Coleman Technologies Blog

That’s why we wanted to make sure that you knew how to reclaim your personal data and make sure it is protected. We’ll start by protecting the information that you’ve shared.

To do this, you will want to access your Facebook account on a computer. This is going to be a lot to manage, and the mobile app would only be too much trouble to navigate.

Your Security and Privacy Options

From any page on Facebook, look for the menu, which will appear as a little downward-facing arrow. This should be at the top right-hand corner of the page. Click into Settings. This little arrow is your lifeline during this process, you can always find your way back to the beginning with that menu.

Verify the Accuracy of Your General Account Settings

Your first order of business should be to confirm that you still have access to all of the email accounts tied to your Facebook. If an account that you no longer have access to was used, account recovery becomes monumentally more difficult.

Find Out Where You’ve Used Facebook with Security and Login

On the right, you should see the Security and Login option. Click it, and Facebook will show you all of the devices where your account is logged in. Fair warning, this can be shocking - especially since it includes where and when you last used that device, and what browser you were using to do so. The longer a user has been engaged with Facebook, the more devices will likely show up here.

If one of these devices is one that you don’t recognize, you will want to change your password immediately - we’ll go over how in a moment. First, you will want to log out of Facebook on any device that you aren’t actively using. This can be done through the three-dot icon menus next to each device listed.

Change Your Password

While we’re on the topic, this is when you will want to make it a point to update your password. It will only take a minute and might just help keep your Facebook friends from being spammed and phished. You can do this using the process provided on the Security and Login page.

Remember, you should never use a password for more than one online account.

Using Two-Factor Authentication

After your password settings, you’ll see the option to set up two-factor authentication (2FA) to help protect your account. To set it up, select Use two-factor authentication and click edit, and Facebook will provide you with the instructions you need to follow. Click Get Started. 

You have two options to select from as your Security Method, either using an authentication app, or to receive a text message with an additional code. Between the two, the application is the more secure option, although it does mean you need to have access to the mobile device whenever you want to check your Facebook.

Setting up the authentication app option is pretty simple. Open your application (which, if you have a Google account, might as well be Google Authenticator) and, on the computer, select the Authentication App option, as pictured, and click Next. 

Facebook will display a QR code, which your authenticator app should allow you to scan when you add a new account to it. The app will then give you a six-digit number to provide to Facebook as a Confirmation Code. Simple.

If you decide to use the text message option, Facebook will simply send you a code that you have to provide upon login. It isn’t quite as secure as the app, but it will do. All you have to do to configure this is to confirm an initial code with Facebook, and you’ll be walked through the rest.

Add a Backup

Once you have two-factor authentication enabled, it only makes sense to add an additional means of 2FA as an emergency backup - in this case, whichever method you didn’t choose. Honestly, you might as well set up both, and make use of the Recovery Codes option, to boot.

Under the Add a Backup option on the Two-Factor settings page, there is also a Recovery Codes option. By clicking Setup, Facebook will provide a brief explanation, and the opportunity to Get Codes. Facebook currently gives you a list of 10 single-use 2FA codes. These are one-shot codes, but you can generate a new list whenever you want from the Two-Factor Settings page. Make sure you keep these codes in a safe place.

Setting Up Extra Security

Back on the Security and Login page, scroll down to find Setting Up Extra Security. This area lets you opt-in to alerts being sent via email or text, notification, or Facebook Messenger.

You can also Choose 3 to 5 Friends to Contact if you do find yourself locked out of your account. Make sure that these are people you truly trust.

Stay tuned for part three of this series, coming soon.

What Does Facebook Know About Me?

Consider how many opportunities Facebook has to collect information about you: there’s quite a few. For one thing, you literally tell the platform the things you “Like.” Semi-joking aside, there’s also the stuff you post, which advertisements attract your attention, and many other means for them to construct a pretty solid profile on you.

You can see this profile for yourself. In the aftermath of the Cambridge Analytica scandal - where third-party users were granted free reign and access to Facebook user info - Facebook made a promise to be more transparent. This profile is part of that transparency.

