Ask the Expert: What Steps Should I Take to Be Safe on Facebook?

Q: “How safe are social networking sites like Facebook? I’ve been noticing that a bunch of my friends have had their Facebook accounts hacked recently, but I don’t really know how dangerous — or not dangerous — Facebook really is.”

A: Many of us have had our Facebook accounts hacked at one time or another. If not, surely we’ve all seen posts from our friends to click on a link to see who’s following us, or to view the “most hilarious video ever.”

As soon as we click these links, we get infected with malware or our account gets compromised.

It’s become so common to see hacked accounts on Facebook that many of us just shrug these episodes off. Surely if it’s happening to everyone it can’t be that dangerous, right?

Facing the Problem with Facebook

Facebook is a spamware purveyor’s delight, because it’s a service where literally millions of people are waiting around for the next interesting thing to arrive on their pages. Facebook has hundreds of millions of users who visit the site multiple times a day every day.

And these are highly active users that read and add posts, respond to comments, send messages, add photos and videos, and so on. Hackers have found it incredibly easy to infiltrate Facebook accounts and send malware links or spam messages to that person’s entire friend list.

A survey released last December from Sophos, a leading Internet security company, reported that malware from social networking sites like Facebook are on the rise, and affected 40% of users in December 2010. Phishing is also on the rise, reaching 43% of social networking users in December 2010. Both of these more than doubled in a little more than a year and a half.

Hang on, you might ask, what’s phishing and malware?

Phishing sounds like something you do with a rod and tackle out on a lake somewhere. And malware sounds like something you wear while shopping at outlet stores.

Malware, short for malicious software, is software designed to damage or disable your computer. And phishing is the practice of sending fraudulent messages in order to get you to reveal sensitive information, like your credit card numbers. Both are nasty things that you want to stay away from.

So why isn’t Facebook doing more to beef up security?

The truth is that they are taking steps to try to protect you. They recently signed with the security provider Web of Trust in order to beef up their security. The problem is that it’s very hard to stop malware, phishing, and spam. As soon as you stop one version, another type has popped up.

The main problem is that Facebook users simply can’t resist clicking on an enticing link. We are our own worst enemy, it seems.

Maximizing Your Facebook Security

So should we give up on Facebook? That’s one solution, but most of us really like Facebook, and if we are careful about our security, there’s no reason to stop using it.

Below are some simple things you can do to get the most out of your Facebook security:

• Use a personal VPN. By far the best way to protect your sensitive information is to use a virtual private network, such as PRIVATE WiFi™, which encrypts the data moving to and from your laptop. The encryption protects all your Internet communication from being intercepted by others. In addition, VPNs can prevent hackers from connecting to your laptop and stealing your data files.

• Use a secure (HTTPS) connection. Facebook does not encrypt your access credentials by default. Using a secured connection is important, because without it, it’s extremely easy for a hacker to figure out your login information and get into your account. HTTPS solves this problem by encrypting your login cookies and other data.

1. Go to Account > Account Settings.
2. Click change next to Account Security.
3. Under Secure Browsing, select the Browse Facebook on a secure connection (https) whenever possible checkbox.
4. Click Save.

• Adjust your security settings. The highest Facebook security setting for protecting your personal information is the Only Friends option. Unless you want the whole Facebook network world to see all your profile, photos and videos, you should limit it to only people you trust.

1. Go to Account > Privacy Settings.
2. In the Sharing on Facebook section, click Customize settings.
3. Determine how secure you want each one of these sections. If you are unsure, change all of these settings to Only Friends with the appropriate menus.

•  Use login approvals and login notifications. If you use Facebook’s login notifications, whenever your account is accessed from a new or unrecognized computer, Facebook sends you an email. You can also use Facebook’s login approvals feature, where an access code is sent to your mobile phone that must be used to login to your account whenever your account is accessed from a new computer.

1. Go to Account > Account Settings.
2. Click change next to Account Security.
3. If you want Facebook to send you an email when an unrecognized computer accesses your account, select the Send me an email checkbox in the Login Notifications section.
4. If you want Facebook to send you an access code that must be used when an unrecognized computer accesses your account, select the Require me to enter a security code sent to my phone checkbox in the Login Approvals section.
5. Click Save.

• Keep your Internet browser current. Since new malware and viruses are discovered all the time, having the latest software will help eliminate these problems.

• Change your Facebook login password often. If you share a computer (or use a public one), don’t set the option to remember any passwords you enter into websites.

Facebook has become very successful by being a part of everything we do on the Internet. Facebook’s philosophy is that the Internet is more fun when it’s shared, like a party.

The problem is that we can’t be sure who else Facebook has invited to the party and if we should really trust them or not.