Be Sure to Secure Your Instagram Account: The NJCCIC’s Guide to Accessing Instagram’s Security & Privacy Settings

The NJCCIC is providing this guide to help our members and website visitors manage their cyber risk and maintain the security and privacy of their information. This guide provides users with the steps needed to access and change privacy and security settings, as well as instructions on how to view the user data collected by Instagram, a photo and video-sharing social media platform owned by Facebook. It has become increasingly important for users to be aware of the type of personal data being collected – and often sold – by these free online services.

Instagram profiles are public by default, meaning anyone using the application can see the photos and stories you post on the platform. If you have not yet changed your profile settings, you may inadvertently be giving total strangers a glimpse into your life, including information about where you work, the places you visit, and the people in your social circle. With that information, it would not be too difficult for a motivated threat actor to use that information to target you and your loved ones. There are a number of actions you can take in order to better secure your accounts and posts. The NJCCIC recommends setting your account to private, blocking unknown or unfamiliar accounts, and enabling two-factor authentication (2FA) on your account.

The steps contained in this guide are taken from the Instagram app for Android devices. Steps to access security and privacy settings on the Instagram app for devices running other operating systems may vary.

Set Your Profile to Private

Open the Instagram app and click on the person icon in the right bottom corner to view your profile.


Tap on the menu icon in the top right to open up Settings.


Scroll down until you see “Private Account” and tap the circle to the right so that it turns blue, indicating that the private account setting is on.


Block Accounts on Instagram

Click on the user you want to block to view his or her profile.

Click on the menu icon on the top right corner.


Click on “Block” and then press “Yes, I’m sure” on the prompt to confirm the block. The blocked user’s profile will now be shown as private.


Activate Two-Factor Authentication

Return to your Instagram profile and click on the menu icon in the top right corner to access the Options menu.


Scroll down and select “Two-Factor Authentication.”


Click on the button next to “Require Security Code” so that it turns blue, indicating that two-factor authentication is on. Select “Turn On” on the prompt to confirm.


Instagram will then send a 6-digit confirmation number to your phone in an SMS message to confirm the setting. Once confirmed, you will need to enter a new SMS security code each time you login to your account.


Additional Resources:

  • Instagram provides a Security Tips page to guide users in better securing their accounts.
  • Users can review Instagram’s Privacy Policy for information on what data is collected, how it is used, and what users can do to manage their information.
  • Instagram is reportedly developing a tool for users to download content and data associated with their accounts, but it is not yet available.
  • Instagram announced the availability of several new tools to help better secure accounts. 

The NJCCIC recommends all Instagram users regularly perform a security audit on their accounts to prevent unauthorized access, external account compromise, and the theft and misuse of personal and potentially sensitive data.