FACEBOOK SECURITY GUIDE
Welcome to the breakdown of the essentials to start off securing your Facebook experience. More detail can be found in our pages, articles and content on this site.
Why Care About Facebook Security?
It’s safe to say that, most Facebook users don’t really think about the implications of entering very personal information, making friends, and playing games on social networking sites. The posts you send to Facebook contain information about you, whether you realize it or not. Every opinion, every lack of opinion tells a story about your personality, every “Like” is an endorsement, every picture and location tag tells people about where you go and what you do. This information is gold dust to advertizers, but also to stalkers & hackers looking to target you, your friends and family.
This is where we step in to help you, with guides and advice to help you and your families stay safe on Facebook.
What We’ve Covered:
- Strong Passwords
- Never Reuse Passwords
- Never Use Public PC’s
- Always Logout of Facebook
- Setting Up Your Profile & Basic info
- Setup Trusted Contacts
- Use Two-Factor Authentication
- Associate A Mobile Number
- Abuse & Blocking
- Protect Your Mobile Devices
- Restrict How People Can Find You
- Control Automatic Posts & News Feed Notifications
- Friends – Which Requests To Accept
- Categorize Friends Into Lists
- Approve Everything Before It Hits Your Wall
- Your Privacy
- Don’t Reveal Too Much
- Be Smart With Tags
- Protect Yourself From Apps You Install
- Protect Yourself From Your Friends Apps
- Don’t Install Too Many Apps
- Avoid Phishing Scams
- Prevent Your Pics Appearing in Ads
- Secure Your Photo Albums
- Tune Privacy & Location Settings
- See What Data Face Has On You
- Deleting Your Facebook Account & Data
- Worldwide, there were over 2.5 billion monthly active Facebook users for Q3 2018
- In Europe, over 307 million people are on Facebook
- Photo uploads total 300 million per day
- Facebook removed 583 million fake accounts in the first three months of 2018
- 68% of Americans use Facebook
- Only 50% of American teens use Facebook
- 35% of Facebooks ad audience is under of 25
- 1.1 billion Facebook users speak English
- 88% of Facebook users access is via a mobile device
- 43% of Americans get their news from Facebook
- An average Facebook user clicks on 8 Ads per month
Use Strong Passwords
Always use strong passwords for every account you have. If possible, we strongly recommend using password managers.
NEVER Reuse The Same Passwords
Always use different strong passwords for every account you have. Yes, we have said this before, but it is one of the basic security tactics you can deploy to stop hackers. Again, we strongly recommend using password managers to help you create strong random passwords.
NEVER Login From A Public PC
Never, EVER login to your Facebook account from a public device (free internet kiosk, library pc, hotel business center etc). You should only ever login to your account from a device you explicitly trust. A great way for hackers to compromise many accounts is to hack shared public devices. These get a lot of use from casual users – and users who are careless enough to login to their accounts from places like these are also the types of users who will use (and reuse) simple passwords on all of their accounts and are also unlikely to apply security settings to the platforms they use. So, the perfect target for hackers.
Logout After Each Session
When you’re accessing Facebook from a PC or laptop, logout each time, not just close the browser.
Setting Up Your Facebook Profile & Basic Information
Do consider that using a shortened version of your name or a nick name will be fine, friends or people will still be able to find you through mutual friends and your profile pictures of yourself. Disclosing your full name is a vital piece of information that is needed for identity theft when used together with other things like, your date of birth, address / location and email address etc. Some of these might be difficult to avoid giving out – so just be careful and think about the total amount of information you will be providing.
If you will be sharing lots of drunken photos of you dancing on tables; you might not want your current boss or future employers to see that. If they can’t search for them under your real name, its much harder for them to catch you !
It’s nice getting birthday wishes from friends on our Facebook wall; It makes us feel all warm inside knowing that people remembered. The problem with that warm fuzzy feeling is, when you list your birthday you are providing identity thieves with one of the 3 or 4 pieces of valuable personal information that is needed to steal your identity. It’s best to not list the date at all, but if you must, at least leave out the year or use a false date (but you might need to remember this to verify your account at some later time).
