Mobile Phone

Facebook: Is it time to panic about security?

Facebook has hit the news once again with yet another security breach. This time, the breach was a flaw in the View as... feature built into the platform to give users the ability to see their profiles and pages as another user would see them. It had to do with some combination of settings between this feature and the uploading of videos that gave some hacker access to over 50 million people's data.

News of the breach is EVERYWHERE! There is even a public statement about it on the Facebook site.

To be honest, I'm not surprised this has happened. As much as people like to pretend otherwise, the internet and social media are still new technology. Yes, sites like Facebook have been around for a while, going public in 2004. However, what Facebook looked like in 2004 is NOTHING compared to what it looks like today. Social media as a whole is dramatically different. Same too with the internet.

More and more people are joining the world of the internet. For much of the Western Society, it has become a massive part of our lives. My children are now required to sit certain school exams or submit assignments online. This is the world we now live in.

With the changes in the world, we were bound to face issues surrounding privacy and security. The question is: is it time to panic?

In a one-word answer: No.  In a longer answer: No, but it is time to examine our practices and take steps to protect ourselves.

Here is a list of steps you should take to protect yourself on the internet, not just Facebook.

1) Accept the truth: you can't stop a determined hacker.

Let's start by being realistic. If someone really wanted to hack into your systems, they will. There is NOTHING you can do to stop them, especially the good ones. Banks and governments hire skilled hackers to deliberately find the holes in ANY security system and exploit the defects. This is their job, and they're good at it.

So, everything you do is not about trying to stop the professionals. It's about trying to stop the wannabes.

2) Look at what accounts you have.

Take a look at what internet-based accounts you have and ask yourself one simple question: do I still need this account?

Some of us have accounts that go back donkey's years. However, does that account that you have been using since you first joined the internet world still serve a purpose that your other accounts don't? Is there a different service you could use that has better security and features?

Example: Yahoo... Well, I know a large number of people who still have a Yahoo account. I know I had one at one point. However, for some, they joined Yahoo to gain access to the discussion forums there. For the most part, those discussion forums have been abandoned in favor of other systems. Many groups have actually moved to Facebook. Whether this is a good thing or not remains to be seen, but I understand the logic.

(Disclaimer: I'm not saying that people should delete their Yahoo accounts. What I'm saying is that you should ask yourself if accounts you have are still serving the purposes for which you got them.)

If you have ANY account that you haven't accessed in over a year, then you need to examine why you still have that account. Any inactive account is actually a security risk.

If you decide to keep those old accounts, for whatever reason, double check ALL the security setting options. New settings are often introduced, and you could be grandfathered into old settings that could be putting you at risk in other ways. (I'll revisit this point below.)

3) Change your passwords.

How many of you use the same password for everything? Be honest. There will be many out there who know this is wrong, yet they do it anyway.

We should use different passwords for everything, but we don't, because honestly, who can remember all those passwords. I certainly can't. In fact, I keep a database of my passwords, so I can look up the random combination that I've used for whatever site I happen to have a login for. It contains nearly 100 different logins. There is no way I can remember all of that.

But here's the thing... each is different. If one is hacked, then I have time on my side to get in there and change the passwords.

I can hear you asking: what if my database is hacked? Well, certain passwords are NOT in that database. The passwords that I force myself to remember are for bank accounts, taxes, and the encrypted password for my password database, etc.

The frequency at which you change your passwords... Well... Some will say every week. Others will extend that up to every few months. Me: if you haven't changed your password in over a year, perhaps it's time to do it.

4) Check the passwords stored in your browser, or auto-login devices (i.e. mobile and tablets).

Okay, time to be honest again. How many will let their browsers store their passwords to the various sites that they login to? ME! Yeah, I'm guilty of this one in a big way. I don't need to remember my Facebook or Twitter password, because my browser does it for me. My phone automatically logs me in.

Remember that database of passwords I was talking about before. This is why I have one. Because I, like so many others out there, am lazy and lets the computer do the remembering for me. However, certain sites...

NEVER store the passwords for your bank, taxes, or any other vital system in your browser. This includes sites like PayPal. That should be a "Never for this site." The password for your core email address is a dodgy one, because if you're like me, you have an email editor program that automatically checks your emails ever-so-often.

Go through your stored passwords and clean out the ones that really shouldn't be there. If you want to start fresh, the next time you clear your cookies, also clear your password database from your browser.

This brings me to the next one...

5) Clear your cookies and cached pages regularly.

InternetCookies are little packets of data that are sent through the internet and deposited onto your computer to help enhance your browsing experience. These are typically harmless, settings that remember if you've clicked the "I accept" to the privacy policy banner that seems to be on so many sites these days, and the packets that actually keep you logged in to systems like Facebook, Google and Twitter, even after you close down your computer; however, some do a little more than that. I'm not entirely sure what they all do, but for the sake of system performance, you need to clear your cookies frequently.

