In recent weeks, the media has exploded with news of the Facebook data breach. If not ready to #deleteFacebook – this post is a must read to keep your data safe.
It seems that every day new revelations arise as the true extent of the crisis begins to unravel. Undoubtedly, it is complex story with many implications, so if you have missed out on any parts, Here’s a quick summary to get you up to date.
What’s happened so far…
1. The Data Breach
Four years ago, an academic at Cambridge University, Aleksandr Kogan, created a personality quiz-app called ‘thisisyourdigitallife’.
The app, which required a Facebook sign up, asked users for permission to access their data for academic research purposes, subsequently obtaining 270,000 signed-up users. Whilst this data harvesting was technically consensual, the Facebook API at the time allowed the app to gain access to the data of the existing-users friends as well – which was not.
Since Facebook-users can regularly have friend lists numbering in the thousands, this was a significant breach. Initially around 50 million users were thought to be affected, however, a recent update pins it at 87 million.
Considering that Facebook promised to only share friends’ data in order to improve the in-app experience and not to share it with third parties or advertising agents, this constitutes the largest Facebook data breach ever recorded.
2. Cambridge Analytica
What is the significance of this? Though some moves were made to expose this breach by the Guardian in 2015, it was not until whistleblower Christopher Wylie spoke out this January that the true extent of the crisis was revealed.
Wylie confirmed that Kogan worked with the British political-consulting firm, Cambridge Analytica (CA), to harness the data pool he had collected to influence the US 2016 Presidential election.
CA allegedly created an algorithm that analysed the information from profiles to highlight any potential swing-voters in the US Presidential Elections and create tailored adverts with political messaging. With an estimated 77 million of these profiles being from the US this made a powerful political propaganda weapon.
In the wake of this revelation, it has also come to light that the Canadian company AggregateIQ, who received a £2.7 million from the Vote Leave campaign in the UK EU Referendum, was closely linked with Cambridge Analytica. Moreover, through clever manipulation of funding being disguised as ‘investment’ AQI were able to break regulations concerning donations as set out in “The Political Parties, Elections and Referendums Act 2000”, so that overall it received £3.5m from Brexit campaign groups.
Facebook is now under investigation from Canadian and Australian privacy watch dogs who are looking into the data breach against thousands of their citizens, including the actions of Canadian ad-targeting service AggregateIQ.
Alongside this, Facebook CEO Mark Zuckerberg, has been summoned for questioning before the US Congress this week to answer for the alleged improper-use of data which could result in huge fines for the company and tighter legislation laws on social media data protection.
Zuckerberg was also called to testify in Britain in front of The House of Commons Digital, Culture, Media and Sport Committee (DCMS) in March but declined to attend. The investigation continues.
4. Third Party Data
One thing that this affair has been is a wake up call for all social media users about taking steps to protect their data online.
It is not just thisisyourdigitallife that can access your data through Facebook, there are a multitude of apps that harvest your data when you sign up to them through the platform. If you want to see just how many, go to the app section of your settings page and ask yourself why apps like ‘heroquizzes’ or ‘nametests.com’ need access to your friend list, location and political and religious views.
5. What steps should you take?
5.1. Reclaiming Facebook
Obviously, the most drastic action available is to #deleteFacebook entirely, though, as this will still not retrieve the information that may have been harvested in the past, it is hardly the perfect solution.
So, if you are aware that you may have been blasé with the information you have shared online but you are not ready to #deleteFacebook entirely from then there are steps you can take. The first one is doctoring who can access your data – starting with third parties.
- Go to your settings page on Facebook.
- Click on ‘Apps and Websites’.
- Go on the apps that are under ‘Data Access Allowed’ and see what information you have agreed to share with them (if this was a facebook sign up then it is likely more than you think).
- Select app and a breakdown of what you have shared will appear.
- Edit this information to whatever you feel comfortable sharing by ‘unticking’ the boxes.
- Or delete the app entirely.
- Be careful what you install in the future.
5.2. Browser Data
After you have tackled facebook directly, a good place to begin protecting your data is by making sure you have backed it up. This is essentially creating a copy of all your documents etc. stored on your devices and putting them on an external device in the case of loss or damage.
If you want a physical location for this, you should regularly download all your data onto a hard drive, but if you are happy keeping this online then you can use cloud backup (sending copies of your data to an offsite server for storage, usually for a fee) which can be far more efficient if you are running a business.
Once you have made sure that your data is safe from being lost or deleted then you should look at following these basic steps to help prevent hacking:
- It should go without saying but make sure that you always install and antivirus/malware software on your devices. You should do this straight away before you start using the internet, but failing that definitely before you sync any of your information onto a new device.
- Always turn your device off at night – this will disconnect it from the internet and potential hackers.
- If you have a new computer, don’t let the excitement to get started make you negligent with your old devices. Make sure your old computer hard drives unreadable and if you are planning on selling it on, fully wipe your device before passing it on.
- Install a firewall to monitor the network traffic coming in and out of your computer and cut off malicious software at the start.