Whether you are in a relationship or not, it may be best not to make your “Relationship Status” public knowledge; and it doesn’t get more public than Facebook. Stalkers would love to know that you just became newly single. If you change your status to “single” it could easily be interpreted as a green light to start stalking you again now that you’re back on the market. It also lets them know that you might be home alone since your significant other is no longer around. Much better to just leave this status blank on your profile.
Setup Trusted Contacts
Facebook has a security feature called Trusted Contacts. This asks you to select a small group of close, reliable friends who will be your point of call in the event you can’t access your account, if your security questions have been changed or have been forgotten. Facebook will then send different codes to these friends, which need to be put together to make one code, eventually allowing you to access to your account. Obviously, you will want to choose your Trusted Contacts wisely.
To access this option, click on the gear button located at the top right-hand corner of your Facebook screen, followed by clicking Account Settings > Mobile on the left-hand sidebar.
Use Two-Factor Authentication
Adding Two-Factor Authentication (2FA) can enhance your account security on Facebook. Enabling this function will send a code to your phone, which you will need to enter before you can login to Facebook. This can stop hackers gaining access to your account even if they have scammed you out of your username and password.
Associate Your Mobile Number
Associating & confirming your mobile number is one of many ways to enhance your account security on Facebook. This way, even when you lose or forget your password, Facebook will be able to send you a new one via SMS.
To access this option, click on the gear button located at the top right-hand corner of your Facebook screen, followed by clicking “Account Settings”, then by clicking “Mobile” on the left-hand sidebar.
Along with extra benefits, such as being able to make status updates and view friend requests, adding your mobile phone number to your Facebook account allows you to quickly recover your account, should it ever be compromised by unruly hackers.
Protect Your Mobile Devices
This could well be advice people do not associate with Facebook, but a surprising 30% of mobile device owners do not protect their devices.
Most of Facebooks legit users access the platform using a mobile or a tablet, it goes without saying that other sensitive information will also be kept safe with this vital security measure.
Making sure that you regularly install the security updates for your phone or tablet to keep your device secure. Hackers use many ways to harvest information on people and tricking the into installing fake or poorly secured apps that can scrape their data.
Check Your Profile Privacy Settings
This will allow you to tailor your profile page to specify who can see which parts of your profile.
Click Settings > Privacy Settings > Profile. If you choose Customise in the drop down box, you can be specific. If you have set up the friend lists in the steps mentioned before, you can select them here to make management easier. Also go to the Contact Information tab then choose what contact information you want to share and who you want to see it. For instance you can choose which of your friends can see your mobile number, email address or IM accounts.
Restrict How People Can Find You
Click Privacy > Search to set who can find you and what they can see when someone searches for you on Facebook.
This is a really important way to protect your Facebook privacy. This is where you can select if you want people to find you by email, phone number or name search.
You can also select what parts of your personal information will be visible in the search results.
Abuse & Blocking
Hackers & malicious Facebook accounts and applications are easy to spot. If you are able to identify suspicious people, apps or events, head over to the blocking page, where you can specify which users and applications to block.
To access these options, click on the gear button located at the top right-hand corner of your Facebook screen, followed by clicking Account Settings > Blocking.
By blocking suspicious users and applications, you can nullify malicious links and requests, stopping threats from particular accounts before they can even reach you.
Many Facebook users are unaware of the dangers of accepting random friend requests. Accepting Friend Requests with somebody on Facebook allows the to access personal information about you, including your full name, location, school/college, workplace, birthday and more.
This info can easily be exploited by identity thieves, and so it’s always the best policy to reject friend requests from people you don’t actually know in person.
