Social media security is a problem.
With 68% of American adults on Facebook and 35% of American adults on Instagram, (not to mention YouTube, Twitter, Pinterest, Snapchat, LinkedIn, and more) social media is a treasure trove of data just waiting to be stolen. When you create social media accounts, you share all manner of data about your life and habits. You share your name, date of birth, email addresses, and phone numbers just to create the accounts. From there your use of the platform provides further insight. Where are you located? What are your interests and hobbies? Where did you go to school? Who are your friends and family? Where do you check in? What websites do you visit? Furthermore, if you’ve ever bought anything via Facebook (like a game), made a donation via Facebook, sent or requested money via Facebook, or have a business ad account on any of the platforms, your financial information could be vulnerable. (They take extra precautions to protect financial information, but no system is perfect.)
Data is Money
This data is valuable, and social media platforms keep it and use it to sell targeted ad space. For example: if you share an Instapot recipe from a cooking Page on Facebook, you’re more likely to see ads from cooking-related accounts in the future. Facebook has learned that you like cooking and keeps that information. As a social media manager, I set up and manage these social media ads for companies all the time. Common variables let us target our audience very specifically. We always identify the age, gender, location, and interests of our potential customers, and that’s just the beginning. We can choose whether we want to target mobile users, computer users or both, people who follow other specific accounts, people who have kids, and so on. Mind you, ad managers don’t see which specific data goes with which specific people. We can’t see if you personally are a Packers or Bears fan, we just set the variables and the platform does the rest.
So social media data is very valuable for the platforms and for the businesses they sell ad space to. But it’s also a treasure trove for hackers. This year, Facebook was hacked via a bug in their system, and the data of over 50 million people was stolen. Facebook claims that no financial data was compromised, but all the above data and so much more, was stolen. According to Karissa Bell of Mashable, there’s been an uptick in the numbers of Instagram hacks this year as well. While Instagram doesn’t harvest as much data as Facebook, it does still collect a lot of valuable information about you, your friends, your interests, and your location.
What do hackers do with this information? Most often, they sell it on the black market. And then what becomes of your data? It is used for a variety of scary things, as explained in this blog by Trend Micro Security, including identity theft, financial theft, spam, and spreading misinformation.
So now that I have you good and scared, considering deleting your social media accounts and living off the grid, let’s talk about what you can do to protect yourself.
- Be vigilant about what kind of personal information you put on social media. You don’t need to share and tag everything. Facebook especially includes “fun” features that encourage you to fill out your profile and share more about yourself, but they also enrich the amount of data Facebook keeps about you.
- Take the time to review and set all your privacy and security settings. Set aside a good hour for this. That may seem like a lot of time, but consider all the time you spend on social media and how much information is out there about you. It’s worth it. There are a bunch of settings, and sometimes they’re quite confusing (intentionally so.) When in doubt, be as private as you can be. Honest to goodness, if you have any questions, drop me an email. I’d be more than happy to help you interpret privacy settings, just ‘cause I’m friendly like that. [firstname.lastname@example.org]
- Set all your accounts to Private/Friends Only. On Facebook especially, your account privacy level should be “Friends Only.” From there, you can choose to set the privacy level of individual posts as you write them by selecting Public, Friends, Friends Except…, etc. If you’re willing to put in a little more time, you can create individual lists of friends with whom to share posts with.
- Be choosy about who you friend. Just because someone was your lunch buddy in 3rd grade doesn’t mean they should have access to details about your private life now.
- Review where you’re “logged in.” Most platforms have a security feature where you can see where you are logged in and on what kind of device. Log out of any inactive sessions or ones you don’t recognize. You may have to dig around in the security settings to find this list. Again, feel free to email me and I’ll point you in the right direction.
- Avoid Facebook quizzes. These are designed with one purpose and one purpose only – to find out if you can identify 50 toys from the 80’s. Kidding. No, it’s to harvest your data. The companies that create them don’t care what color your aura is or what Harry Potter character you are. They want you to click that “Share Results on Facebook” button. That button allows you to share the results of the quiz on your timeline. It also allows them to access your personal information and your friend list. You may remember the Facebook/Cambridge Analytica data harvesting scheme during the 2016 election that provided millions of people’s personal information to Russia. All that information was accessed through a personality quiz. Furthermore, notice that these quizzes usually say that by giving them access, you allow them to post on your timeline. Obviously, they need that permission to post the quiz results. But unless you specifically revoke their access, they continue to have the ability to post on your timeline. I have seen this taken advantage of multiple times. Quizzes are bad news. Just avoid them. But if you simply can’t resist, just don’t click the Share button. Take a screenshot and share that instead.
- Turn on Two-Factor Authentication. This isn’t a perfect solution, but it puts up another wall between you and hackers. It’s like having a deadbolt on your door. It won’t keep out someone VERY determined, but it will make it harder. What is two-factor authentication? When you activate two-factor authentication, you put in your password as usual when you login to your account, but you ALSO have to put in a code which you usually receive right then via text message. There are apps that can help with this process as well, such as Google Authenticator. Once you’ve logged in with your password and the code, the site remembers your device and you don’t have to enter it again. In other words, I don’t have to put in a code every time I open Facebook on my phone. Just once.
Don’t Give Up
I appreciate that this is a lot to take in and act on, and some of you might be saying “What’s the point? My data has probably already been stolen.” But actually, no. Facebook currently has roughly 214 million users in the United States and 1.6 billion users around the globe. While the theft of 50 million users’ data is huge, that still just a portion of the total number of people who use Facebook. If you’re smart about your social media use, you can minimize your own risk. Just like riding a bike, there is no way to mitigate all risk, but you can take steps to keep yourself safe. Wear a helmet.