A recent article I read stated that nearly 7% of the world’s population is currently utilizing Facebook. That fact comes as no surprise because Facebook is a convenient way to stay in contact with friends and family, spend some downtime, or for businesses a growing avenue to market products and interact with new and existing customers. But what are the information security risks you should consider when using Facebook? Many of the information security risks you face while using Facebook are equivalent to those you face while doing general web surfing or using email so everything you read below won’t be unique to Facebook but should serve as a good reminder.
Top 10 Facebook Security Tips
1. Do not click on links or emails that look suspicious Facebook has the largest dedicated user group on the planet and that makes them an attractive target for all types of spammers. The spammers goal might be to sell you a product, steal your credentials, or infect your pc. Use good judgement to avoid email and link scams to keep yourself protected and notify friends or colleagues if you have reason to believe their account may have been compromised by spammers.
2. Use a unique password to access Facebook
Do not reuse passwords on multiple sites especially for sites that you consider important. The Gawker password loss incident (among other notable events) helps highlight the potential risk that a site you utilize less frequently might compromise the security of sites that are more important to you. Mitigate this risk by using unique passwords for sites that are most critical to you.
3. Select a strong password that can not be easily guessed
A lot of the information we post on Facebook is a rich source for potential password guessing and identity theft. Until we reach the days of stronger authentication using good password management practices is key to keeping your account secure.
4. Implement general information security controls for any machines that will be accessing Facebook.
All of the standard PC protection mechanisms including patches, updates, anti-virus and firewall protection are required to help secure your machine and the accounts that you access. These controls give you additional protection to prevent or detect problems before they do serious damage.
5. Avoid logging into Facebook on shared PCs or machines you do not own
It may not be convenient if you want to quickly check Facebook or your email while on vacation or at a friend’s house but you can not be confident of the security of a machine you do not control. Your credentials could be cached or recorded in a hidden keystroke logger leaving you vulnerable to account abuse. It is preferable to check your accounts on a mobile device you own vs. resorting to utilizing a machine you can not vouch for.
6. Be careful about utilizing insecure wireless hotspots
The information you send could be intercepted so it is wise to stick to utilizing trusted networks. If you do use an untrusted wireless hotspot it is a good idea to change your password once you return to your primary location.
7. Recognize Facebook information can be used by identity thieves and other agencies
Identity thieves have begun to mine Facebook for information to aid their schemes. A lot of this information involves maiden names, former addresses, and relations to family members all of which could be available via Facebook. This is especially a risk if you have an extensive group of friends or are quick to approve new requests. If you have a wider network consider separate Facebook accounts to segment the information you share and lower your risk.
8. Facebook ads or applications may contain malware
Be selective about which ads you click on and which applications you install. Just because these ads and applications are available via Facebook does not mean Facebook the entity vouches for their security.
9. Monitor your account and take action if you notice a problem
Many people fail to act even if they notice a problem or if someone reports an issue to them. Be a responsible user and quickly follow-up to address any security issues so you are not a source of spam or malware to friends or colleagues.
10. Consider the appropriateness of information you are posting
Once you post information there could be instantaneous eyeballs and replies plus an archived copy of your post somewhere on the web so be sure to use good judgement before posting and make sure information you share is in line with the image you are trying to maintain.