March 2018 – Privacy and Security on Social Media



What are we worried about? Identity Theft!

  1. You don’t want somebody else passing as you when they post
  2. You don’t want somebody else passing as you when they send emails
  3. You DEFINITELY don’t want somebody else passing as you when they buy things or trade on your investment accounts!

General Tips

Gaga  Sisterhood (a site for grandmas!) recommends:

Use caution when you click links that you receive in messages from your friends on your social website. Treat links in messages on these sites as you would links in e-mail messages.

Know what you’ve posted about yourself. A common way that hackers break into financial or other accounts is by clicking the “Forgot your password?” link on the account login page. To break into your account, they search for the answers to your security questions, such as your birthday, hometown, high school class, father’s middle name, on your social networking site. If the site allows, make up your own password questions, and don’t draw them from material anyone could find with a quick search.

Don’t trust that a message really is from whom it says it’s from.Hackers can break into accounts and send messages that look like they’re from your friends, but aren’t. If you suspect that a message is fraudulent, use an alternate method to contact your friend to find out. This includes invitations to join new social networks.

To avoid giving away e-mail addresses of your friends, do not allow social networking services to scan your e-mail address book. When you join a new social network, you might receive an offer to enter your e-mail address and password to find out if your contacts are on the network. The site might use this information to send e-mail messages to everyone in your contact list or even everyone you’ve ever sent an e-mail message to with that e-mail address. Social networking sites should explain that they’re going to do this, but some do not.

Type the address of your social networking site directly into your browser or use your personal bookmarks. If you click a link to your site through e-mail or another website, you might be entering your account name and password into a fake site where your personal information could be stolen.

Be selective about who you accept as a friend on a social network.Identity thieves might create fake profiles to get information from you.

Choose your social network carefully. Evaluate the site that you plan to use and make sure you understand the privacy policy. Find out if the site monitors content that people post. You will be providing personal information to this website, so use the same criteria that you would to select a site where you enter your credit card.

Assume that everything you put on a social networking site is permanent. Even if you can delete your account, anyone on the Internet can easily print photos or text or save images and videos to a computer.

Be careful about installing extras on your site. Many social networking sites allow you to download third-party applications that let you do more with your personal page. Criminals sometimes use these applications to steal your personal information. To download and use third-party applications safely, take the same safety precautions that you take with any other program or file you download from the Web.

Think twice before you use social networking sites at work, and be sure to talk to your kids and grandchildren about exactly what avenues you are accessing!

Express  VPN , a company that markets virtual private networks, adds:

1. Question your need for smart devices

Dr. Mark Burdon, a senior lecturer at the University of Queensland’s TC Beirne School of Law and co-inventor of the term “sensor society,” questions the need for all our smart gadgets, saying:

“Ask yourself: Do I really need to have a device that connects my fish tank or my toaster or my child’s toy or my light bulb, etc. etc. with my Wi-Fi or smartphone? Be aware of what you bring into the home and the risks of doing so. The best cybersecurity practice in that sense is to mitigate the risk before it emerges.”

2. Protect your logins

World-renowned cryptographer and security technologist, Bruce Schneier, was straight to the point: “Enable two-factor authentication wherever possible. And maintain good backups”.

3. Privacy is not just for home

Our own security expert, Lexie, has some advice for those of us that dare leave our devices and venture out in public.

“Wear a hat.”

“I’m not joking,” she continued. “Hats will keep CCTV cameras and satellites from spying on you.”

4. Change your social media privacy settings

Seems obvious this one, but many people have committed—and been stung by—a social media faux pas. But it’s not just a righteous angry mob or offended future employers that might trawl your internet ramblings for information.

Advertisers search for contact details on the internet so as better to spam you with their wares. Scam artists do the same when looking for a quick buck.

And of course, the CIA, FBI, and police are known to keep tabs on people via social media accounts.

How to change your Facebook privacy settings
  1. Click the down arrow in the top right corner
  2. Select Settings
  3. On the left-hand column, go to Privacy

We recommend you Limit Past Posts, allow only Friends to see your profile, and select No to not appear in search engine results.

How to change your Twitter privacy settings
  1. Click your account avatar in the top right
  2. Select Settings and privacy
  3. On the left-hand column, go to Privacy and safety

You can now alter who can find you on Twitter, tag you in posts, and even see your Tweets.

If you want to be super secure, why not get rid of your social media and be free from all the notifications and spam? ExpressVPN’s guide to deleting accounts will show you how to be permanently rid of Facebook, Twitter, Google, Instagram, and more.

5. Protect your phone with a secure password

Face recognition and fingerprint scanners are no doubt convenient and fancy, but they aren’t as safe as a good old-fashioned password.

Criminals and even police forces can—and do—hack a phone with your face or fingers, but they cannot make you give up a password that you store in your head.

A 6-digit alphanumeric password offers nearly two billion possible permutations and is plenty to stave off all but the most advanced brute-force attacks.

So what does all this mean for what we do on Facebook?

  • Maybe wait to share those vacation pix till AFTER you come home.
  • Think about whether you want to post about your kids’ visit to you while it’s still happening.
  • Ask yourself who might be interested in the data that gets shared when you take a quiz or see what movie star you look like.
  • Don’t say anything on Facebook that you would not want inscribed in stone at the entrance to your neighborhood.
  • Consider limiting your audiences


Facebook settings

I found a really comprehensive video I liked by Anson Alexander



If you prefer a written guide, I thought this was pretty good.

How to Lock Down Your Facebook Account For Maximum Privacy and Security


Password Management and Managers

You have a different randomly generated password for every important site you go to, right?  And you have no trouble remembering them, I’m sure!

Password Managers

Keeping track of all these not-reused passwords is more than most of us can do easily.  Apple devices come with the iCloud keychain, which works with the Safari browser.   I like Lastpass , which I use with my Chrome browser, but there are others.  This is a nice review from a trusted source:

PC Magazine’s list of 10 best password managers


What is two-factor authentication?

(from CNET)

Two-factor authentication adds a second level of authentication to an account log-in. When you have to enter only your username and one password, that’s considered a single-factor authentication. 2FA requires the user to have two out of three types of credentials before being able to access an account. The three types are:

  • Something you know, such as a personal identification number (PIN), password or a pattern
  • Something you have, such as an ATM card, phone, or fob
  • Something you are, such as a biometric like a fingerprint or voice print

Where should you enable 2FA?

  1. Your email account, especially if you have shopping information moving through there
  2. Bank and credit card websites
  3. Your twitter account, if you don’t want to be open to the President tweeting under your name