Cached pages are different to cookies, wherein these are copies of the core elements of certain websites, so the pages load faster. Well, sometimes, cached pages can have the opposite effect and slow your browser down.

I will clear my cookies and my cached pages at least once a month. Sometimes, I'll do it once a day. It all depends on what I'm doing and how much of a frustrating beast my internet is becoming.

BTW, I also recommend resetting your internet routers frequently too—turning them off, waiting a few seconds, then turning them back on again. If too many people are downloading things through your router, sometimes the router can get a little grumpy and slow everyone's internet down.

6) Have an administration email that is connected to your social media separate from your general communications email.

I have written about the concept of having different emails for different purposes before. Not only does it save you from going crazy with all the email that one can get, but it also protects your butt.

Let's say that your Facebook was connected to your email that you use for everything: your bank account, your taxes, your children's school, etc. Well, this latest breach in Facebook, or any number of the other ones, would mean that the hacker has just gotten your email address, putting other things at risk. Not to mention that the hackers could also be targeting all your friends whom you have the contact details for stored in your address book for your email.

Solution: have an email account that is dedicated to the administration of social media accounts. DO NOT use this account for general communications. Keep it as secret as possible, and make the password to that email account distinctly different to EVERYTHING else you have.

If you want to know more about the types of email accounts I recommend for writers, check out this post.

Save Me From Spam Hell

The email inbox of a writer can quickly become a nightmare. Important emails can become buried. Here's how you can fight the email crazies.

7) DO NOT login to other systems using your Facebook, Twitter or Google logins.

With all the Facebook breaches lately, you would think this would be a given, yet, it's still a common practice that many internet users have.

It doesn't matter what the system is: login using your email.

This is where is my advice can be a little confusing. If your email account is a Gmail account, logging in via your email is DIFFERENT to logging in via your Google login. Here's why...

When you login using Google, the system will temporarily take you to a Google window where you enter your Gmail address and your password to get into your Gmail account. However, if you login using your email, then you are taken to a login screen where you enter in your email address (which might very well be your Gmail address) and a password that is unique to the site you are logging into. If that site is hacked, they have your email address, but NOT the password you use to get into your email.

Do you see the difference?

This particular practice will be your biggest saving grace if your accounts are ever hacked. Because the logins are isolated, your accounts are isolated. You might link your accounts together within the program (my Instagram is linked to Facebook, and my WordPress websites are linked to various social media), but they are still isolated.

Before you hit that Login using... button, stop and think about what you are doing. Unless there is a specific reason why you need to do that, you could be putting yourself at risk.

8) DO NOT allow social media apps to connect to your phone's contact list.

Do you remember the breach that Facebook experienced earlier this year, where people who weren't even on Facebook had their personal contact details leaked? Well, this is how it happened.

It was the default setting for the install app on Android: import phone's contact details and find Friends.

This was bad news in a big way, and when the breach was announced, I, like so many others, was horrified. I spent countless hours cleaning out my Facebook on all of my devices. The moment my husband got home, I insisted that he do the same and talked him through the process. My son just passed me his computer and I did it for him, and my daughter at the time didn't have Facebook. (She does now, and you don't want to know the trouble she got into when she hit the OK button without understanding exactly what it did.)

If you still haven't disconnected your phone's contact list from Facebook, this post will guide you through the process for both Android and iPhone. The apps have been updated since that post was written, so some of the images might be a little out of date, but the features are still there. Protect yourself and your friends.

Facebook Settings They Forgot About

It's not surprising that people are all up in arms over the privacy breach by Facebook; however, permission to access contact details was provided in installed apps. But not all hope is lost. Here's how you can change it, and remove your contracts list from Facebook, without uninstalling the apps.

9) Review your security and privacy settings EVERY time that there is a system update.

Around the time of the Zuckerberg hearings (April 2018), Facebook went on the defensive and put out update after update, each with a new set of security settings. I can guarantee that after the latest breach, there will be another round of app updates. However, what people don't realize is that they are grandfathered in to using old settings. New accounts might get the new settings, but on old accounts, you need to go and choose them. (Even on new accounts, you'll need to opt in for certain settings, because the developers might not see the reason for having it another way.)

On Facebook, security features now include who can see your Friends list, who can find your Facebook profile by way of your phone number or email, who can send you a Friends Request, among other things.

The default setting on new accounts for "who can see your Friends list" is Public. No one needs to see who you're Friends with on Facebook. It's no one's business. However, do keep in mind that if your Friends haven't locked their accounts down and made their Friends list private, then anyone who goes to your profile will be able to see the mutual Friends. So, encourage your Friends to lock their accounts down too.

Note for Parents: You can specify a special category of "Friend" as a "Parent" and have your children share their Friends list with only those listed as a "Parent" on their accounts. This is what I have done for my 13-year-old daughter. I'm the only one, besides her, who can see her Friends list.