It’s often said that security is only as strong as the weakest link in the chain and that’s true. With all the security settings and tweaks we list, if you open a lot of information up to friends (and especially friends of friends) then you are trusting them to keep your comments, activities and photos safe. This might be fine for you at the time you set up the account, but do keep this in mind as life moves on. You may well fall out with friends, partners and family and such is the way of life, people do chatter and gossip. Many people added as friends on people’s Facebook accounts are not really what you would class as a friend in the real world, so be careful what you would want shared with them or people who they add as friends – because they are more than likely total strangers to you. How much do you know about them or trust them ?
Split Friends Into Lists
It’s always a good idea to separate friends, family and work colleagues in your Facebook profile and Friend Lists help you do that. Friend Lists are key to your Facebook privacy settings. Select Friends from the top right menu bar, and choose Create to create friend lists like Family, Work, Darts Team etc. Your friends can’t see your lists, so you can name them whatever you like.
Your lists will show on your left hand column. If you have created a lot, they may not all show up by default. Click More to see all of them, then drag and drop those you want to see all the time; above the separator line.
Secure Your Posts
One of the first things to know about posting on Facebook is ensuring you know how to restrict who can see what you have posted.
You have the option of restricting the view to:
- Friends & Friends of Friends
Public – This is the default setting. This means your post can be viewed by everyone, even people who not have a Facebook account.
Friends – This will restrict your posts so that only people you have accepted as Friends on Facebook can see them.
Friends & Friends of Friends – This is the next step up. This will restrict your posts so that only your friends and their friends can see what you have posted.
Custom – Here is where you can get creative. If you were smart enough to follow out advice earlier and divide your friends into lists (like, Friends, Family, Work etc); you can now select which of these lists will be able to see your posts. So now you can keep your weekend party lifestyle safely away from your colleagues in the office.
Approve Everything Posted To Your Wall
Facebook allows you to authorize / confirm posts & content before they can appear on your wall.
This is a fantastic feature that allows you to keep tight control over the content that automatically gets published and displayed to your friends. This means that none of your friends can post anything on your wall unless you want it there.
While this can be a really big help against embarrassing moments being seen by your work colleagues or for countering cyberbullying to a degree; remember – it does not prevent content about you being posted on other friends walls, pages or groups.
Control Automatic Wall Posts and News Feed Updates
Your actions in Facebook such as comments, likes, appear as highlights on ALL your friends’ home pages. The Friend List options can’t be used or selected from here, you can only turn these updates on or off – no other options just yet.
Go to Privacy > News Feed and Wall and choose whether you want your family or ex-girlfriend to know that you’re now “In a Relationship”, “Divorced” or a “In a Civil Partnership”.
OK. So you’ve got this far through our Facebook Security Guide, that must mean that you have at the very least a small interest in safeguarding your information – or worst case scenario; you have already had something bad happen to you as a result of Facebook or other social media content.
As you have made it this far, don’t throw away all your hard work so far by including content in posts that reveal more about yourself or situations than you want known.
One of the good things about social media platforms is that they can give you a view of a certain timespan of your life, views, opinions and online activity. As good as this is, its also very valuable for scammers and worst of all stalkers. If you have not properly secured the privacy level of your posts and pictures, they will be open for people to pour over and scrutinize for collections of small details (your birthday, names of family members, names of ex-boyfriends / girlfriends, name & location of your school / employers, home address, if you are moving house, the name of your bank, what car you drive, when & where you go on holiday, hospital appointments etc). All pieced together over time.
You can keep an eye on this by downloading a copy of all the data Facebook has on you, but firstly – think before you post.
Be Smart With Tags
Tagging and being tagged in pictures & posts is a fun way of keeping track of pictures of you on Facebook, but can also result in you being tagged in posts that have nothing to do with you and that could have content or views that you do not agree with (social or political views or images that look like you are located or doing things that you weren’t).
By protecting who can tag you, you can control what and where your name & profile is linked in tags by anyone, anywhere on Facebook. A good step to work against cyberbullying, but this does not stop anyone mentioning you or your profile in posts / images without tagging your profile.
YOUR GAMES & APPLICATIONS
Protection From Applications You Install
Here we are talking about External applications like Disqus etc; anything that you will use Facebook to authenticate you. There is no way to control what information applications can see about you, it is all your publicly visible data or nothing – set by you turning the setting on or off.
