- You are a data point in Facebook's world. They know what you do, what you like, where you go, how you get there, where you live, what you're worth and what you buy.. Curb their access with these 8 steps.
Each one of us is a collection of data points. Every time we provide our email, shop online, download an app, enter a contest and share information on social media, we become data points, to be categorized, quantified, and sold in the digital world.
Businesses, marketers, and researchers all track data about our behavior, but no one does it bigger or better than the social media and tech giants like Facebook, Google and Amazon.
Facebook has been a magnet for public scrutiny, because of its size and reach, the misuse of its platform, and the vast amount of data it possesses on its users. Yet, most people do not know much about how their data is being used.
Below are 8 steps you can take to lock down your Facebook profile. If you're more interested in either disabling or deleting your account, those instructions can be found here: (Delete or Disable)
1. Managing your Privacy Settings
First rule of thumb: Don’t leave anything public.
Not your posts, not your email or phone number, and definitely not your friends list! The more information you leave out there in the public domain, the easier you are to target with a spear phishing email or other social engineering tactic. Also, if you don’t know or trust all your “Friends”, you should strongly consider limiting the information they can access as well.
Facebook Data Download
If you want to download a complete copy of all the information available, click Settings when logged in to your Facebook account. On the General Account Settings Screen, there's a small link: "Download a copy of your Facebook data."
Clicking this will start a large data dump of more than 69 data fields, including your IP addresses, facial recognition data, check-ins, advertisements that you've clicked, religious and political views, last location, and more.
Use Mozilla Firefox + the "Facebook Container" add-on
Facebook has a habit of tracking their users' activity across visits to other websites. Mozilla Firefox has released an add-on to their browser (available here: https://addons.mozilla.org/en-US/firefox/addon/facebook-container/) that allows users to isolate their Facebook identity from the rest of their web-browsing activity. The extension deletes your cookies and makes it harder for Facebook to track your browsing data.
2. What devices have access to your account?
Facebook allows you to see every device that is currently using and logged in to your Facebook account. A straightforward way to ensure there’s no unauthorized access is to periodically check this. In my case, I know that I’m logged in where I currently am in Annapolis, and on all my devices here at Summit in Millersville.
However, if I see Philadelphia, a city I have not visited in years, or a town in Missouri, the state where I grew up, that is a sign for alarm. To ensure my security I would do two things:
- Use this tool to log out of the suspicious sessions.
- Click the three dots and then log out.
- Change your password.
- This makes sure if your login is compromised, the intruder can’t get back into your account.
3. Facebook Quizzes
Facebook quizzes are popular because people are curious. Everyone wants to know what TV show character, type of animal, or celebrity they’d be! The issue is, quizzes tend to share your data with the app developers directly. These developers aren’t employees of Facebook themselves and operate by a different, less regulated, set of rules. They may ask for information about your profile, friend lists, email addresses, all the posts on your timeline, and even access to your photos!
Quiz developers are essentially data farmers. They collect as much information as they can about you and sell the information to spammers, advertisers, and anyone else who will pay them for it.
“But I still want to know what superhero I’d be!!!”
Is it worth it? If the quiz is hosted on a 3rd party page, you may encounter malware. It's not uncommon on clickbait sites where quizzes are generally published.
If you really want to take that quiz and it's hosted on Facebook itself or a reputable site that you know and trust, create a new email address that you’ll only use for spam messages. Don’t open them, don’t check this inbox, just create it and delete every email that comes into it. Then, use that e-mail to create a new Facebook account. Don’t put ANY information into this account. No pictures, no posts, no check-ins, not even your real name.
Then, take that quiz. You’ll be flattered to know you’re most like Ironman.
4. Do Those Apps Have Too Many Permissions?
Before you play that game, do you really want to give whoever made it your email address, friends list, and information on your profile? Do you know how they’ll use it? Do you trust whoever developed this game or quiz?
Applications on Facebook, the Apple App store, and other locations are made by third parties that may, or may not, have strict privacy and security controls to keep your data safe. Some applications are specifically created with malicious intent. Back in 2016, there were claims that a 3rd party flashlight app was malicious and asked for too many permissions. Once permissions were granted, the app could turn on your phone’s microphone and record your conversations. Then it sent those conversations to a server in China.
Facebook allows for you to control the apps and games that are linked to your account, plus the information they can receive. Keep tabs on what you download and use common sense when it comes to allowing permissions. If your calculator app needs your call history, contact list, and ability to post to facebook in your name – chances are, that’s a malicious calculator!
5. Get Security Alerts
Security alerts are a quick way for you to remain up to date on who’s attempting to access your account. Sometimes these alerts will pop up if you’re using a public computer or a brand new device that you typically don’t use – but if you haven’t logged on with a unrecognized browser – then it’s time to log out and change your credentials.
6. Two-factor Authentication
Two forms of authentication are always a good idea where available. Your Facebook account makes this an option. It’s pretty simple, too. After you put in your password, a website will email or text you a one-time use secret code. You put that code into the website to confirm your identity, and then it lets you log in. Even if someone steals your strong, unique password, they'd ALSO need access to your email or phone (which is hopefully harder to get!)
7. Your Personal Brand
Now, let’s get a little more vain. Facebook is a place for bragging, showing off success, being argumentative and opinionated, and proving that the person who dumped you sophomore year really screwed up.
But… maybe it shouldn’t be.
Employers, law enforcement, potential dates – they all can look at your social media presence to build an idea of your life. Be careful and plan what you post. Think of Facebook like your personal marketing tool. If you post the wrong thing, you could wind up paying for it.
However, it’s not yourself you need to worry about. Think about your “Friends”. If you’re like me, you probably know a few people that you might not want posting on your timeline or tagging you in humiliating photos. You can control that.
Go to your timeline and tagging settings. Turn on Review. This allows you to review the posts you’re tagged in before they appear on your timeline and review any tags people want to include you on.
8. Malicious Links, Posts, and Messages
The challenge of social media security is that it allows a single person to spread content to a large group of people with little effort. Links to malicious websites that can install malware, steal your personal information, or cause financial harm are often shared on social media sites. It’s important to think before you click.
Facebook does a pretty good job at flagging malicious links with messages that warn you about the safety of a link before directing you to the content you click on. If you see this message, it’s usually a good idea to click cancel and avoid that content.
Keep Security Top of Mind!
Security awareness is important for anyone who has an online presence, which is why we built Phishgoggles Security Awareness Service. If you found this guide helpful, please share with your friends, family, and co-workers to ensure their Facebook security! If your business is interested in more information on security precautions and preparedness, let's talk.