Cybersecurity Practices for Social Media Users: A Systematic Literature Review

: In this paper, we present secondary research on recommended cybersecurity practices for social media users from the user’s point of view. Through following a structured methodological approach of the systematic literature review presented, aspects related to cyber threats, cyber awareness, and cyber behavior in internet and social media use are considered in the study. The study presented ﬁnds that there are many cyber threats existing within the social media platform, such as loss of productivity


Introduction
The internet has become one of the primary communication channels in the modern era and social media possess a large portion of internet usage ([1] Bosse, Renner, and Wilkens, 2020). A total of 3.78 billion users are predicted to have used social media in 2021 ( [2] Tankovska, 2021 January 28). Most countries have acknowledged that cybersecurity has become one of the most critical issues that has emerged in the past few years with the increased usage of internet and social media ( [3] Tosun et al., 2020). This might be due to the fact that high social media usage has become a new trend, reaching a wide range of people within a short time period ( [4] Constantinides and Stagno, 2011; as cited by Okyireh and Okyireh, 2016). Additionally, the number of and types of available social media platforms, their less reliable design and construction, the large unstructured content, and more opportunities provided for people to act in malicious ways in those platforms have triggered the vulnerability of high-level cyber threats in social media ( [5] Murire, Flowerday, Strydom, and Fourie, 2021). The above citations suggest that users cannot totally rely on technology to safeguard themselves from cyber threats when using internet or social media. Therefore, users have a responsibility to safeguard themselves from their own point of view. Hence, the main objectives of this article are identified as follows: 1.
Identify cyber threats in internet and social media use.
Identify the impact of users' cyber awareness on users' cyber behavior on social media.

4.
Identify the impact of users' cyber behavior on their vulnerability level on social media. 5.
Identify recommended cybersecurity practices for social media users from users' point of view.
The structure of this article is organized with several sections. Section 2 of this article discusses the research methodology. Then, the themes and subthemes of the literature related to the article are further discussed in the following order: cyber threats on the internet are discussed in Section 2.1; cyber threats on social media are discussed in Section 2.1.1; cybersecurity on the internet is discussed in Section 2.2; user awareness when using the internet is discussed in Section 2.2.1; user behavior when using the internet is discussed in Section 2.2.2; cybersecurity in social media is discussed in Section 2.3; user awareness when using social media is discussed in Section 2.3.1; user behavior when using social media is discussed in Section 2.3.2. Next, Section 3 discloses the discussion along with the findings of the literature. Then, in Section 4, the limitations of the systematic literature review are discussed. Finally, the article is concluded with Section 5-future development-which illustrates the formation of main and sub research questions for the future research work, followed by Section 6, which provides our conclusion.

Methodology
Searching through the literature is a significant component of a systematic review. The commonly used literature search component is the preferred reporting items for systematic reviews and meta-analyses (PRISMA) statement ( [7] Rethlefsen et al., 2021). The PRISMA statement is used in this research article to filter the most relevant literature. The PRISMA statement is a road map that supports authors explaining what was carried out, what was found, and what are they planning to do next ( [8] Rafael, Ferran, Edoardo, and Craig, 2021). Additionally, the PRISMA checklist is a tool that can be used to guide systematic review reporting ( [9] Rice, Kloda, Shrier, and Thombs, 2016). The PRISMA statement consists of 4-stage flow diagram and 27 check list items ( [10] Moher, Liberati, Tetzlaff, and Altman, 2009). The adaptability of this article to the PRISMA statement is depicted in Table 1 and Figure 1, accordingly. When searching the literature, more than 10,000 probable articles were found using Wintec OneSearch and Google Scholar online databases with the help of relevant keywords and "AND" and "OR" operators. The main keywords used in the search of relevant articles were as follows: cyber threats, cybersecurity, cyber security, social media, user awareness, and user behavior. From that pool, only 2500 articles were revealed to be suitable, after removing duplicates. Then, only 339 of the most relevant articles were screened, and 170 articles were omitted from that pool due to ineligibility of the abstract. Next, 169 relevant articles were filtered from the pool of screened articles, and 126 of them were disregarded due to the exclusion criteria, as listed in Table 2. Finally, 43 articles were selected as the most eligible ones to include in the literature review, as depicted in Figure 1. and 170 articles were omitted from that pool due to ineligibility of the abstract. Next, 169 relevant articles were filtered from the pool of screened articles, and 126 of them were disregarded due to the exclusion criteria, as listed in Table 2. Finally, 43 articles were selected as the most eligible ones to include in the literature review, as depicted in Figure 1.