Viewing this information is pretty simple, whether you’re on your computer or you’re using the mobile application.

On a desktop or laptop:

1. Log in to your Facebook account.
2. Click the down arrow on the top right and go to Settings.
3. On the left, click Your Facebook Information.
4. Facebook will present you with five options. Look for Download Your Information.
5. Click View, Facebook will give you a screen where you can choose the date range and format of the data. Since we want to download everything, we’re going to set the Date Range to All of my data and set Media Quality to High. This will give us a higher quality version of all of our photos and videos in the download.
6. Click Create File and Facebook will start building the download. This can take a while, but Facebook will give you a notification when your data is ready for download.
7. Once Facebook gives you the notification, click it and Download your data.

From the Facebook mobile app:

1. Tap the 3-bar hamburger icon in the top right of the app.
2. Scroll down and tap Settings & Privacy, and then tap Settings.
3. Tap Download Your Information.
4. Leave all of the options checked, and scroll down. Ensure the Date Range is set to All of my data and that Media Quality is set to High.
5. Tap Create File and Facebook will give you a notification when the data is ready for download.

The “data is ready” notification will probably come after about an hour - it really depends on how long you’ve been a user, and how active you’ve been. Most people will probably have a file that takes up a few gigabytes.

Now that the report is available to you, click on Your Facebook Information.

Access Your Information - Facebook provides you with an itemized and viewable list of your Posts, Photos, and Location history ready for viewing.

Activity Log - Consider this a comprehensive timeline recap - almost a scrapbook, prepared by Facebook.

Deactivation and Deletion - People used to complain that deleting a Facebook account was a difficult process. Not anymore!

So, How Much Does Facebook Know About Me?

When you do review your file, the information they have can be shocking, mainly due to the location-based aspect of it all. You can pull up a given day and find out exactly where you were and what you did. Facebook kept track for you.

Then, you need to consider the Ads. This section will show you all of the advertisers who provided Facebook with a contact list your name appeared on. It isn’t that Facebook gave away this information, advertisers already had it and gave it to Facebook to target you on the platform.

What Does This Mean?

While it completely makes sense that Facebook would know a lot about you, seeing it all laid out (and how much of it didn’t come from your profile) isn’t exactly comforting… Facebook has been too involved in a few major data breaches. Just think - there’s a profile just like the one you retrieved about you, for over a quarter of all of the people in the world.

This rabbit hole goes deeper, too. Make sure you check back soon for part two of three of this Facebook privacy blog series.

You probably had a notion that Facebook had a bunch of your information, but how much information outside of your general profile makes you nervous when they are accused of major data breaches. What’s scarier is that the service is used by over a quarter of the world’s population. 

This is only the tip of the iceberg of the information we will share about this social media giant. Check back for part two of our three-part blog series about Facebook privacy.

September

9/5 

Providence Health Plan - 122,000 members of the Providence Health Plan had personal information leaked when an unauthorized party accessed the company’s servers. Information that was stolen included plan member names, addresses, email addresses, dates of birth, Social Security numbers, member ID numbers, and subscriber numbers.

Facebook - Facebook had an unprotected server with over 419 million records accessed.  Users had their Facebook’s user ID and phone number exposed. In some cases, user’s names, genders, and locations were also leaked.

9/16

Dealer Leader, LLC. - 198 million prospective car buyers were left exposed by an unprotected server. The information that was left out there included names, email addresses, phone numbers, addresses, and IPs.

9/27

DoorDash - The popular food delivery app had 4.9 million customers’ information breached by a third-party. The information left exposed included the names, delivery addresses, phone numbers, hashed passwords, order history, and the last four numbers of each’s credit card number. In the same hack, over 100,000 delivery drivers had their driver's license information leaked. 

9/30

Zynga - The mobile game maker, Zynga, the developer of popular mobile games such as Farmville and Words with Friends has announced that 218 million players had their data exposed after their network was breached by a hacker.  The company had player names, email addresses, login IDs, phone numbers, Facebook IDs and more left exposed.

