Mark Zuckerberg will testify at two congressional hearings this week. He'll testify about the ongoing saga between Cambridge Analytica and Facebook and Russia's use of Facebook to influence the 2016 Presidential Election. From the prepared remarks released on Monday it looks like Zuckerberg will talk about security in a way he hasn't before. For example, that "security is a problem we'll never totally solve ...” This is an interesting admission, it means that even top tech companies struggle to keep up with security threats. Defense in depth and prevention are important parts of protecting your assets and you need to add an additional layer of protection with a social media security vendor.
At the center of the Cambridge Analytica incident is a personality survey and Cambridge researchers. In 2013, Facebook users had an opportunity to learn more about their personality by installing a Facebook app and taking a survey. It wasn't disclosed that the researchers would later sell the data to another customer. People who took the quiz were also rather unlikely to notice that they would be granting the app access to a wealth of their own Facebook data and to the Facebook data of *all* of their friends (in 2014, the average Facebook user had 338 friends).
Even if you don't watch Zuckerberg's testimonies, it's a good time to think about your company's privacy and security.
On Monday, April 9, Facebook began notifying people who were affected by the thisisyourdigitallife survey. If you see the notification it could mean that you installed the app and took the survey in 2013, or that your data was accessed after one of your friends installed the app. Unfortunately there isn't much you can do if you are one of the 87 million people who were affected. The downside of this wonderfully connected, data-driven world is that once data is out the door, it's very difficult (if not impossible) to ensure all copies have been deleted or that the data is not misused. Prevention is still the best measure we have. With that in mind, let's take this as an opportunity to do a little security and data privacy housekeeping.
If you haven't already, you should start by downloading a copy of your Facebook data. Seeing how much data is associated with your account is good motivation to delete some old posts or maybe even trim down your Friend list. To download your data:
- Sign in to your account
- Go to the Settings page
- Click on "Download my data." This is a two step process, you'll first request the download (part 1), then Facebook will follow up later with a link to download an archive (part 2).
Next, visit your data privacy settings. Check the audience for your past and future posts. Who do you want to see future posts? Most people are comfortable with their Facebook friends seeing posts, others want a more public profile, think hard about when you post to an audience that's broader than your Friends. If you have old posts that you don't want anyone to see anymore but you don't want to delete it, check out the "Only me" option. Do you want search engines to link to your profile? If you're sharing to "Friends" then maybe not, but if you're building a public facing page or account, maybe you do.
Finally, take a minute to check your security settings. Two-factor authentication is a great way to ensure that you and only you can get into your account. If two-factor auth is too much of a commitment or you have other sign-in needs, then turn on alerts for unrecognized logins.
If you're feeling motivated to tinker with the security and privacy settings even further, then check out this EFF guide to learn more.
And if you're still thinking about the notification and wondering if Facebook will tell you which of your friends installed the app. We'll guess: probably not. :)