Cyber Threats on the Internet
The evolution of cybercrimes in the IT industry dates back to late 1970s. It has evolved from just spam at that time to much more advanced forms, such as viruses and malware, in the present day ( [11] Jobs, 2016; as cited by Kruse, Frederick, Jacobson, and Monticone, 2017). The word "Cybercrimes" covers a vast range of virtual illegal activities performed by cybercriminals via any source of internet-connected electronic device ( [12] Ali, 2019). Experts say that cybercriminals often aim for easy targets with the least resistance, even though they possess many sources, as well as a high level of knowledge on how the technology works and its vulnerabilities. The reason for this is that they can easily commence the hacking with less effort with that kind of user ([13] Shryock, 2019). Gullible users often become targets of hackers and cybercriminals use creative and different ways to collect personal data from them ( [14] Ramakrishnan and Tandon, 2018). The internet has become an essential part of society and it has become the core of connecting and sharing information in modern days. This has led the internet to become a target of various cyber threats, ranging

Cyber Threats on the Internet
The evolution of cybercrimes in the IT industry dates back to late 1970s. It has evolved from just spam at that time to much more advanced forms, such as viruses and malware, in the present day ( [11] Jobs, 2016; as cited by Kruse, Frederick, Jacobson, and Monticone, 2017). The word "Cybercrimes" covers a vast range of virtual illegal activities performed by cybercriminals via any source of internet-connected electronic device ([12] Ali, 2019). Experts say that cybercriminals often aim for easy targets with the least resistance, even though they possess many sources, as well as a high level of knowledge on how the technology works and its vulnerabilities. The reason for this is that they can easily commence the hacking with less effort with that kind of user ([13] Shryock, 2019). Gullible users often become targets of hackers and cybercriminals use creative and different ways to collect personal data from them ( [14] Ramakrishnan and Tandon, 2018). The internet has become an essential part of society and it has become the core of connecting and sharing information in modern days. This has led the internet to become a target of various cyber threats, ranging from cybercrimes (hacking, identity theft, and other forms of fraud) to cyber espionage, cyber terrorism, and cyber warfare ( [15] van den Berg and Keymolen, 2017). Cybercrimes cover various cyber threats, including child pornography, fraud, email abuse, missing children, stalking, copyright, violation, harassment, threats, children abuse hacking, viruses, and many more ( [16] Tripathi, Tripathi, and Yadav, 2016). The impact of cyber threats is changing, based on globalization, imposed security environment level, awareness, and the education level of the administrators and users of a given information and communication environment. These cyber threats can range from privacy, personal, confidential, and classified data loss and fund/cryptocurrency loss to harm to the health and/or life of a person ( [17] Svoboda and Lukas, 2019).

Cyber Threats on Social Media
There are two major categories of social media risks. One is social risk and the other is technology risk. Social risks further branch into two categories, namely individuallevel risk and professional-level risk. Loss of productivity, cyberbullying, cyberstalking, identity theft, and social information overload belong to individual-level risks, while inconsistent personal branding, personal reputational damage, and data breach belong to professional-level risks. Technology risks mainly include malicious software, service interruptions, hacks, and unauthorized access to social media accounts ( [18]

Cybersecurity on the Internet
Cybersecurity is a collection of techniques that have been established to protect individual users' or organizations' cyber environments ( [24] Seemma, Nandhini, and Sowmiya, 2018; as cited by Richardson, Lemoine, Stephens, and Waller, 2020). A cybersecurity culture protects information systems, computer networks, user data, and internet users effectively (