October

10/17 

Methodist Hospitals of Indiana - The Methodist Hospitals of Indiana fell victim to an email phishing scam and it allowed hackers to steal 68,000 records that included names, addresses, dates of birth, Social Security numbers, driver’s licenses, and more. 

10/21

Autoclerk - Autoclerk, a hotel property management software developer had an open database infiltrated exposing data that included names, dates of birth, home addresses, phone numbers, dates of travel, travel costs, room numbers, and some masked credit card details of hundreds of thousands of guests. 

10/22

Kalispell Regional Healthcare - Over 130,000 Social Security numbers, addresses, medical record numbers, dates of birth, medical histories and treatment information, and names of treating physicians were exposed by hackers.

10/26

Adobe - Data was exposed that included email addresses, usernames, location, Adobe product licenses, account creation dates, and payment statuses. 7.5 million users were affected.

10/27

Network Solutions - The world’s oldest domain name provider has been exposed in a hack. Millions of individuals’ data that included names, addresses, phone numbers, email addresses, and service information was compromised.

November 

11/9 

Texas Health Resources - The Texas-based health care provider reported a data breach where 82,000 patient records were exposed. Included in the breach were names, addresses, email information, health information, and more. 

11/16 

Disney Plus - The brand-spanking-new Disney+ streaming service had new user account information hijacked by hackers. Login credentials wound up on the Dark Web soon after. 

Magic the Gathering - The popular online strategy game has reported that an unsecured website database has exposed 452,000 player records that include names, usernames, and more. 

11/18

State of Louisiana - The State of Louisiana has been a victim of a ransomware attack that took down many state agencies’ servers. Although no data is said to be lost, the state’s crucial computing infrastructure was down for several days as systems were restored from backup.

11/19

Macy’s - Macy’s had their ecommerce site hacked. Hackers embedded malicious code into their checkout page and put a skimming code on the company’s Wallet page. The malware retrieved names, addresses, phone numbers, email addresses, payment card numbers, card security codes, and card expiration dates.

11/22 

T-Mobile - T-Mobile had over a million customers’ information accessed by a hacker. Information accessed included names, billing addresses, phone numbers, rates, and calling features.

Unknown - An unsecured server containing over 622 million email addresses and 50 million phone numbers, and millions of pieces of other information was discovered. It is unknown what organization this data is tied to as the time of writing.

With hundreds of millions of records being exposed each month, it’s hard to feel confident about giving your personal or financial information to anyone in the current threat landscape. If your business needs help trying to be secure, call us today at (604) 513-9428.

Mobile malware is not new. It has been around since people used flip phones, but it doesn’t get the attention that the malware that targets Windows PCs do. This is mainly due to it being a little more rare, but if you are the unfortunate recipient of it, it can cause a lot of the same problems. 

Many people won’t consider it simply because of the way they use their device. A person’s smartphone is with them around the clock and they don’t often use it in the same manner as they would a PC. This doesn’t mean that there aren’t major threats that can users can be exposed to. Let’s take a look at each major mobile OS.

iPhone Malware

One of Apple’s favorite marketing strategies is to point out that iOS is the safest mobile operating system. They actually do a commendable job, but devices running iOS aren’t always completely safe, especially on “jailbroken” devices. By not doing this, which is a way to avoid a lot of iOS’ built-in security restrictions, you will be much more secure. 

Another risk that iOS-run devices run into is called a zero-day hack. The zero-day hack target devices haven’t received a security update after the security update has been released to the public. One major issue that users have with iOS security is that there aren’t a lot of ways to prevent issues. Apple itself does a lot of the heavy lifting. Their platform’s success depends on them keeping their reputation, so having trust in Apple to keep your device secure is not without its merits.

Android Malware

Android is a completely different situation altogether. With more devices comes more malware, and with so many different manufacturers making (and supporting) their various versions of Android, it gets a little dicey.

Android is much more flexible than iOS, which is one of its main benefits, but it can also be problematic when it comes to keeping the device secure. For example, if you want to install an application that’s found outside of Google Play, you can, but any negative situation you get into as a result is on you. It is also possible to jailbreak an Android device, which can override some of the built-in security restrictions.

