While Facebook grants its users lots of control over their privacy settings, keeping up with the latest privacy controls can be difficult. As a result, many users end up sharing their information and photos with a far wider audience than intended. This edition of our CyberSecurity 101 series should serve as a user guide for configuring Facebook privacy settings for optimal security.
Configuring Facebook Privacy Settings
Facebook’s privacy settings control who can view your posts, profile, tags, updates, and more. These settings can be accessed by selecting the “Privacy” tab on Facebook’s “General Account Settings” page (https://www.facebook.com/settings?tab=privacy).
Choose who can see your future posts: Use this option to select the audience for future posts you make. For increased privacy, set this option to “Friends” or create custom settings to explicitly select who can see your posts. If you change your audience for a specific post you make, return to this menu to make sure that your default setting doesn’t change.
Review all your posts and tags: Click on “Use Activity Log” next to “Review all your posts and things you’re tagged in.” The Activity Log displays all of the updates that are posted on your timeline. The Activity Log also allows users to manage their audience for updates and control which updates appear on their timelines.
Limit the audience for posts you’ve shared: Select “Limit Past Posts” to make past content you’ve shared only viewable to your friends.
Control how people can search for you: Under the “Who can look me up?” header, Facebook offers three parameters for setting how your profile will appear in search results. Set restrictions for who can look you up using your name, email address, and phone number. If you don’t want your profile to appear in search engines, turn off the “Do you want other search engines to link your timeline?” option.
Configuring Timeline and Tagging Settings
Timeline and Tagging settings control the way other people can view and interact with your timeline. These settings can be accessed by clicking the “Timeline and Tagging” tab on Facebook’s “General Account Settings” page (https://www.facebook.com/settings?tab=timeline).
Choose who can post on your timeline: The “Who can post on your timeline?” setting enables you to choose whether you want to allow others to post on your timeline.
Review tagged posts: Enable the “Review posts friends tag you in before they appear on your timeline” option. This feature requires you to approve any posts you are tagged in before they are published to your timeline.
Control your timeline audience: The “Who can see things on my timeline?” section has two parameters for selecting who can see tags and posts from others on your timeline. A good starting place for privacy is setting both to “Friends,” though users that are looking for increased privacy may prefer the “Only Me” or “Custom” settings.
Manage added tags and tagging suggestions: The “How can I manage tags people add and tagging suggestions?” section has three settings to review tags, limit the audience when you’re tagged in a post, and control who will receive tag suggestions for photos. Users should enable the “Review tags people add to your own posts” feature to select which of the tags that people add will appear on Facebook. The next setting in this section controls who will be added to the audience for posts when you are tagged. The “Friends” option offers some privacy, but many users may want to consider using the “Only Me” option or creating custom settings to further increase privacy. Finally, consider setting the “tag suggestions” function to “No One” to prevent others from being prompted to tag you in photos.
Managing Blocking Settings
Facebook allows users to restrict or block other users, invites, and apps on an individual basis. These settings are accessible by selecting the “Blocking” tab on Facebook’s “General Account Settings” page (https://www.facebook.com/settings?tab=blocking). All users should spend a few minutes to review these settings and block any people, apps, or invites that they do not wish to have access to their pages.
Configuring App Settings for Privacy
Users can manage their app settings by selecting the “Apps” tab on Facebook’s “General Account Settings” page (https://www.facebook.com/settings?tab=applications). The “App Settings” page displays all of the apps you’re using and allows you to manage each app’s visibility, permissions, notification settings, and more. Users should review each app they’re using as well as the permissions and data access that their apps require in order to better understand the impact they have on privacy. It’s also recommended that you regularly remove the apps that you’re no longer using to limit the number of apps that have access to your information.
Configuring Ad Settings for Privacy
Users can control how their name, profile picture, or other publicly-available information can appear in Facebook ads. To access your Facebook Ads settings, select the “Ads” tab on Facebook’s “General Account Settings” page (https://www.facebook.com/settings?tab=ads).
Third Party Sites: This setting controls whether Facebook will provide your information to third party apps or networks for use in Facebook ads. While Facebook currently doesn’t provide this information to third parties, there is a setting to prevent them from doing so in the future. To prevent Facebook from sharing your information with third party sites, set the “If we allow this in the future, show my information to” option to “No one.”
Ads & Friends: Set the “Pair my social actions with ads for” option to “No one” to prevent Facebook from using your name in social ads.
Configuring Facebook Security Settings
While you’re changing your privacy settings, it is worth taking a look at how your security settings are configured as well. Security settings can be accessed by selecting the “Security” tab on Facebook’s “General Account Settings” page (https://www.facebook.com/settings?tab=security).
Set a Security Question: Setting a security question gives Facebook another way to verify your identity when accessing your private information.
Turn on Secure Browsing: Enable this feature to browse Facebook over a secure connection (HTTPS) whenever available.
Setup Login Notifications: Login Notifications will alert you when your account is being accessed by an unknown device. Having this feature enabled will help you quickly detect and react if someone else is attempting to access your account.
Login Approvals: For increased security, many users enable the “Login Approvals” feature. Turning on this feature means that you must provide a security code when logging in from an unknown browser. The required security code will be sent to your phone to prevent malicious users from accessing your account.
Create App Passwords, if Desired: Some users may wish to create unique passwords for each app they use. If you use lots of apps you should generate passwords for each to ensure that they are secured.
Register your Devices: You should register all of the devices you use so that Facebook will recognize when an unknown device is attempting to access your account. The “Recognized Devices” setting allows users to manage which devices Facebook should recognize.
Manage your Active Sessions: The “Active Sessions” feature enables you to manage the open sessions in which you’re currently logged in to Facebook. Regularly check this setting to make sure that your account isn’t logged into from an unauthorized or unfamiliar location or device.
There you have it! Following these recommendations will go a long way in bolstering the privacy and security of your Facebook account. Stay tuned for the next post in our CyberSecurity 101 series!
Nate joined Veracode as a marketing specialist in early 2012. He is one of Veracode’s first co-ops from Northeastern University, where he is majoring in entrepreneurship and new venture management while minoring in music. He has various responsibilities at Veracode, including blogging, SEO, and infographic design.
Love to learn about Application Security?
Get all the latest news, tips and articles delivered right to your inbox.
Veracode is a leading provider of enterprise-class application security, seamlessly integrating agile security solutions for organizations around the globe. In addition to application security services and secure devops services, Veracode provides a full security assessment to ensure your website and applications are secure, and ensures full enterprise data protection. Application protection services from Veracode include white box testing, and mobile application security testing, with customized solutions that eliminate vulnerabilities at all points along the development life cycle.
*Gartner Peer Insights reviews constitute the subjective opinions of individual end users based on their own experiences and do not represent the views of Gartner or its affiliates.
**Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.