User Awareness When Using the Internet
Cybersecurity awareness is the level of understanding achieved by users regarding the significance of information security, their associated responsibilities, and a series of acts to practice an adequate degree of information security control, safeguarding organizational data and networks ( [27] Shaw et al., 2009; as cited by Zwilling et al., 2020). The first level of defense with regard to information systems' security and networks is awareness. When it comes to the internet, cybersecurity situational awareness is crucial, since it supports in the prevention of compromise of data, information, knowledge, and wisdom ([28] Tasevski, 2016). In one study, older adults had higher information security awareness (ISA) scores than young adults, and a small significant difference was found in the ISA score related to gender, where females have higher ISA scores, compared with males ( [29] McCormac et al., 2017). In contrast to this citation, another research article stated otherwise, indicating that males have more cyber hygiene knowledge than females; however, surprisingly, there was no difference in cyber hygiene knowledge among different age groups ( [30] Cain, Edwards, and Still, 2018). In the research, it was found that higher education levels lead to higher information security awareness of the users. It has been found that higher education level or information security training reduces risky user behavior ([31] Ogutcu, Testik, and Chouseinoglou, 2016). In the multinomial regression analysis, it was found that people with higher education, who are not living in their own housing, more often fall into the cybercrime victims category ( [32] Oksanen, and Keipi, 2013, as cited by Nalaka and Diunugala, 2020). Internet users should always be updated on cyber threats as new threats are emerging and existing threats are evolving frequently. Unfortunately, most users have failed to achieve an acceptable level of protection, compared with the increasing rate of threats ( [14] Ramakrishnan and Tandon, 2018). Human beings are the central figure of cybersecurity, and they should be highly equipped with security awareness to mitigate the risks they face in cyberspace ( [33] Kovacevic, Putnik, and Toskovic, 2020). Factors including a lack of awareness of cyber risks and use of third-party apps, information distributed in social media, and web pages direct hackers to easily exploit these vulnerable users (

User Behavior When Using the Internet
Online privacy research has found that users are interested in privacy protection, but their actual behavior says otherwise. This inconsistency between expressed privacy concerns and actual, contradictory behavior is known as the privacy paradox ( [ A proportion of 63% of the Polish students who responded to one study mentioned that they use a "best practices" approach; however, this term is not clear and can be highly subjective-because their main sources of cybersecurity knowledge are the internet, friends, or colleagues ([43] Szumski, 2018).

Cybersecurity on Social Media
Social media is a collection of electronic communication platforms used by online users to create online communities. They use these platforms to share information, ideas, and personal messages with each other ( [44] Bhatnagar and Pry, 2020). Social media networks provide openness to user profiles and the data they share in the profile. However, this openness threatens user profiles with being revealed or hacked ( [45] Tang-Mui and Chan-Eang, 2017). Most of the social media users are now addicted to sharing their ideas, sentiments, and experiments with a wide range of friends and friends of friends, via videos and photos ( [21] Yan, 2016; as cited by Zhang and Gupta, 2018). People who post information online might not think of security risks associated with it primarily. However, this action can voluntarily reveal more personal information to unknown people than they expected ( [46] Nyblom, Wangen, and Gkioulos, 2020). Employees should be more careful about what they share on social media, since social engineering scams are rising gradually in modern days. Those data can be used against them and their company, together with other personal data that the cybercriminals collected through other consumer data breaches ( [47] Wikipedia, 2020; as cited by Sangster, 2020).

User Awareness When Using Social Media
Disclosing data that have been perceived as less sensitive in social media platforms by the users can also lead to privacy breaches and user awareness around that sphere is still insufficient. One common example of the above matter is GPS tagging of a place that a user is currently visiting, which may alert thieves to commence a robbery in that user's home or apartment. Another example is that disclosing family relationships on social media may lead to privacy issues, such as stalking, slander, and cyberbullying for that family member(s) ( [48] Pensa and Di Blasi, 2017). A stronger information security concern level can be achieved by a high level of privacy awareness (

