One topic we always include in our security conversations with clients, even though it may not be business-focused, is social media privacy.
We remind users to take a look at who can see their data, which apps and services they share data with, and evaluate whether the sharing of their data could have negative implications.
Our next move is to pull up a screen shot of a facebook quiz and read aloud some of the questions: Where were you born? What is your pet’s name? What was your first car?
Aren’t these questions rather similar to your Apple ID security questions? Your bank, airline awards and other accounts may also use security questions as an authorization tool. We encourage clients to scroll past opportunities to share trivial, historical details about their lives. Participating in these quizzes and dialogues creates a lasting imprint of your data, and may actually archive your answers in online databases for future nefarious use.
If you have to use security questions, consider advice from security expert Brian Krebs. You could answer them falsely, but keep the information handy, or answer them with abbreviations or misspellings that only you would know. (His article also has a great collection of quiz/comment screenshots from facebook, showing examples of when/where data can be mined)
Facebook is now starting to notify users if their data was shared with Cambridge Analytica. Several news sources have instructions on how that notification will appear (at the top of your feed), and some sources go beyond this current breach to warn users of bad social media behavior in general. We like this sentiment from Gizmodo:
If you or a friend ever took a “personality quiz” on Facebook, there’s a really good chance that you were a target of political operatives somewhere in the world. It may have been fun to find out which Disney princess you are, but all of those personality traits have been catalogued and monetized.
-Gizmodo, How to Check If Your Facebook Data Was Stolen by Cambridge Analytica
Beyond the over-sharing of PII (Personally Identifiable Information) through comments and quizzes, users should also reconsider the use of hashtags as a tracking tool, sharing your location/checking in when away from home, and clicking advertisements and posts that may carry malware or other cyber threats.