The NJCCIC is providing this guide to help our members and website visitors manage their cyber risk and maintain the security and privacy of their information. This guide provides users with the steps needed to access and change privacy and security settings, as well as instructions on how to view the user data collected by Facebook. It has become increasingly important for users to be aware of the type of personal data being collected – and often sold – by these free online services.
Don’t check “Keep me logged in,” and log out of your account after each session.
This is vital when using a public computer; however, you should also consider fully logging out of your account every time you end a Facebook session on your personal device. Additionally, refrain from saving your login credentials in the app or browser. This will keep others who use or gain unauthorized access to your devices from being granted instant access to your social media account.
Know who your friends are.
Take a look at your friends list from time to time to see if anyone is lurking there who shouldn’t be. Former friends or acquaintances, people you’ve never met in person, and even inactive or abandoned accounts can all pose risks to you and your data as many Facebook users have a tendency to overshare when it comes to their personal information. You may think your information is secure because you have your Facebook posts set to “Friends Only,” but if some of those friends aren’t really friends at all, they could be tracking where you live, work, and play and collecting information about your life without you even realizing it. Go through and purge unnecessary connections on your “friends list” regularly to eliminate potential threats to your safety and well-being and make sure to only keep connected to those you know and trust.
View what your profile displays publicly or to a specific person.
This feature is especially useful when deciding what actions you need to take to tighten your Facebook page’s privacy settings. For example, perhaps you have a Facebook post or photo that is publicly available, but now you want limit access to just your friends or a specific group of people. Once you have identified the changes you need to make, you can access those posts and change their viewer settings from “public” to “friends.” To get to this option, log into your Facebook account on a desktop or laptop computer, click on your name at the top to view your profile. Then, click on the ellipsis next to “View Activity Log” in the lower right corner of your profile’s displayed cover photo. Then click on “View As…”
When you publish a new post, make sure that it is only visible to the specific audience you want. Click on the button next to “Post” to make your selection.
To access your Settings, click on the small triangle in the upper right corner of the Facebook toolbar and go to “Settings” and click on “Privacy.”
- Limit who can see your activity and how people can find and contact you.
Once you have accessed your Facebook account settings, click on the “Privacy” tab in the menu on the left. Here you can make sure that all your past and future posts are only visible to your Facebook friends.
For additional privacy, you can change your settings so that only “Friends of Friends” will be able to send you friend requests. You can also limit the ability for others to search for your account using your phone number or email address.
Security and Login settings
To access your security settings, navigate to “Security and Login” under your Facebook settings.
See what active sessions are listed and what devices have logged into your account.
Under “Security and Login,” review the devices used to log into your account and check for any suspicious or unauthorized activity. Be sure to click “See More” for a full list of all recent sessions. If you see any activity listed you don’t recognize, click on “Log Out Of All Sessions” to disable access.
Change your Password
If you are currently using a weak password, you can change your password here as well. We recommend using unique, long, and complex passwords. Click on “Edit” next to “Change password” and follow the directions.
Setting Up Extra Security
Activating two-factor authentication (2FA) is an important step towards securing your online account. To turn this setting on, under “Setting Up Extra Security,” click on the “Edit” button next to the “Use two-factor authentication” option. Also, under “Setting Up Extra Security,” there is an option to “Get alerts about unrecognized logins.” This way, if someone tries to access your account from an unknown device, you will be notified via Facebook notifications, messenger, or email.
Download your Data
Facebook has a self-service that allows you to download all of your user data. There are security measures in place that require you to confirm your identity to complete the download process. Click on the small triangle in the upper right corner of the Facebook toolbar and go to “Settings.” Click on “Download a copy” followed by “Start My Archive” and follow the given directions.
Facebook will display one notification indicating that the archiving process has begun and another notification when your archive is ready to be accessed.
Your ad preferences
Under Facebook settings, by clicking “Ads,” users can view what influences the ads that users see and control their ad experience.
Under “Your information,” users will find the two options labeled “About you” and “Your categories” that contain information have been determined based on your Facebook profile. Your categories may include major life events, political views, and how you access your Facebook account.
- Facebook provides a guide for users titled Keep Your Facebook Information Secure.
- To assist users who believe someone has gained unauthorized access to their accounts, Facebook launched this tool to help users identify and report the problem.
- Users can also review Facebook’s Data Policy for information on what data is collected, how it is used, and what users can do to manage their information.
The NJCCIC recommends all Facebook users regularly perform a security audit on their accounts to prevent unauthorized access, external account compromise, and the theft and misuse of personal and potentially sensitive data.