Discussion
Based on the aforementioned literature, it was found that there are many cyber threats existing within social media platforms, such as loss of productivity, cyberbullying, cyberstalking, identity theft, social information overload, inconsistent personal branding, personal reputational damage, data breach, malicious software, service interruptions, hacks, unauthorized access to social media accounts ( [18]  All users should have enough current and updated cyber awareness and cyber behavior to safeguard themselves from the aforementioned cyber threats. Tragically, most users have failed to achieve an acceptable level of protection compared with the increasing rate of threats ( [14] Ramakrishnan and Tandon, 2018). People who post information online might not think of security risks associated with this behavior. However, this action can voluntarily reveal more personal information to unknown people than they expected ( [46] Nyblom et al., 2020). It is also revealed that most social media users are unaware of the risks and vulnerabilities associated with those platforms unless they have experienced those in their real lives ([50] Atiso and Kammer, 2018). Hence, it is always recommended that users take enough precautions to safeguard themselves from cybercrimes from their point of view, since the most powerful user privacy protection strategy in social media platforms falls into users' own hands. Only they can control what they publish, and to whom, on those platforms ( [48] Pensa and Di Blasi, 2017).
When it comes to factors affecting cyber awareness, it was discovered that age, gender, and education level may or may not affect the cyber awareness of internet users. Older adults had higher information security awareness (ISA) scores than young adults. A small significant difference was found in the ISA score related to gender, where females had higher ISA scores compared with males ( [29] McCormac et al., 2017). In contrast to this citation, another research article stated otherwise, finding that males have more cyber hygiene knowledge than females; however, surprisingly, there was no difference in cyber hygiene knowledge among different age groups ( [30] Cain et al., 2018). In the research, it was found that higher education levels lead to higher information security awareness of the users-higher education levels or information security training reduces risky user behavior ( [31] Ogutcu et al., 2016). However, in a multinomial regression analysis, it was found that people with higher education and who are not living in their own housing are more likely to fall into the cybercrime victims category ( [32] Oksanen, and Keipi, 2013, as cited by Nalaka and Diunugala, 2020).
Several items of the literature support the idea that cyber awareness has an impact on cyber behavior. Research results show that higher awareness was connected with a lower number of reported online risky behaviors ( [ as cited by Chang and Coppel, 2020); additionally, they found that cyber behavior has an impact on the vulnerability level that users face. In another study, it was identified that the cybersecurity behavior of the respondents potentially makes them vulnerable to cyber threats ([38] Muniandy, Muniandy, and Samsudin, 2017).
According to the research findings, it was identified that the cyber awareness of a user plays a vital role to overcome various cyber threats in cyberspace. Some researchers find a given user's age, gender, and education level have an impact on their cyber awareness; although, some researchers disagree on this. Additionally, some studies suggest that users' cyber awareness has an impact on users' secure cyber behavior, while some studies suggest that this is not the case. The authors were unable to identify enough literature to analyze the impact of users' secure cyber behavior on their vulnerability level, specifically relevant to social media. Figure 3 summarizes the overall findings of the discussion section.
impact on the vulnerability level that users face. In another study, it was identified that the cybersecurity behavior of the respondents potentially makes them vulnerable to cyber threats ([38] Muniandy, Muniandy, and Samsudin, 2017).
According to the research findings, it was identified that the cyber awareness of a user plays a vital role to overcome various cyber threats in cyberspace. Some researchers find a given user's age, gender, and education level have an impact on their cyber awareness; although, some researchers disagree on this. Additionally, some studies suggest that users' cyber awareness has an impact on users' secure cyber behavior, while some studies suggest that this is not the case. The authors were unable to identify enough literature to analyze the impact of users' secure cyber behavior on their vulnerability level, specifically relevant to social media. Figure 3 summarizes the overall findings of the discussion section.

Limitations
Based on the findings in the discussion section of the systematic literature review, some significant limitations have been identified by the authors, as follows: (1) The authors were unable to identify any studies relevant to recommended cybersecurity practices for social media users from users' points of view, to the best of their knowledge. (2) The authors were unable to filter any studies discovering the impact of social media users' age, gender, and education level on users' awareness on social media platforms' security-related features, to the best of their knowledge. (3) The authors were unable to find any studies revealing the impact of social media users' awareness of social media platforms' security-related features on social media users' secure behavior in it, to the best of their knowledge. (4) The authors were unable to find enough studies disclosing the impact of social media users' secure behavior on their vulnerability level in the platform, to the best of their knowledge.
We aim to explore the above aspects in our future research to enhance/expand the review presented in this paper.

