Facebook Security and Privacy
Today’s blog post moves us away from securing your home computer to another area of interest and concern for the home computer users. Today’s blog post is in the area of Social Media, and more specifically on Facebook Security. Both Christina and I frequently log into Facebook and it’s a great way to stay in touch with friends and family. We even have our own Facebook Page for Homecybersifu; check it out. Facebook security and privacy has always been an item of concern, and Facebook has consistently upgraded their security features to address security and privacy concerns. Given that Facebook has surpassed 1.39 billion registered users, security should be a concern for quite a bit of people and Facebook has done a few things to protect their user base. A couple of things that Facebook does to protect home users include:
Facebook takes proactive measures to defend its own users with respect to security breaches in which usernames and passwords are at risk. There are multiple examples of breaches at one location leading to attacks in another because users quite often use the same username/password combinations on various sites. For example, back in September, a third party site was breached, which lead to exploitation of 5 million accounts and caused Google to have to reset 100,000 accounts. Since WordPress users apparently had reused passwords that were exposed as part of the Google breach, WordPress also had to reset 100,000 of their user accounts. When these sites are hacked, the attackers dump their breached password lists online, making it easy for anyone to scan and use. Now, this is where Facebook does a good thing, and uses these online user credential dumps to secure its users. They do this by analyzing this and many other similar data dumps, and then notifying people when they discover that their credentials have shown up elsewhere on the internet. This is good to know because Facebook accesses credentials that can also be used to log onto other sites and services. In short, this is good to know; Facebook is protecting users from data breaches that they aren’t even aware of.
Facebook also has a program to make malware cleanup easier. Facebook worked with F-Secure and Trend Micro to incorporate free anti-malware software downloads directly into Facebooks existing abuse detection and prevention systems. These are the same systems that help block malicious links and bad sites from among the trillions of clicks that take place every day on Facebook. Here’s how it works. When Facebook detects that a device interacting with Facebook is behaving in a suspicious way that Facebook believes is related to a malware infection, a notification screen about a malware infection, along with a recommendation to use F-Secure’s malware scanning and cleanup technology or HouseCall from Trend Micro. Each product contains distinct malware signatures and is suited to different kinds of threats, some of which your computer anti-virus or similar program might not detect. These versions are up-to-date and will remove themselves once they are done running. The scanner is downloaded and run, during which time you can continue to use Facebook and other services. Once scan is complete you will receive a notification through Facebook and can review your results of the scan.
Facebook has a Facebook security page which provides Facebook related security tips and tools. Given that there are over 1.39 billion accounts, and only 8.5+ million people liking this page, I find it shows that many people are not as up to date on Facebook security as they should be. Thus, I recommend you visit this page and like it, so you can get updates on new Facebook security features are released.
Facebook provides a feature called two-factor authentication for login from new browsers. With login approvals for Facebook, Facebook will send you a short code on your phone to enter when you log in from a phone or computer for the first time. It’s a simple but an effective way to help ensure that you are the only person logging into your account. Go to Security Settings, and Click on Login Approvals, check the box to require a security code to access your account from unknown browsers, and then click save changes. You can also get login alerts to get an alert when anyone logs into your account from a new device or browser. In security settings, click on Login Alerts, and select the mean for which you would like to be notified.
The main security focus on Facebook is to protect your privacy. There are recommended settings that you should set to protect your privacy. You can find several articles on our Pinterest page on how to customize your settings, so we won’t go into all the details recommended setting here. There are also certainly some things you should never post on Facebook because they are an invaluable set of information that criminals look for to commit crimes against you. The following are privacy information that should be avoided for posting on Facebook if possible:
- Your home address and home status: Criminals who are looking to burglarize your house can take advantage of knowing your home address and whether you are home or not. Christina and I know we all have an impulse to post vacation photos of us sitting back on the beach to rub it in on our friends, but we would recommend not posting vacation photos until after your vacation is over. Posting a photo from a vacation or live event lets the criminals know instantly that your home is most likely unoccupied. I believe that Facebook has done away with home addresses and only ask for your hometown now. But, if you create an event that includes your address, make sure you either delete the event after it happens or better yet just have people message your for your address.;
- Don’t post anything work related. I know this one is a lot more difficult to do, but try not to put any information on your Facebook that reveals where you work. One piece of valuable information for identity thieves is to know where you currently work. Also, if hackers want to break into your company’s network, they first work on gathering information on employees of that company so that they can possible do some social engineering to gather information required to break into the company’s network. Remove any information about your current job and be very selective about which coworkers you friend.
- Your relationship status. Including your relationship status on your Facebook page just invites awkwardness. Certain relationship statuses are also a draw for cyberstalkers, who look to take advantage of information you provide with respect to your relationship status. It is probably better to let people find out about your relationship through over means.
- Your Payment information. As with many other sites, Facebook asks you if you want to add your financial information so that it is more convenient for you to purchase gift cards and other products through their site. This information can easily be pulled up if you leave your Facebook profile open in which case a complete stranger can purchase. Also, there is no guarantees that Facebook won’t have a data breach someday. Thus, best not to store credit card information on the site if not absolutely necessary.
- Your phone number. This is another difficult one to do because of several great Facebook security features. By default, people you friend can see your phone number, even if you don’t want to give it to them. To hide your phone number, go to your profile by clicking on your name at the top of the Facebook page. Click on Privacy Settings and Tools, then under “Who can look me up?” change the setting for “Who can look you up using the phone number you provided” to “Friends” only If you have posted your phone number on any events or posts, it’s probably smart to go back and remove them. If someone on Facebook needs your phone number, they can message you directly.
Facebook also provides a good tutorial on Privacy basics which I recommend everyone review. It can be found by clicking on the Privacy Shortcuts Tab and then selecting the “Privacy Basic” link. This takes you to the facebook page explaining about what others see about you, how others interact with you, and what you see.
Follow this helpful hints, and hopefully, you will be better secured while using Facebook.