Facebook Security Best Practices

Fraud and hacking on Facebook is incredibly common. Nearly everyone has first-hand experience with it, seeing a friend or relative’s account suddenly posting inappropriate links or worse. Scammers target Facebook and other social networking sites to harvest information about you—and your connections. Fortunately, Facebook privacy settings can be implemented to protect yourself against online identity theft.

Adjust Facebook privacy settings to help protect your identity

Unlike some other social networking sites, Facebook provides a number of powerful options to protect you online—but it's up to you to use them. Remember, many of these Facebook options are not the default settings—you’ve got to go into your settings and activate them yourself. Fortunately, once you know what to look for, they’re pretty easy to implement.

Read the Facebook Guide to Privacy

At the very bottom of every page on Facebook, there's a "Privacy" link. The linked page provides an explanation of Facebook’s Data Policy, which explains how Facebook collects, uses, and shares your data. This provides extensive information you should be aware of when using the social network.

To access your own privacy settings, click on the dropdown arrow in the very top right corner of your page. Midway down, you’ll find a link to “Settings.” This brings you to a page where you can manage your passwords, security, and more. Along the left-hand toolbar you’ll find a “Privacy” link. Here, you’ll have control over who can see your page, who can contact you, and who can look you up online.

What are your options?

Under Privacy Settings and Tools, you’ll see three sections: “Who can see my stuff?” “Who can contact me?” “Who can look me up?”

“Who can see my stuff?” allows you to determine who can see your future posts, with the default options of “Everyone,” “Friends,” and “Only Me.” You can also create personalized subgroups (immediate family, coworkers—any group you want to create and manage yourself). It’s a good first step to select “Friends” to prevent people you don’t know from seeing your page.

This section also lets you control who tags you in posts and photos (and whether you want to have approval rights before you’re tagged), and also how far posts you’ve shared in the past can reach. You have the option to limit posts you’ve previously shared to friends of friends or have made public to now only be viewable by “friends.” This is a one-time, irreversible change, but it also provides a quick fix to make your previous content less searchable.

“Who can contact me?” helps limit friend requests from strangers. Your options here are somewhat limited—you can allow anyone to send you a friend request, or limit it to only friends of friends, ensuring that anyone contacting you knows at least one person in common.

Depending on how careful you are about accepting friend requests and how you use Facebook, either option may be viable for you. Consider your own use of the site.

Finally, “Who can look me up?” provides a number of methods for increasing your privacy. “Who can look you up through the email address you provided?” limits the visibility of the email you have tied to your account. This can be limited to “friends,” “friends of friends,” or “everyone.” You may want to limit your visibility depending on how you use your account. “Who can look you up using the phone number you provided” has the same options as your email address.

Perhaps the most important of these options is the final one: “Do you want search engines outside of Facebook to link to your profile?” This doesn’t hide your profile completely, but it does stop search engines from linking to your profile. If you use your page for business purposes, you may want to allow it to be searchable, but for personal pages, not allowing search engines to link your profile is a good way to add another layer of privacy.

Did my changes work?

Once you’ve adjusted your settings, you can preview your profile as a stranger would see it. Go to your own page, and within the banner, next to “View Activity Log,” click on the ellipses (…). Here, you can choose “View As” to see your page from the outside.

Think carefully about who you allow to become your friend

Once you have accepted someone as your friend they will be able to access any information about you (including photographs) that you have marked as viewable by your friends. You can remove friends at any time should you change your mind about someone. It’s a good idea to verify a friend request is coming from the real account of someone you know before accepting, though.

You can establish different levels of friendship too, and limit what each subset can view in your profiles. Contacts default as “Friends” but you can designate someone as a “Close Friend” or “Acquaintance,” letting them see more or less of your personal information, photos, and posts. This can be useful if you have associates who you do not wish to give full access to, or feel uncomfortable sharing personal information with.

Disable options, then open them one by one

Think about how you want to use Facebook. If it's only to keep in touch with people and to be able to contact them, then maybe it's better to turn off the bells and whistles. It makes a lot of sense to disable an option until you have decided you do want it, rather than start with everything accessible.

Facebook provides many powerful tools to limit access and protect your privacy, but it defaults to more publicly visible settings rather than more private ones. If you haven’t already, take some time to review your privacy settings and set up parameters you’re most comfortable with to safeguard your privacy.