You should authorise only those applications you absolutely need and feel that you can trust.
Go to Settings > Application Settings from the top menu. Change the drop-down from Recently Used to Authorised. Here you can see all the applications you have authorised to get access to ALL your profile information. Remove the ones you don’t or no longer need.
Also check the list of applications Allowed to Post and Granted Additional Permissions and remove unnecessary ones.
Don’t Install Too Many Facebook Games & Apps
Facebook offers hundreds of thousands of third-party apps, some of which unfortunately pose extreme security threats. In the past, many malicious Facebook apps have spammed users and hijacked accounts.
Facebook does have some processes in place to protect users from rogue apps, such as App Passwords, in place to better vet their apps and ensure security. However, it is also a good idea to examine each app properly before giving it access to your Facebook information. Most users do not, so our advice to you is to always look carefully at what you are installing and be very careful of apps people recommend to you and if you would really trust them to be security savvy.
Protect Yourself from Your Friends’ Applications
I’m sure that you may well have seen many many invitations from friends to try an new Facebook game or application, take a quiz or send hearts. Well these can be blocked so that you will never receive application invites from particular friend or never from that offending application.
Go to Privacy > Applications, and click the Settings tab and uncheck all the boxes.
This is where you can control the parts of your information that is visible to applications installed by your friends.
As standard all of these options are set to be visible. This means that your religious and political preferences, pictures, quotes, books and films liked, etc. are all readily available to be used by any of the hundreds of millions of Facebook application developers, each time any of your friends takes a quiz, plays a game, or runs any other Facebook application. If you leave these setting as visible, your information can be gathered by application developers even if you yourself have not installed the application.
Tune Your Facebook Wall Privacy & Location Details
Go to your profile page, click Options > Settings under the status box.
Here you can control whether your friends can post to your Wall, and who can see the posts made by your friends.
There are a lot of people who love the location tagging feature on Facebook that allows them to let people know where they are 24/7. Other applications and services use this and plugin to Facebook too (FourSquare, GoWala etc).
The problem is that you have just told everyone that you’re on holiday (and not at your house). If you add how long your trip is then thieves know exactly how much time they have to rob you. The best idea is not to provide your location at all. You can always upload your holiday pictures when you get home and show off your tan then. Just be mindful of what you post, where and when.
It’s also extremely important that parents make sure their children never put the fact that they are home alone in their status for very obvious reasons.
We like to think that only our friends have access to our status, but we really have no idea who is reading it. Your friend may have had their account hacked or someone could be reading over their shoulder at the library or coffee shop.
The basic rule is not to put anything on your profile or status update that you wouldn’t want a total stranger to know. You may have the most stringent privacy settings possible, but if your friend’s account gets compromised than those settings are useless.
Securing Your Photos
On the Photos tab of your profile page, click Album Privacy. Here again, you can use your Friend Lists to set the privacy for each photo album.
Your profile pictures however go into a special album that is always visible and not just to your friends. The pictures in this album are visible to everyone, publically. When people search for you or look at your basic profile information after seeing a comment or a picture of you tagged in a friends album – they will be able to look at all the pictures you have placed in there.
A good option here would be to create another album called Me and then place a majority of your favourite pictures in there, leaving only one or two in the Profile album. This way you can select who you want to be able to see these and who cannot.
For those that have children or nieces and nephews would do anything to keep them safe from harm, but most people post hundreds of tagged pictures and videos of their kids to Facebook without even giving it a second thought. Some people even go so far as to replace their profile picture with one of their children.
Without scaremongering, probably 4 out of 5 parents posted their child’s full name and exact date and time of birth while they were still in the hospital after delivery. We post pictures of our kids and tag them and their friends, siblings, and other relatives. This kind of information could be used by predators to track your child. They could use your child’s name and the names of their relatives and friends to build trust and convince them that they are not really a stranger because they know detailed information that allows them to build a rapport with your child.
