Sometimes, news travels quickly. But other times, it takes longer—like, two years. This might surprise you, but the Facebook Cambridge Analytica (CA) data breach is nothing new. We’ve known about it for a while. The subject is gracing headlines again because Facebook suspended the accounts of Cambridge Analytica and its parent company, Strategic Communication Laboratories (SCL), last month.
Prior to 2015, Facebook users could give an app permission to collect information from not just their account, but also from their Facebook friends’ accounts as well. However, that information “came with the stipulation that such data couldn’t be marketed or sold—a rule CA promptly violated,” says Aja Romano in a recent feature for Vox.
Here’s what happened: An app developer named Aleksandr Kogan created a personality quiz app called “thisisyourdigitallife,” that was available via Facebook. It was accessed and used by around 270,000 users. Kogan utilized the “loophole” that allowed users of his app to grant access to their friends’ information, giving him access to data from about 50 million Facebook users.
While Kogan says he’s being “used as a scapegoat by both Facebook and Cambridge Analytica,” there’s no denying that he had access to some pretty significant data. Kogan violated Facebook’s developer agreement when he handed this data over to Cambridge Analytica, who then marketed the data to political campaigns in order to help target potential voters.
What’s the problem?
Cambridge Analytica misused the information gathered from “thisisyourdigitallife” by using it for sales and marketing purposes. Facebook maintains that this is more of a “violation” than a classic “breach,” since the information was attained in a way that Facebook knew about but was used in violation of the terms set forth in obtaining it. No matter what you call it, it’s both scary and frustrating.
How to Protect Your Information on Facebook
If you use Facebook and want to reduce your exposure to future compromises of your account and/or privacy, here are three components to protecting your profile data on Facebook:
1. Safeguard the login process. To add an element of protection to your login process, you can enable two-factor authentication. Once turned on, anytime you (or anyone else) attempts to access your Facebook account from a computer or mobile device that has not previously been used to access it, Facebook will ask you to enter a special code to prove that you’re you. This will help prevent hackers from guessing your password and being able to access your Facebook account. To activate this great feature, log in to Facebook on your computer and do the following:
- Click the downward-facing triangle all the way to the right of the blue toolbar at the top of the screen.
- Scroll down and click “settings.”
- Next, click “Security and Login” on the left sidebar. On the next page, scroll down to the “Setting Up Extra Security” heading and click “Use two-factor authentication.”
- Directly under the heading, you should see that “Two-factor authentication is off.” Click the blue “Set Up” link to the right.
- You’ll see a pop-up that asks if you are sure you want to set up two-factor authentication, click the blue “Enable” button.
- You will then have to re-enter your password and click “Submit.”
Congratulations! You’ve enabled two-factor authentication and must “use a code or security key to log into unrecognized devices.”
The simplest method is to provide your phone number so that Facebook can text you a unique code whenever you log in to an unrecognized device. While this does require giving Facebook another layer of information, it makes it much harder for hackers to gain access to your account.
If you decide to use your phone number for two-factor authentication, all you must do is click the blue “Add Phone” link under the “Use two-factor authentication” heading and add your phone number.
You’ll either confirm your phone number by receiving a text or call. Once you do that, your phone will now be the second factor necessary to gain access to your Facebook account from unrecognized devices.
2. Secure the information visitors to your page can see. Next, you want to limit the information visitors to your page are able to see about you. Here’s how:
- Scroll to “Privacy” on the left sidebar and click. On this page, you can edit who can see your future posts, current posts you’re tagged in, and posts you’ve made in the past. You’re also able to edit how people can find and contact you on Facebook.
- Use the blue links on the right side of the page to edit who has access to the information on your page.
- After you’ve adjusted those settings to your preference, click “Timeline and Tagging” in the left sidebar. This lets you adjust the content on your timeline, the content you can be tagged in, and whether you prefer to review material before you allow it on your timeline or allow yourself to be tagged in it.
Just like the “Privacy” page, use the blue links on the right side of the screen to adjust these settings to your preference.
3. Limit the information you share with apps. Lastly, you’ll want to limit the information you share with apps connected to your Facebook account. As this is the mechanism that allowed the Cambridge Analytica data breach to occur, be extra diligent here.
- Scroll to “Apps” on the left sidebar and click it.
- Once the page loads, you’ll see all the apps connected to your Facebook account. Below the name of the app, you’ll see the app’s visibility on your Facebook account.
- To the right of the app’s name is a pencil icon. Click it to open the app’s settings where you can view the information you’ve provided to the app. You’ll see things like your public profile information, birthday, current city, likes, and other information.
- To the right of this information, you should see a blue checkmark. Click the checkmark to edit whether the app can receive that information.
- Once you’ve adjusted the settings to your liking, click the blue “Save” button on the bottom right.
- If you decide you would like to remove certain apps altogether, click the checkbox next to the app’s name, then click the blue “remove” button at the top of the screen.
- You’ll see a pop up asking if you’re sure you want to remove the app and giving you the option to delete any posts the app may have published on your behalf. Click the checkbox and then click the blue “Remove” button.
- You’ll then see a confirmation message that the app has been removed. Click “Done.”
- If you’d like to go a step further, scroll to the bottom of the screen, where you can adjust how you “interact with apps, websites, and games both on and off Facebook,” your games and apps notifications, as well as “privacy of things you post using old Facebook mobile apps that do not have the inline audience selector, such as outdated versions of Facebook for BlackBerry.”
While the Facebook Cambridge Analytica breach may not be a “breach” in the formal sense of the word, it highlights the fact that we might place too much trust in applications (and companies) that have the power to misuse our information.
The field of information security is constantly evolving, as are the applications and websites we use to connect with friends and share information. Keeping up with trends, breaches, and best practices can be overwhelming, but with managed security services and security consulting from LBMC Information Security, it doesn’t have to be.
Contact us today to learn how we can eliminate the constant stress that so often accompanies a well-managed information security program.