Category Archives: Social Media Security

Facebook Security – New Options explained

You may have heard about the recent Facebook security news mentioning that founder and CEO Mark Zuckerberg’s account was hacked and an unauthorized message was posted in his name. He got off easy on the message if the story in the movie The Social Network is accurate but you may be wondering, how did his account get hacked?

As you might expect when the boss gets hacked the employees scramble to pick up the pieces and stop that type of embarrassment from happening again. Soon after Facebook announced security enhancements that all users of the site should consider implementing right away.

Facebook Security Change #1 – Secure Connections to Facebook using Encryption (Https)

The going theory is that Zuckerberg’s account was hacked because he logged into his account via an insecure connection and his login information was intercepted. Implementing encrypted connections to Facebook. Facebook users had always previously connected to the site over unencrypted logins so this is a long overdue change to improve Facebook security.

How to implement Facebook secure authentication

While logged into Facebook go to Account Settings > Account Security and check the box that says Browse Facebook on a secure connection (https) whenever possible

Facebook offers a disclaimer that this may slow your connection to Facebook down but it is an important step to take especially if you frequently log into facebook while away from home on untrusted networks.

Facebook Security Change #2 – Account Activity Tracking

Account activity tracking is Facebooks method to track what type of device you are accessing Facebook with and to provide a notification mechanism when a new device type/location is being used to access your account. These alerts can be configured to send you a text message or email when a new device accesses your Facebook account.

How to check Account Activity Tracking

While logged into Facebook go to Account Settings > Account Security and review your Account Activity. If you notice an unauthorized connection you also have the ability in this area to terminate the connection (and it would also be advisable to change your password at the same time in case there is a problem)

The encrypted login security setting was long overdue but I view the 2nd Facebook security setting as a really nice feature that many online banks do not yet even offer (even though they should be).

Facebook Security Tips – How To Stay Secure while using the largest social media site

A recent article I read stated that nearly 7% of the world’s population is currently utilizing Facebook. That fact comes as no surprise because Facebook is a convenient way to stay in contact with friends and family, spend some downtime, or for businesses a   growing avenue to market products and interact with new and existing customers. But what are the information security risks you should consider when using Facebook? Many of the information security risks you face while using Facebook are equivalent to those you face while doing general web surfing or using email so everything you read below won’t be unique to Facebook but should serve as a good reminder.

Top 10 Facebook Security Tips

1. Do not click on links or emails that look suspicious Facebook has the largest dedicated user group on the planet and that makes them an attractive target for all types of spammers. The spammers goal might be to sell you a product, steal your credentials, or infect your pc. Use good judgement to avoid email and link scams to keep yourself protected and notify friends or colleagues if you have reason to believe their account may have been compromised by spammers.

2. Use a unique password to access Facebook

Do not reuse passwords on multiple sites especially for sites that you consider important. The Gawker password loss incident (among other notable events) helps highlight the potential risk that a site you utilize less frequently might compromise the security of sites that are more important to you. Mitigate this risk by using unique passwords for sites that are most critical to you.

3. Select a strong password that can not be easily guessed

A lot of the information we post on Facebook is a rich source for potential password guessing and identity theft. Until we reach the days of stronger authentication using good password management practices is key to keeping your account secure.

4. Implement general information security controls for any machines that will be accessing Facebook.

All of the standard PC protection mechanisms including patches, updates, anti-virus and firewall protection are required to help secure your machine and the accounts that you access. These controls give you additional protection to prevent or detect problems before they do serious damage.

5. Avoid logging into Facebook on shared PCs or machines you do not own

It may not be convenient if you want to quickly check Facebook or your email while on vacation or at a friend’s house but you can not be confident of the security of a machine you do not control. Your credentials could be cached or recorded in a hidden keystroke logger leaving you vulnerable to account abuse. It is preferable to check your accounts on a mobile device you own vs. resorting to utilizing a machine you can not vouch for.

6. Be careful about utilizing insecure wireless hotspots

The information you send could be intercepted so it is wise to stick to utilizing trusted networks. If you do use an untrusted wireless hotspot it is a good idea to change your password once you return to your primary location.

7. Recognize Facebook information can be used by identity thieves and other agencies

Identity thieves have begun to mine Facebook for information to aid their schemes. A lot of this information involves maiden names, former addresses, and relations to family members all of which could be available via Facebook. This is especially a risk if you have an extensive group of friends or are quick to approve new requests. If you have a wider network consider separate Facebook accounts to segment the information you share and lower your risk.

8. Facebook ads or applications may contain malware

Be selective about which ads you click on and which applications you install. Just because these ads and applications are available via Facebook does not mean Facebook the entity vouches for their security.

9. Monitor your account and take action if you notice a problem

Many people fail to act even if they notice a problem or if someone reports an issue to them. Be a responsible user and quickly follow-up to address any security issues so you are not a source of spam or malware to friends or colleagues.

10. Consider the appropriateness of information you are posting

Once you post information there could be instantaneous eyeballs and replies plus an archived copy of your post somewhere on the web so be sure to use good judgement before posting and make sure information you share is in line with the image you are trying to maintain.