Ask The Experts: Insights on Facebook Friends

This time around, the experts tackle this question:

Q: “Hey Security Experts, should I be friends with everyone that asks on Facebook? What’s the risk of friending people I don’t really know? Can we be friends on Facebook?” –Scott918

Adam Hostetler weighed in with:

I wouldn’t recommend accepting friends request for anyone on Facebook, unless you actually know them. This especially goes for somebody that claims they work at the same company as you, as it really could be somebody building a network of targets to social engineer.

Take advantage of Facebook privacy settings also. Don’t make your information public, and only make it viewable by friends. I would even recommend against putting too much personal information on there, even if it is only among friends. There have been security issues in the past that allow people to get around privacy controls, and Facebook really doesn’t need a lot of information from you anyway.

John Davis added:

The short answer is NO! I’m a big believer in the tenet the you DON’T want the whole world to know everything about you. Posting lots of personal facts, even to your known friends on Facebook, is akin to the ripples you get from tossing a pebble into still water – tidbits of info about you radiate out from your friends like waves. You never know who may access it and you can never get it back! There are lots of different people out there that you really don’t want as your friend – I’m talking about everything from annoying marketers to thieves to child molesters. People like that are trying to find out information about you all the time. Why make it easy for them?

Finally, Phil Grimes chimed in:

Facebook is a ripe playground for attackers. This is something I speak about regularly and the short answer is NO, absolutely not. If you don’t know someone, what is the benefit of “friending” them? There is no benefit. On the contrary, this opens a can of worms few of us are prepared to handle. By having friends who aren’t really friends one risks being attacked directly, in the case of the unknown friend sending malicious links or the like. There is also the risk of indirect attack. If an attacker is stalking Facebook pages, there is a lot of information that can be viewed, even if you think your privacy settings are properly set. Stranger danger applies even more on the Internet.

So, while they may not be your friends on Facebook, you can follow the Experts on Twitter (@microsolved) or keep an eye on the blog at http://www.stateofsecurity.com. Until next time, stay safe out there! 

Ask the Security Experts: Facebook Security For Teenagers

We’re starting a new series: “Ask the Security Experts.” We’ll pose an information security question and our panel of experts will do their best to answer.

 

Our panel:

  • Adam Hostetler, Network Engineer, Security Analyst
  • Phil Grimes, Security Analyst
  • John Davis, Risk Management Engineer

Our Question

What should I tell my teenage children about privacy and security on Facebook?

Adam Hostetler:

Teach them how to use Facebook privacy settings. Go into the settings
and explain how it works, and that they should only post updates and
photos to their friends and not in public. Also, how to set their
account so they can only be found by friends of friends. As for apps, be
very careful about what Facebook apps they use, and pay attention to the
permissions they request. For their account, always use a strong
password. Do not give out account information to anyone (except
parents). Lastly, they should always log out of the account when they
are done. Never close the browser with the account still logged in.

Phil Grimes:

I fight this battle daily. I constantly remind my kids that what goes online now stays online forever. I have discussed privacy settings with them and give them little reminders that help them think about security and privacy online — at least in terms of posting info and pictures. It never hurts to remind them who I am and what I do for a living, they tend to always think twice before posting.

As for the games, however, this is something that is almost impossible to combat in my house. I think I am the only person who does NOT play Facebook games. The keys here are simple. Accept the machines that play these games as lost assets. I image the disks so I can restore them quickly and easily, then cordon them off on their own network segment so WHEN they get popped, I can “turn and burn” to get them back online. This really works well for me, but another important factor is to NOT do anything sensitive from these machines. Luckily, my kids don’t do any online banking or anything like that. I have my wife conduct sensitive tasks through another machine.

John Davis:

I would say to watch the scams and traps that are strewn like land mines throughout the site. Watch the free give-aways, be wary of clicking on pictures and videos and look carefully at any messages that contain links or suggest web sites to visit. Also, be VERY careful about ‘friends’ of friends and other strangers that want to friend you or communicate with you. You very well may not be communicating with who you think you are. Finally, if you’re on Facebook frequently and have not been wary, chances are you have malware on your computer that hides itself and runs in the background where you are not aware of it. So be careful when using the site and scan your system frequently.