- Make sure your home or work wifi is password protected.
5.4. Keeping Your Identity Private
There’s one security issue that almost deserves a category of its own… passwords. They are absolutely key to keeping your data safe online and yet the majority of people are remarkable blasé or lazy about using them.
Indeed, in a study of 1000 participants done by Keeper Security (a password management app), 87% of participants between the age of 18-30 and 81% of participants aged 31 and up were found to reuse passwords. Whilst 29% admitted to sharing their passwords with two or more people.
Super-size your passwords
It would seem that if you have one password for everything then you are not alone or even a minority, not only is this making it easy for your kids to hack into your Netflix account, but it means that if one account gets a security breach all of your data could be compromised.
It’s far safer to have a different password or (or better passphrase) for each account. If you are worried about forgetting them you can download a secure passport management app like Keeper Security, LastPass or Dashlane which will safely store all your passwords and save them to your accounts.
However you want to do it, just make sure that your passwords are strong (containing upper and lower case letters, numbers and characters) and kept to yourself.
Yet, at the end of the day, you can create the safest passwords in the world but you can still be your own biggest security risk, as I have mentioned make sure you don’t give them out to anyone intentionally, but also watch out for scams that might trick you into disclosing your information.
A really common one here are scam emails calling you to urgent action.
This can be anything from a fake amazon email asking you to log in to check a suspicious payment that has been made (particularly devious as it is using the guise of security to get you to enter your details on a fake amazon site), to fake emails about government tax rebates and banking updates. If you are in anyway suspicious, check the full email address to see whether it is legitimate, if it doesn’t have the company domain don’t open it (you can always google to check this, government tax for example write on their website that they will never contact you via email so that’s a big red flag).
5.5. Being Wifi Savvy
In an age when most phones support apps and browsers, it is inevitable that we use the internet on the move more and more. Many people now manage their personal admin from their phones whilst they are on the go and this can include very sensitive information, with anything from Linkedin, to emails and banking all readily available in apps.
On the whole this is an amazing innovation, however, it does pose one significant security threat – the use of unsecured public wifi networks.
A study published on the Secure List back in 2014 found that 26% of wifi networks in the Sao-Paulo around the time of the World Cup used open standard networks – wifi with virtually no security meaning that anyone can check in to see what you’re browsing.
I am not advocating avoiding wifi networks altogether, they are very handy especially when travelling or if you are out of data, but it is always worth checking just what you will be revealing if you log into it.
Open standard networks are incredibly easy to hack, so think twice before you transfer your monthly bills whilst logged into the train wifi. Nowadays, IPhones especially can help you out with this by flagging when a network in unsecure before you log into it.
5.6. Mobile Data
Once you have established yourself on a secure server on your phone, there are still a few more simple steps to take care of to ensure your data is safe on your phone. The Facebook data debacle has taught us to be weary of what information we share with apps we are downloading, however, this doesn’t just apply to Facebook sign ups.
Just as with a computer, when you get a new phone or tablet, the first thing you should do before you sync it with any account is to manage the security settings on your device. Once you have made sure of basic things like, when you would like to share your live location etc. with apps like Google Maps that come ready installed on many phones, you can move on to consider downloading other apps.
Similarly to Facebook, the crucial thing here is to check what you are agreeing to share when you download these and manually ‘untick’ anything you feel uncomfortable with. As The Guardian has highlighted there are apps like mypermissions.org that will monitor all your apps for you and alert you if they are trying to access your personal information.
Other basic steps that could save you a lot of bother include:
- Downloading tracking apps that allow you to locate your phone’s geolocation if it is stolen, and even better, to delete any sensitive information remotely if your device has been lost or stolen.
- Get antivirus software installed, you wouldn’t leave your laptop unprotected, so now that phones have advanced to hold similarly valuable information then you should look at getting them protected too. Most major antivirus brands have expanded into mobile protection so it’s not hard to come by.
- Lastly, turn off your bluetooth, hotspot or any other form of outreach when you are not using it – there’s no sense in inviting the hackers in!
Now back to you!
There are many, many more things you can do to ensure that your data is safe, this list has only really scratched the surface.
However, half the battle is being aware of the risks and what you need to do to counter them. In this respect, the Facebook data hacking scandal has done us a favour, as it has really made us sit up and take notice of just how vulnerable we can leave ourselves online.
For though you may feel like you are regaining control by posthumously adapting your privacy settings, be aware that by deleting an app you may not be deleting the data they hold on you.
You will have to contact the app directly in order to do this (facebook acknowledges) which can be a laborious process to say the least. Indeed, it would appear that many of us have already opened the Pandora’s box of personal data online and retrieving it may not be straightforward. Yet, the important thing is that you take the steps outlined above to prevent it from happening again.
So what have we learnt?
Clearly, sharing information with seemingly innocuous looking apps can have far incredibly reaching consequences, from compromising your personal privacy to calling into question the entire freedom of democracy.
Evidently, we need to be more careful in the future about our information and who we share it with – knowledge is power after all.