What to Communicate About


March 27, 2018

Social Media Social Media

Facebook has been in the news extensively about several privacy issues and violations, one of the biggest being the records of over 50 million Facebook users being sold to and used by Cambridge Analytica.  While there are various legal and privacy issues at play here, ultimately the issue is one of trust.  People’s trust in Facebook has been severely damaged, causing them to ask what the issues are, and more importantly what they can do to secure themselves.  Here is an email template you can use to communicate to your workforce about this very topic.  Personal events like this are the perfect opportunity to engage with and help secure your workforce.

Folks, we know and understand many of you have been following Facebook in the news about several big privacy incidents and allegations.  We wanted to provide you with a short summary of what those issues are, and more importantly what you can do to protect yourself.  First, a brief overview.  The US Federal Trade Commission is investigating whether Facebook violated terms of a 2011 settlement when data of up to 50 million users were transferred to Cambridge Analytica, a data analytics firm.  This data was originally collected from a Facebook app called “thisisyourdigitallife”.  The app not only collected extensive data from people who downloaded it, but the app connected data on their friends also.  This incident is raising a lot of questions, to include what other data has been collected by other apps, and how was that data shared.  Below are steps you can take to protect your privacy.  Note that while these steps are specific to Facebook, you should consider following the same steps for any social networking sites you use online.  In addition, Facebook will be making privacy changes in the coming months, as such, some of the links or options listed below may change. 

1 Delete: If you are truly concerned about Facebook and no longer trust it, the most dramatic step you can take is to Delete Your Facebook Account.  If you do, your information cannot be recovered, so we recommend you download all of your past Facebook activity first from your settings page.

2 Deactivate: The second option is to Deactivate Your Facebook Account, which is in your General Account Settings. This freezes your online activity to include disabling your profile and remove your name and photo from most things you’ve shared on Facebook.  However, you will still be able to message people.  Unlike Deletion, with Deactivation you can Re-activate your account, which means your profile and past activity is restored.

3 Minimize Apps: The issue is not only what data Facebook collects about your activity, but what data any third party apps that connect to your Facebook account, apps such as Clash of Clans or What is Your Inner Age.  Only install apps you need and minimize what they collect.  Why do you think there has been such an explosion of these fun and free apps?  Because they make money harvesting your information. In addition, limit what others share about you with their apps in the “Apps Others Use” section. Finally, delete an app when you no longer need it or no longer trust it.  Not sure what apps you have?  Check out your apps page and review your apps. Every app you have is just one more opportunity for others to collect information about you.  

4 Logins: Many websites (and apps) give you the option of using your Facebook account to login.  While that is convenient, it just means more data sharing is happening between that website and your Facebook account.  Protect your privacy by using a unique login for each and every account you have.  Can’t remember all of your passwords?  Neither can we, that is why we recommend a Password Manager.

5 Sharing: Always be careful what you share with others.  If you do not want your parents or boss to read it, you probably should not post it.  Yes, you can use privacy options to control who can read your posts, but remember those can be confusing and change often, so what you thought was privately shared can become publicly available.

6 Two-factor Authentication: Finally, while not related to privacy, one of the best steps you can take to securing any of your online accounts is to enable two-factor authentication.  This requires a second step to logging into the site.  This very simple step is one of THE most effective ways you can secure your online accounts.

Unfortunately, these steps are not as simple as we would like.  Facebook and other sites do this on purpose, they make money by collecting your information.  We want you to be aware that information is being collected about you and the steps you can take to protect yourself.  Finally, while these steps are specific to Facebook, keep in mind many other free sites have the same issues.

About the Author

Lance Spitzner

Director, SANS Security Awareness

Lance has over 20 years of security experience in cyber threat research, awareness and training. He invented the concept of honeynets, founded the Honeynet Project and helped pioneer the field of cyber intelligence. Lance has published three security books, consulted in over 25 countries and helped hundreds of organizations establish mature security awareness programs. Lance serves on the Board for the NCSA, is a frequent presenter, serial tweeter ( @lspitzner ) and works on numerous community security projects. He served as an armor officer in the Army’s Rapid Deployment Force and earned his MBA from the University of Illinois