The NJCCIC’s Guide to Accessing Facebook’s Security & Privacy Settings

The NJCCIC is providing this guide to help our members and website visitors manage their cyber risk and maintain the security and privacy of their information. This guide provides users with the steps needed to access and change privacy and security settings, as well as instructions on how to view the user data collected by Facebook. It has become increasingly important for users to be aware of the type of personal data being collected – and often sold – by these free online services. All screenshots included were taken from Facebook's web interface.

After you log in, do not check "Safe Browser" unless this is a personally-owned devices and not used by others.

This is vital when using a public computer; however, you should also consider fully logging out of your account every time you end a Facebook session on your device. Additionally, refrain from saving your login credentials in the app or browser. This will keep others who use or gain unauthorized access to your devices from being granted instant access to your social media account.

Know who your friends are.

Take a look at your friends list from time to time to see if anyone is lurking there who shouldn’t be. Former friends or acquaintances, people you’ve never met in person, and even inactive or abandoned accounts can all pose risks to you and your data as many Facebook users have a tendency to overshare when it comes to their personal information. You may think your information is secure because you have your Facebook posts set to “Friends Only,” but if some of those friends aren’t really friends at all, they could be tracking where you live, work, and play and collecting information about your life without you even realizing it. Go through and purge unnecessary connections on your “friends list” regularly to eliminate potential threats to your cybersecurity and safety, and make sure to only keep connected to those you know and trust.

View what your profile displays publicly.

This feature is especially useful when deciding what actions you need to take to tighten your Facebook page’s privacy settings. For example, perhaps you have a Facebook post or photo that is publicly available, but now you want limit access to just your friends or a specific group of people. Once you have identified the changes you need to make, you can access those posts and change their viewer settings from “public” to “friends.” To get to this option, log into your Facebook account on a desktop or laptop computer, click on your name at the top to view your profile. Then, click on the icon of an eye to view your profile as it is seen to the public.

When you publish a new post, make sure that it is only visible to the specific audience you want. Click on the down arrow to make your selection.

To edit previous posts, click on the ellipsis and change the "audience."

To access your Settings, click on the small triangle in the upper right corner of the Facebook toolbar and go to “Settings & Privacy” and click on “Privacy Checkup.”

• Limit who can see your activity and who can find and contact you.
  Navigate to "Who can see what you share" to ensure that all your past and future posts are only visible to your Facebook friends.

For additional privacy, you can change your settings so that only “Friends of Friends” will be able to send you friend requests. You can also limit the ability for others to search for your account using your phone number or email address.

Security and Login settings

To access your security settings, navigate to “Security and Login” under your Facebook settings.

See what active sessions are listed and what devices have logged into your account.

Under “Security and Login,” review the devices used to log into your account and check for any suspicious or unauthorized activity. Be sure to click “See More” for a full list of all recent sessions. If you see any activity listed you don’t recognize, click on “Log Out Of All Sessions” to disable access.

Change your Password

If you are currently using a weak password, you can change your password here as well. We recommend using unique, long, and complex passwords. Click on “Edit” next to “Change password” and follow the directions.

Setting Up Extra Security

Activating two-factor authentication (2FA) is an important step towards securing your online account. To turn this setting on, under “Setting Up Extra Security,” click on the “Edit” button next to the “Use two-factor authentication” option. Also, under “Setting Up Extra Security,” there is an option to “Get alerts about unrecognized logins.” This way, if someone tries to access your account from an unknown device, you will be notified via Facebook notifications, messenger, or email.

Download your Data

Facebook has a self-service that allows you to download all of your user data. There are security measures in place that require you to confirm your identity to complete the download process. Click on the small triangle in the upper right corner of the Facebook toolbar and go to “Settings” and click "View" under Download Your Information and choose to Create File.

Facebook will display one notification indicating that the archiving process has begun and another notification when your archive is ready to be accessed.

Your ad preferences

Under Facebook settings, by clicking “Ads,” users can view what influences the ads that users see and control their ad experience.

Your biometrics.

You may choose to prevent Facebook from using their algorithms to recognize you in photos or videos posted to Facebook.

Additional Resources:

• Facebook provides a guide for users titled Keep Your Facebook Information Secure.
• To assist users who believe someone has gained unauthorized access to their accounts, Facebook launched this tool to help users identify and report the problem.
• Users can also review Facebook’s Data Policy for information on what data is collected, how it is used, and what users can do to manage their information.

The NJCCIC recommends all Facebook users regularly perform a security audit on their accounts to prevent unauthorized access, external account compromise, and the theft and misuse of personal and potentially sensitive data.