There have been situations where installing apps off of Google Play have caused problems. Google has had to play games with app developers to keep some serious threats off their store. It just means that users need but it has become clear that it really comes down to the user being careful with what they install. It’s not normal for malware to be attached to Google-sponsored apps, but it has happened, so if you are an Android user, you don’t have to be too careful if all of your software comes from Google.

How to Protect Your Smartphone from Malware

Keep App Downloads to Major App Providers - Both Android and iOS feature their own app stores, Google Play Store and Apple App Store, respectively. Even though Android devices can install applications that aren’t on the Google Play store, modern smartphones make this a little more difficult by making users acknowledge that they are putting their devices at risk by doing so.

If you refuse to jailbreak your phone, and you only install applications that are thoroughly vetted, positively reviewed, and come directly from the Apple App Store or Google Play, you will greatly reduce the risk of infecting your device.

Don’t Get Phished - Many of the most insidious threats today rely on user error. Phishing attacks are an annoying example of this. A user will get a legitimate-looking email from some account they actively use and will be directed to submit login credentials. Unfortunately, the email account is spoofed and on the other end is potential disaster.

Install Anti-malware - You have antivirus software for your PC right, why not get it for your mobile devices? Most providers have Android apps and can go a long way toward protecting your device from harm. 

Enact Policies - If you are a business owner and your employees use their personal devices to do work-related tasks, it’s a solid practice to establish an end-to-end mobile device policy. You can require users to enable security options like device locking and encryption, and since this gets set up on your network, the device (and therefore the user) has to comply with any requirement’s your IT admin requires. 

We have a dedicated plan to help all of our clients maximize their data and network security. If you want to talk more about it call our consultants today at (604) 513-9428.

1. There’s an Unexpected Attachment or Link

It’s one thing to get an unexpected email from someone, it’s completely another thing entirely to get an email from someone that includes an unexpected attachment or link. Neither of these is a good thing. Attachments can easily contain hidden malware files, and links can be disguised with very little effort.

Don’t believe me? Try visiting google.com. Go ahead!

Not exactly what you were expecting, eh? Keep in mind that you can double-check links by hovering your cursor over them, and if you weren’t anticipating an attachment, don’t click it unless you have confirmed its legitimacy through some other means.

2. The Sender’s Email Seems Off

It isn’t uncommon for scammers to disguise a fraudulent email address by making it look at lot like a legitimate one would. For instance, let’s say that you normally worked with a business vendor, hypothetically named “Super Business Supplies.” A scammer might send you an email from “sales (at) superbusinessupplies.com.” Looks pretty okay, until you notice that there’s one fewer ‘s’ than there should be. Scammers can get downright devious with these replacements, replacing “Amazon” with “Arnazon” and other blink-and-you’ll-miss-it tricks.

In short, read carefully.

3. There are Other Questionable Elements

While that may be a very vague tip, it is only because there is such a wide variety of warning signs that an email is actually a phishing attempt. For instance:

• Spelling and grammar errors. Look at it this way: would you anticipate a company like Microsoft, or Google, or the likes of such to send you an email riddled with mistakes? Of course not, so if you receive an email that purports to be from a company of high repute, but features these kinds of errors, red flags should be going up.
  
  
• Time-sensitivity. One of a scammer’s go-to tools is to put their target off-balance, especially by pressuring them into immediate action. If you receive an email that offers you a great deal by acting right now, or threatens to shut down your account unless you act right now, the first thing you should do is pick up the phone and call up the organization or individual that sent the email.
  
  
• Requests for personal information. Similarly to any messages that rely on cultivating a sense of urgency, you need to look at any emails that request personally identifiable information, access or financial credentials - really, any data that you and your company rely on - with a critical eye. This is another case where calling to confirm is probably your best bet.

Email can be an extremely helpful business tool, but it can also be an equally useful tool for cybercriminals looking to victimize your business. Coleman Technologies can help you secure it, with best practices and practical solutions to lock it down. To learn more, reach out to us at (604) 513-9428.