 Classification: Public
Contact your phone provider, so that they block your old SIM and issue a new
one with your number.
If you decide to switch to a new phone number, don't forget to go to Settings,
tap on your phone number and change your Telegram number to the new
one.
If you don't have access to Telegram on any other devices
First and foremost, you need to contact your phone provider, so that they
block your old SIM and issue a new one with your number.
Wait till you receive your new SIM with the old number, log in to Telegram,
then go to Settings — Privacy and Security — Active Sessions and terminate
your Telegram session on the old device.
g. Removing sensitive data:
If you have reasons to worry about the data on the device and are unable
to log out the other device, it is best that you wipe it remotely. Telegram does
not support remote Wipe, however you could use such features provided by
the phones such as Apple iOS , Android. This requires you to have prepared
in advance for this scenario.
You can delete your Telegram account if you are logged in on at least one of
your other devices (mobile or desktop). Note that inactive Telegram accounts
self-destruct automatically after a period of time — 6 months being the
default setting.
Privacy: You can choose who sees this info in Privacy and Security settings. You won‘t see Last Seen
timestamps for people with whom you don’t share your own.