Posts

Facebook Data Breach: 3 Things to Do Now

facebook-app-results-matter-cloud-services-source-pixabay-lobo-studio-hamburg

The security breach was announced on September 28 by Facebook and affected at least 50 million users. The attackers exploited bugs in the platforms “View As” privacy feature, which occurred in July 2017, when Facebook introduced a new video uploader.

The uploader feature appearing as active in the “View As” feature and created an access token, which was not supposed to happen. Access tokens provide a key to keep users logged into their accounts and to provide access to other platforms. This is a convenience to reduce the need to enter login credentials.

What to do now? Reconsider the use of the Facebook login feature. Using the login feature of platforms or reusing the same password across various is not work the risk taken for the small amount of convenience.

Check your privacy settings and credential recovery options on Facebook and your other platforms. Ensure you know how they are configured and update them. Facebook had a security update post in their developer’s blog suggesting user visit the “Security and Login” tab on the sites settings menu to review platforms connected through Facebook.

Change your password to something hard to guess and unique.  This breach apparently did not get passwords but access tokens instead. It will do no harm to update your password on Facebook and your other platforms.

Enable 2FA (two-factor authentication) using a third party app like Google Authenticator or Authy, both of which are free. Two-factor authentication requires you do something to verify identify beyond supply a password. There is the option to receive an e-mail or text message but using an app may reduce the risk from the 2FA messages being intercepted.

Turning on notifications for every login to your accounts across platforms could seem like over kill, in the beginning. It does settle down once you establish the pattern of where and when you login. Knowing that helps to keep you informed.

Sources

  • https://www.darkreading.com/threat-intelligence/when-facebook-gets-hacked-everyone-gets-hacked/d/d-id/1332953
  • https://www.fastcompany.com/90245345/facebook-data-breach-4-simple-steps-to-stay-safer-right-now
  • https://www.fastcompany.com/90219499/att-gets-sued-over-two-factor-security-flaws-and-23m-cryptocurrency-theft
  • Image: Pixabay, LoboStudioHamburg

Privacy Settings Keeping Users Safe

Mobile device with social icons in front of keyboard.      “Click yes to submit your information.”

This is a common sentence read on most social media platforms, regardless of how often you sign in. It can be scary to users, not understanding just exactly how privacy settings work.

People have, in a sense, all but signed their life away to these online platforms. For all those who don’t seem to care about the privacy settings, there are many more who do.

You often hear of a data breach and wonder if you should be cancelling your credit cards, or worrying about a stolen identity. With so much news circling through the media it can be overwhelming. Especially if you don’t understand what to do to keep yourself safe.

Platforms like Facebook, or even Google to some extent, aren’t nefarious in nature. The goal isn’t to convince you to sign up and sign over all your private information. The site algorithms are designed to make a user friendly feed that gives you exactly what you want, be it fitness ideas, food recipes, or simply an add for that perfect car you’ve been searching for online.

By signing up for these platforms, you are giving the providers permission to use your personal data in any way they see fit. This doesn’t mean you have to stop using Facebook. Personally, it is a great tool to use for business outreach, communication with family and friends, and many other more mundane research; but it is a tool that should be used with caution.

Here are a few tips, for those who enjoy the use of social media, to keeping your personal and private life just a bit more secure:

  1. Restrict your personal information – any personal information online can be used. It’s public and anyone will see it as such. A birthday or birthplace can be used to access accounts, or that post saying you’re away traveling could be a perfect in for thieves looking to score.
  2. Control what strangers see – the more available information for those not in your friends list, the more vulnerable you become. Simply restricting your settings can be a sigh of relief.
    You can do this by going to Settings and Privacy and go to “Who can see my stuff?”
    As you play around with your settings you can always preview your profile to get a good idea of just exactly what it is you’re sharing.
  3. Control what friends see and do on your page – Strangers are one thing, but you can control what happens between you and your friends as well. When posting and reposting, there are options to show the public, only those on your friends list, close friends, etc. This gives you complete control on who can comment, share, or interact with your information. All this can be done on each individual status alone, or through Settings and Privacy as well.
  4. Disable Location Tracking and be careful of interaction with third party apps – Every interaction with any app that links through Facebook is just another way that your information is being constantly collected. Once again, through Settings and Privacy, you can check off which apps you are okay with, and which ones you want to disable.

Facebook is constantly updating it’s features, and how it interacts with you. It’s important to not only monitor the things you share, and those who get to see it, but also that the settings you’ve put in place haven’t been disabled. Familiarizing yourself with all privacy settings allows you to understand, to a greater extent, what is being put out into the interweb. It allows you to control it also.

How Facebook’s Annual “Hacktober” Campaign Promotes Cybersecurity to Employees | hbr.org

With a month of security competitions, games, and T-shirts. “Build and maintain a security conscious culture”.

Not only will it help train your employees on cyber security but it will also help with employee engagement. Engaged employee = more productivity. 

Most importantly, use an approach that fits your culture, recognize and reward engagement, run real-world security tests, bring people together, and keep it fun. See how Facebook does it.

Source: How Facebook’s Annual “Hacktober” Campaign Promotes Cybersecurity to Employees