On September 28, 2018, Facebook disclosed that it was hacked, exposing the accounts of 50 million users. Despite the staggering amount of information affected by this breach, many individuals have been dismissive of the risk. They wrongly assume that because their use of social media is limited to posts of family events and vacations, cute pet photos, memes and other “trivial” matters they need not be concerned. However, innocent posts can indeed be clues that help cyber criminals access financial records and other seemingly secure data.
You should consider adopting these practices in response to the Facebook breach and whenever you engage with the Facebook community.
- Change your Facebook password now. Best practices dictate that you should update your passwords on a regular basis, but that is not something that everyone remembers to do. At an absolute minimum, change your password when you have reason to suspect there might be a problem, whether or not you are notified that you were a victim of the Facebook breach.
- Don’t use the same password for all of your accounts. It should go without saying that no one should be using “password” or “1234.” However, even complex passwords can be exploited by hackers who will try to reuse a hacked password from Facebook to access other, more valuable accounts.
- Update your account’s security and privacy settings. On each occasion that you update your password for any reason, use the opportunity to update your privacy and security settings. Many of the settings – such as links to outside websites or applications – permit Facebook and others to be track your online conduct without your being aware of it. Facebook and other social media update your options in response to public pressure and evolving regulation, but generally, you must affirmatively take action to take advantage of the higher security or privacy settings that are offered. One strong security measure that Facebook offers is the opportunity to be notified when there has been a sign-in on your account from a device that you have not previously used to access your account. Make sure this setting is enabled.
- Consider who you share information with. Each time you post, you should consider who you want to receive the information. Facebook offers options, for example, to share content with the “public,” “friends,” “friends except…,” “specific friends” or specific groups or family. Set your default option to “share with friends,” and then consider, on each occasion, whether an even more exclusive post is appropriate. “Public” sharing should be rare and for a special purpose, as anyone on Facebook may access that content.
- Consider what information you share. A favored purpose of social media is to share personal information about our families, our accomplishments and our experiences. However, that same information is often used as identification or security clearance in sensitive accounts. A tribute to your mother on her birthday may be heartfelt, but also may disclose her maiden name and date of birth. The street you grew up on or your best friend in public school are also frequently security questions because it is presumed that only you will know those answers. However, when you share that information, it can be misused. One suggestion may be to create a consistent protocol for answering security questions, such as deliberate misinformation or character substitutions, so that the information on social media will never correspond to the correct security answer even if you post a picture of Fluffy your cat when you lived on Smith Street.
- Consider when you share information. We all love to share our experiences in real time. But posting that you are at the airport on flight 000 leaving for Antarctica for the three-week adventure of a lifetime also announces that you will not be home for that period. Perhaps a curated selection of photos and videos from your trip, posted when you return, might be a better choice.
- Be wary of clicking on links from Facebook. Many posts, especially the most salacious ones, will install malware on your computer, mobile device or in your Facebook account when clicked on. These can contain viruses, denial of service or other malware. If this happens, run your virus/malware scan program and check your list of apps to see if anything was recently installed without your permission. This is also another good time to change your password.
- Beware the “copy and paste, don’t share” scam. Heart-rending posts of animal abuse, disabled children who have never had a friend or soldiers whose service to America is not adequately acknowledged are often accompanied by an imperative that the post be copied and pasted, rather than shared. However, a user who copies and pastes can be easily identified using the keywords in the post, whereas sharing is not readily trackable. Thus, the posts are generally scams, designed to generate lists of gullible participants who can be targeted later for malware, sent targeted advertisements or used to earn pay-per-click ad income. Tip-offs include photos that have been circulating on the internet for years, intentional emotional manipulation, threats that the message will be blocked if not shared, misspellings and bad grammar.
- Don’t always trust the information or source. In these challenging times, it is often difficult to discern the source of any given post or its accuracy. Even content shared by a friend may have been generated elsewhere before reposting. If something seems too good to be true, it usually is. If something seems too bad too be true, the same rule may apply. Regardless, if your antennae go up, take a moment check on Snopes, another fact-check program or even by sending a private message to the friend who posted. Or, simply let it pass, without sharing it with others or clicking on its links.
- Never use Facebook to log in to other apps. One popular feature that Facebook offers is “Log in with Facebook,” which enables you to use your Facebook credentials to log in to other apps and websites. Log in with Facebook enables you to use a single log-in on multiple platforms; it may also enable third-party sites to run scripts that permit access to your private Facebook account information. Conversely, a breach of your Facebook account (such as reported last week) may enable hackers to gain access through Log in with Facebook to more valuable private data stored on non-Facebook sites, such as those storing healthcare and financial information.
- Remember, social media is social. By its nature, anything that you share on social media may be shared with others, with or without your consent. It may be added to, commented on or changed. It may be misinterpreted, misunderstood, or just unwelcome. Remember too that social media content, like all internet content, is forever. There is no effective way to ensure that your deleted content is not archived, shared, stored or copied with attribution by another. Put another way, do not post anything that you would not want to appear on a job application years in the future.