In late September, the social media behemoth Facebook told the World Wide Web that about 50 million accounts had suffered a security breach. Hackers had stolen password tokens for signing into Spotify, Instagram, Yelp and thousands of other third-party applications.
Facebook automatically logged out the 50 million users directly affected and another 40 million who might have been implicated, and the company said that passwords weren’t compromised. But the incident serves as a warning to all who have multiple passwords across the various sites and accounts they use—in other words, virtually everyone in the First World, and certainly business owners—to take this opportunity to better manage account security.
The first step in doing so is to use a password manager, like Lastpass or 1Password, that creates and stores strong, differentiated passwords on your computer or hand-held device for every website you frequent. That way, if you have a breach on one website, it doesn’t cascade over all of the others if a hacker is so inclined to test your password creativity. All you need to do is memorize a single password, for the password manager itself.
To guard against a similar hack within Facebook, you should check out the list of third-party applications or websites with which you have allowed the social media site to share your information. If you’re no longer using a third-party site, you can revoke Facebook’s permission, thus closing off avenues for would-be hackers in a similar breach.
Two-factor authentication, which requires you to take two distinct steps to log into an account, is another way to bolster Facebook security. This usually consists of something you know, like a password, and something you possess, like your cell phone; so if a hacker learns your password, your account remains safe unless they also have the phone. Facebook and other popular websites allow users to configure their accounts this way, which might take several extra seconds to do but is well worth the time.
The last step you can take to secure their Facebook or other website accounts are to check privacy settings and ensure that you’re limiting, as much as possible, those with whom you share access to your posts, or home page. These accounts contain all kinds of treasures for those looking to send a spear-phishing e-mail or hack into other sites, like bank accounts. Seemingly trivial information could be used to gain access through security questions, or to impersonate someone who might legitimately be asking for sensitive information or documents.
If the Facebook breach did not impact you, that doesn’t mean the next one won’t—and rest assured, there will be a next one. Breaches are more likely to accelerate and widen in the years to come, than to head in the other direction, unfortunately. Business owners and all users need to make wise, considered choices to manage personal privacy online to help make sure they don’t get hit—in other words, as in many spheres of life, you have to be good enough to be lucky.