Future Works
The present research was mainly focused on identifying recommended cybersecurity practices for social media users from users' points of view. Additionally, it intended to

Limitations
Based on the findings in the discussion section of the systematic literature review, some significant limitations have been identified by the authors, as follows: (1) The authors were unable to identify any studies relevant to recommended cybersecurity practices for social media users from users' points of view, to the best of their knowledge. (2) The authors were unable to filter any studies discovering the impact of social media users' age, gender, and education level on users' awareness on social media platforms' security-related features, to the best of their knowledge. (3) The authors were unable to find any studies revealing the impact of social media users' awareness of social media platforms' security-related features on social media users' secure behavior in it, to the best of their knowledge. (4) The authors were unable to find enough studies disclosing the impact of social media users' secure behavior on their vulnerability level in the platform, to the best of their knowledge.
We aim to explore the above aspects in our future research to enhance/expand the review presented in this paper.

Future Works
The present research was mainly focused on identifying recommended cybersecurity practices for social media users from users' points of view. Additionally, it intended to identify the factors affecting users' awareness on social media platforms' security-related features and impact of social media users' awareness on their behavior in social media platforms. However, above topics are not significantly addressed in the past literature, to the best of the authors' knowledge. There were not enough studies found to identify the impact of social media users' secure behavior on their vulnerability level in the platform. Therefore, it may be worthwhile to carry out further research, considering these variables (including their correlations), to identify recommended cybersecurity practices for social media users from users' points of view. The limitations mentioned earlier are also areas worth investigating.

Conclusions
Cybersecurity, within the context of social media, is a timely topic to be discussed considering its large user base all around the world. There are many cyberattacks existing in the current social media sphere, according to the literature discussed in this article. Although there is an in-built security framework within the different social media platforms, it may not be enough to protect the social media users from cyber attacks. This is due to human error, where there is the possibility of opening backdoors for commencing cyber attacks. User awareness and user behavior play a major role to reduce the impact of human errors. The impact of factors, such as age, gender, and the education level of the users on their cyber awareness in social media platforms' security features is not clear, based on the current literature found. However, the impact of cyber awareness over cyber behavior is backed by several studies, discussed in the article. Additionally, there is not enough evidence to prove the impact of users' secured cyber behavior on their vulnerability level on social media platforms. Hence, further research is crucial to identify the factors affecting user awareness, users' secure behavior, and users' vulnerability level on social media platforms. Moreover, it is significant to discover recommended cybersecurity practices for social media users, based on the impact of the aforementioned variables.

Conflicts of Interest:
The authors declare no conflict of interest. Table A1 illustrates the high-level concept of cyber threats on the internet in terms of types of threats, need for trust, need for awareness, and need for a high-level security framework by few researchers in recent years. These are further explained in Section 2.1 of the article. Trust is a key element in cybersecurity strategies Cybersecurity Qualitative It is important to identify the cyber threats exist specifically in social media since the significant portion of internet usage is due to the usage social media. Table A2 depicts some research works based on this domain by few researchers. More in-depth description is provided in Section 2.1.1 of the article.   Table A3 presents few key findings on cybersecurity on the internet in last few years. This mainly covers the emerge of cybersecurity and state cybersecurity regulation requirement, cyber awareness, and behavior. Section 2.2 is provided with more detailed explanation of the below literature accordingly.  Table A4 describes this aspect further using few related studies from recent years. In those research works, it is identified that higher education level, gender, and age have an impact on user awareness level on internet. These variables are further described in Section 2.2.1 of the article. The probability of becoming a cyber victim of the youth is more than 50% and online security awareness among the youth generation is less

Cyber victimization Quantitative
Responsible user behavior when using internet is also important in this digital era. Table A5 is highlighted several factors impacting cyber behavior in internet based on some literature analyzed with this regard including cyber awareness and internet addiction. Section 2.2.2 illustrates the below key findings thoroughly.   Table A6 explains the need of cybersecurity in social media. Some of the below literature highlights the important of this aspect in terms of students and employees as well. Cybersecurity on social media is further explained in Section 2.3. User awareness in social media is important as same as internet awareness. Table A7 depicts the important facts in this domain found in some previous research works. These facts are discussed in Section 2.3.1 in the article. User behavior in social media is equally important as cyber awareness. Table A8 illustrates some crucial aspects of this aspect by some researchers. This is further explained in Section 2.3.2 of the article.