Information shared by you on Social Media, Typical examples of information people share on social media :
It is recommended being careful about with the amount of information you share about yourself and with whom you share it. Without strict privacy settings anyone can see your Facebook profile information. In particular check that your telephone number is not viewable by the public. Also your address should not be on Facebook. This information is already known by friends and family. All users should read and implement the Facebook settings shown in the next following sections.
These sections outline where these settings are located and outline the main areas where security setting should be implemented
The main settings menu for Facebook is located in the top left of the screen. This is where you will access all the security related settings for your account.
It is recommended that users access the “Settings” screen and begin a security audit of their account.
In the first section we can change the name associated with the account. This can be any name and does not have to be your real name.
It is recommended that you choose a nick name that people who know you call you in real-life.
When posting comments in public forums online, people sometimes choose to remain anonymous and use an online “alias” or pseudonym. This same strategy can be used on social media. Only those close to the person may be aware of the name used as an alias.
This is the name that appears on your timeline.
This makes it easy to find an account belonging to someone if they are using their name as their Facebook name.
In “General Account Settings” the “user name” of the account can be changed to be different from the Name.
It is recommended that you choose a name that people who know you are familiar with.
This screen allows setting or updating the Facebook password.
A strong password should be at least 8 characters using numbers, letters and symbols. It should not contain common dictionary words such as “password” or keyboard sequences like “qwerty” or “abcd1234”.
It is a good practice to use a different password for each social media account / email account. If the same or a similar password was used for all accounts then if one account were to be compromised all others could then be accessed.Recommendation
It is recommended to set a strong password, changing the password on a regular basis and not reusing passwords from other sites.
It is also important that this password is kept in a secure location and is not shared with a third-party.
It is important to log out of social media. A third-party could gain access to your social media / email account if you have left your account open and the computer is accessible to others.
When you use a computer to sign-in to social media you will stay logged in to that account until the browser is closed.
If you do not log out of facebook.com or choose to let your browser remember your password for social media, anybody with access to your PC can then access your facebook page by typing facebook.com.Recommendation
On a third-party computer or work computer to :
To lock the screen press ‘Windows key’ and L. Personal computer
Facebook will keep you logged in to a browser until you actively logout. This is due to small files called “cookies” which are placed in your browser by the websites to help them identify you.
What this means on a site like Facebook is that anybody with access to your PC will connect directly to your Facebook account when they launch the web browser and type in Facebook.
There are a number of methods to ensure your Facebook account does not stay logged in after you close the browser.
Method 1 Logout of Facebook every time you are finished browsing. To do this click “Settings, Log Out”.
Method 2 - Use private browsing options.
This will stop the browser storing your login information and cookies. This is also the recommended way to access Facebook or when using a third-party PC such as a friends or work PC.
Private browsing in the Firefox browser is accessed with the browser menu option New Private Window.
This setting allows you to choose your primary contact. This can be a phone number or an email. There is also an option to allow friends to include your email address in their download information.
It is recommended that you unselect “Allow friends to include my email address in Download Your Information”.
Select to get a text to your device when your account has been accessed from an unknown device.
It is recommended that you choose to get notifications when you device has been accessed from an unknown location and that the notifications are sent to your mobile. It is important to check that the mobile number is your current daily mobile number.
Facebook allows you to enable “Login Approvals”. This is commonly known as Two Factor Authentication. It is also known as 2 Step Authentication. It is used as a second layer of authentication.
What this means is that after entering your usual Facebook password from a new browser or device you will be also asked for a second code.
There are generally 3 options when using 2FA
It is recommended to enable “Login Approvals”. The option to receive a text to your phone is the easiest method for most people to setup.
Facebook has a setting for recognised devices. You won't get notified or have to confirm your identity when logging in from these devices. Typically, your mobile phone is in this list.
It is recommended reviewing the “Recognised Devices” panel and making sure that any old mobile phones, tablets or PC’s are not in the list.
It is possible to review what devices you are currently logged in to. Facebook has a setting to remotely log out from Facebook on these devices by selecting end activity. This screen also shows the previous logins on other devices. The location of the login device is also shown. In this case, the Facebook user is logged in in both USA and Ireland.
To access this screen, select Security Settings, Where You’re Logged in.
It is recommended that you review the “Where you’re logged in” screen on a regular basis. Select “End Activity" for all devices that you do not own or use. You would be typically logged on a phone and also the PC that you are accessing this screen.
Take note of the locations where the account was accessed and review if they are locations you are familiar with as this could give an indication to you that a third-party has accessed your account.
It is possible to use your profile picture to login to Facebook on you current PC and browser. This option is for a shared trusted PC. If this option is selected, anyone with access to your PC and browser could access your Facebook account by clicking the profile picture in the browser. It is best to disable this option.
It is recommended that recommends turning off profile picture login on your account. This is accessed through Security Settings, Profile Picture Login.
Who can see my stuff
Who can contact me
Who can look me up
It is recommended that reviewing each of the settings in “Privacy and Settings” and making sure that “Friends” is selected as the default option. In particular, check that your telephone number is not viewable by the public.
You name could appear in a google search as a result of information you have made public on Facebook. This feature is more appropriate to a special Facebook page created for an event. It is best not to enable this feature for a normal user.
It is recommended that turning off the feature that allows search engines outside of Facebook to link to your profile. This setting is in “Settings, Privacy”.
By default in Facebook, friends and family can share information about you. This can include personal photographs, photographs you are ‘tagged’ in and personal information such as relationship status.
Friends and family can ‘tag’ you in their personal photographs. This can personally identify you to third-parties with access to social media pages of your friends and family.
This menu screen allows you to edit settings related to your Timeline and being “tagged” in photographs.
It is recommended reviewing the Timeline and Tagging options. The least privilege option should always be chosen. Either chose “Only me” or “Friends”.
The options for “Review post friends tag you in before they appear on your Timeline” and “Review tags people add to your own posts before the tags appear on Facebook” should be enabled.
With the Blocking menu, there is a list of options to restrict or block access to your posts.
It is recommended that the blocking feature is used for any contacts who have contacted you but that you do not know. The person will not know that they have been blocked.
There is a feature on this screen to remotely logout of the Facebook app on your phone if it is lost. This protects your account from unauthorized access.
There is a setting for using a PIN when accessing Facebook on a mobile. If you enable this feature, you need to prefix every status changing and friend adding text you send to Facebook with your selected PIN. This is to make sure that others will not have access to your account by spoofing your phone number or borrowing your phone.
It is recommended that this “Mobile PIN” feature is turned on. The PIN should be at least 4 digits in length.
People who can see your information can bring it with them when they use apps. This information includes if you are online, posts on your timeline etc.
It is recommended that the categories of information shared is limited to the least privilege allowed. In Settings, Apps, Apps Others Use users can select what categories of information is shared.