Finding your profile via your email or phone number... Umm... People, you have something call a phone directory. I know it might be old technology, and not many people use them anymore, but phone directories in New Zealand are actually listed on the internet. If your contact details are listed in that PUBLIC directory, guess what... Anyone can get your phone number. Depending on your phone provider, your email might be listed there too. If you allow ANYONE to find you on Facebook using your email or phone number...

Maybe I spend way too much time in the head of a bad guy, but if I can see the danger, I can guarantee that some REAL bad guy is actually doing this. Scary thought, huh?

And those Friend Requests... Delusions of Grandeur time. I don't want just anyone sending me a Friends Request. I want them to LIKE my page. Need I really say more?

Note for Parents: The default setting on new accounts for "who can send Friends Requests" is Public for a reason — so you can find the account and actually have at least one Friend before you lock the account down. Upon creating an account for your teenage children (minimum age for Facebook is 13), I recommend that you Friend your child BEFORE you lock the account down to the setting of "only Friends of Friends can send Friend Requests". That way, only your Friends can find your child. Then it will snowball from there.

Yet, Facebook is NOT the only social media platform that is constantly updating their apps and security settings. Twitter is just as bad. And LinkedIn.

Did you know that on LinkedIn, the default setting shares your contact details with your network? On LinkedIn, the definition of a network is up to 3 degrees of separation from your connections. So, let's say you have 5 connections, and each of those connections have 5 connections, and each of those connections have 5 connections, and each of those connections have 5 connections... That's a lot of people who have access to your email and phone number by default.

With any security or privacy setting, there will be positives and negatives. If you know the risk you're taking by using a particular setting, then you have made an informed choice. It's when you don't know that I have a problem.

10) Review what you are posting and where.

Before you get all up in arms about the breaches on Facebook, take a look at what you are posting on Facebook. Look at what you put out there on Twitter. What are you posting on your blog?

I've said it before, and I'll probably say it again: don't blame Facebook for sharing data that you already share.

Don't blame Facebook for what YOU share.

Facebook & Zuckerberg have found the news again, but before you complain about Facebook sharing data, take the time to look at your settings and posts.

11) Think, before you act.

In the wake of the latest breach, there will be people out there who will be deleting their accounts off Facebook in the vain attempt to protect themselves. I say vain, because if it wasn't Facebook, it would be some other platform.

As I said at the beginning of this post, there is NOTHING you can do to stop a determined hacker. The internet has become this huge beast that all of us use, yet we know so little about it. We rely on computer programmers to protect us, but the security of ANY platform is only as good as the hacker who tested it. A new security feature comes along, and it's time for the next hacker to do what they do best.

Before you go and delete any of your accounts, think about why you got those accounts in the first place. What will you be losing if you just walked away?

Will I disappear from Facebook? Hell, no! In just the last month alone, through my interactions on Facebook and other social media, I've obtained a new client, I've been given the opportunity to become a paid science writer, I've gotten advice about various podcasting services, and I've managed to make a fellow writer feel good about the really shitty rejection that she recently received. And most of that was through Facebook.

Without social media, I wouldn't have a business (spreading the word of this site would be a nightmare), I wouldn't have obtained a traditional publication contract, I would still be writing on my own with no input from other writers. And Hidden Traps wouldn't exist.

You can be safe in your online activities. It's nothing to be scared of. As long as you take some simple, easy-to-manage measures, you can have a rewarding experience.

Help is at Your Fingertips

Learning to protect yourself online can be overwhelming, but help is literally at your fingertips. Black Wolf Editorial Services offers coaching services to help writers gain control over their online presence. These include assessments of your current website design and functionality, as well as mentoring packages, so you can learn how to use certain systems for yourself.

These packages are NOT for web design or social media management. We will not build your website for you or run your social media on your behalf. However, we will guide you through what you need to do, so you can manage your online platform for yourself. We want to empower you to take control over your own online platform.

However, if you are struggling with the financial side of things, there is a cheaper option. The book Hidden Traps: A Writer's Guide to Protecting Your Online Platform by Judy L Mohr provides a quick overview of various components of an online platform and how you can protect yourself and your reputation.

Hidden Traps of the Internet (Judy L Mohr)

Hidden Traps of the Internet (Judy L Mohr)

Building an online platform is an overwhelming and daunting task, with many pitfalls and horror stories surrounding the internet. It’s not surprising that many writers shy away from online activities, putting that online presence into the do-it-later category. But to survive in today’s publishing industry, a writer needs to be online.

This book focuses on how to build an online platform in a safe manner. Judy talks you through the various components of an online platform, showing you the tricks to staying safe online, carving out your own little corner of the internet while building that author platform.

More info →


P.S. I'd love to meet you on Twitter or Facebook.

If you enjoyed this post, please consider sharing it on Facebook, Twitter or Google+ below. You can read other posts like it here.

© Copyright, Judy L Mohr 2018

Posted in Facebook, Hidden Traps, Social Media, Writer's Platform and tagged , , , , .

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.