If you must post pictures of your children then you should at least remove personally identifying information such as their full names and birth dates. Untag them in any pictures.
Lastly, think twice before you tag pictures of the children of friends and relatives. They might not want you tagging their kids for the reasons mentioned above. You can send them a link to the pictures and they can tag themselves in place of their children if they want to.
Don’t Reveal Too Much
Be aware of what information you are revealing about yourself.
It’s not just about what kind of pictures you upload, but also what you might not realize is also in them.
We have witnessed thousands of instances where people have posted pics not realizing some telltale secrets were lurking in the background:
- Car reg numbers,
- Bank statements,
- School uniforms,
- Work name tags,
- Usernames & passwords on post-it notes,
- Screenshots of email addresses / email inboxes (showing friends emails, mails from hospital appointments, banks other social media platforms).
All these little things add up. If you have or have had problems with online trolls, cyberbullies, abusive ex’s or stalkers – they can or could have already learned a lot more about you from these points than you ever realized.
Facebook has the ability to use Facial Recognition to detect you in photos and videos. You can turn this off in the Facial Recognition option in the Security Settings.
Prevent Your Pictures Appearing in Advertisements
Have you ever looked at the cropped pictures in the advertisments on the right hand columns in Facebook wondering who those people are or thinking that they look quite hot ? Well, at the moment, Facebook has two types of advertisements: third-party and Facebook. Third-party advertisements are currently not allowed to use your pictures, but there is a setting to disallow it – as it is planned to be offered to advertisers in the future and one day, one of those pictures may well be you. Go to Privacy > News Feed and Wall > Facebook Ads tab and turn this option off.
The Facebook ads shown to your friends are about ‘social actions’ like becoming a fan of something. You can turn this off at the bottom of that page too.
Avoid Phishing Scams
Facebook is a great hunting ground for spammers, scammer & hackers to deploy spam links to appear on the Facebook feeds of users.
The types of link attacks include money scams through direct or indirect requests via Facebook messages, chat and so forth. Phishing links that will redirect you to fake websites are also prominent.
Phishing mails will claim to appear to be from Facebook – when in reality they are attempting to lure you into giving up your account email and password. These malicious links are able to retrieve your personal information or infect your device with malware or viruses.
See What Data Facebook Has On You
Facebook now offers you the option to backup your personal data, dating back from the very first day you created your account.
This means you can download a full history of all your Facebook activity. This can be done by clicking on the gear button located at the top right-hand corner of your Facebook screen, followed by clicking Account Settings > Download a Copy of your Facebook Data.
This should ideally be done on a PC as the size of the archive can be several Gb in size. On a PC also means you can save this and any further backups on your hard drive to examine later.
This data is very complex and details every single Like, Share, Comment, Follow, Friend Request sent and received, picture upload, Group joined, left, App installed, Chat message sent and received, Searches, Pages and Groups you have ever created.
#DELETEFACEBOOK – Deleting Your Facebook Account & Data
After many large data leaks and scandals, many people have looked to delete their Facebook account, but have come to realise that removing your information from Facebook is not quite as easy as it sounds.
While some users have opted to delete the Facebook app and just use Messenger, Facebook also owns Whatsapp and Instagram. So if you also use either of these apps you will have to delete both these accounts and apps too, making it a far trickier process to delete all your data from Facebooks’ grasp.
With Facebook itself you can deactivate your account from the Settings page using the website. But deactivation will retain all your profile information within Facebook, including pictures, friends, etc. If you want to permanently delete your Facebook account, you will have to complete an Account Deletion Form in order to send off a request to Facebook for this to be done.
However, before doing this – we strongly recommend you download a copy of the data Facebook has on you. See our Facebook Data Download Guide here.
There is an unspecified delay between submitting your delete request and actual deletion.
If you log back into Facebook, your deletion request is automatically cancelled.
There doesn’t seem to be any way to confirm that your request was completed.
Even after permanent deletion, Facebook says that copies of your photos may remain on their servers for technical reasons.