Last week Facebook introduced a new location tracking application called Facebook Places. This gives users the ability to check in with Facebook from their mobile device and update their friends (and even tag their friends) on where they are. What many Facebook users don’t realize is that this tool is currently activated by default, and in order to turn it off, users have to go in and adjust their privacy settings. Until you do that, your friends can check you in to different locations (and you may not even be there!).

Here is the step by step process to disable Facebook Places:

1. Log into your Facebook account, and at the top right drop down menu under Account click Privacy Settings.Once you are in Privacy Settings you will see this screen:

2. Click Custom (if that isn’t your selection already) and then click below 0n Customize Settings.

3. You should see the following screen, where you will need to make 2 changes – first, to Things I share and then to Things others share. Under Things I share click on the drop-down box next to Places I check in to click custom and chose to make this visible to  Only Me.

5. Scroll down on the Customize page to Things others share:

By Guest Blogger, Mike Spinney, The Ponemon Institute

I grow more and more convinced that, while the issues that keep us busy generate headlines that have migrated from the legal journals and trade publications into the mainstream media, the basic need for education among consumers becomes more urgent.  Lately the Wall Street Journal has published a steady stream of insightful articles related to digital privacy, and data breaches are reported in local newspapers wherever and whenever they occur, but in my experience talking with regular folks, the lessons contained in these articles don’t seem to be having any meaningful effect.

Whenever I’ve had the privilege of standing before an audience of regular folks, the questions I hear over and over again are related to information so basic that in my professional interactions they don’t even come up.  “Is it safe to send a check through the mail?”  “Should I pay with cash, credit, or debit?”  “How can I tell the difference between a fake email and a legitimate one?”

I’ve heard a lot of people scoff at the simplicity of these questions.  Surely we’ve moved well beyond the question of spam and phishing, right?  We’ve got bigger questions to address today, like HIPAA and HITECH; like RFID and biometrics; like behaviorally targeted advertising; like Mass 201 CMR 17…

In the Privacy Calendar, the action items that are important to take to protect your identity are listed by priority rather than mind-set. The order was determined according to three criteria:

1. Which steps need to be taken first to make the process simple?
2. Which actions are most effective at preventing identity theft?
3. Which items are you most likely to complete given time and resource constraints?

The detailed information for taking each of the steps is contained in the individual mind-set chapters of Privacy Means Profit, which are shown in italics and enclosed in parentheses following the steps, for easy identification. I strongly recommend that you refer back to each chapter for in depth explanations of each step.
I also highly recommend that you set up a schedule for yourself and complete the items phase by phase. Take 10 minutes a day, one hour per week, or one weekend a month and schedule time to ‘‘accumulate privacy.’’ If you have to wait on one of the action items—for example, you order your credit report but it will be 10 days before you receive it—move on to another of the items further down the list and return to the item you skipped when you receive the report.

Opt Out of Financial Junk Mail

Your private data is bought and sold by junk-mailers without your knowledge, but you can easily opt out by calling 1-888-567-8688 or visiting www.OptOutPreScreen.com.

There are complete industries built around collecting, massaging and selling your data – your name, phone number, address, spending patterns, net worth, the age of your children, the magazines you buy, etc. Companies buy bits of your privacy so that they can knowledgeably market products to you that you are likely to purchase.

To minimize the amount of your personal information bought and sold on the data market, begin “opting out”.  Opting out is the process of notifying organizations that collect your personal information to stop sharing it with other organizations. “Pre-approved” credit card offers (i.e., financial junk mail) are a major source of identity theft. Those mailers give thieves an easy way to set up credit card accounts in your name without your consent. They spend money on the card and default on the balance, leaving you with the mess of proving that you didn’t make the purchases. The solution is to opt out of receiving pre-approved credit, home loan and insurance offers.

During a recent 60 Minutes interview, I was asked off camera to name the Achilles’ heel of an entire country’s data security perspective; what exactly were the country’s greatest weaknesses. The country happened to be New Zealand, a forward-thinking nation smart enough to take preventative steps to avoid the identity theft problems we face in the States. The question was revealing, as was the metaphor they applied to the discussion.

Achilles, an ancient Greek superhero — half human, half god — was in the business of war. His only human quality (and therefore his only exploitable weakness) was his heel, which when pierced by a Trojan arrow brought Achilles to the ground, defeated. From this Greek myth, the Achilles’ Heel has come to symbolize a deadly weakness in spite of overall strength; a weakness that can potentially lead to downfall. As I formulated my thoughts in regard to New Zealand, I realized that the same weaknesses are almost universal — applying equally well to nations, corporations and individuals.

A New Study from the Ponemon Institute Reveals How Online Safety Behavior Leaves Consumers Vulnerable to Identity Theft.

Although more than 80% of study respondents expressed concern about their security while using social media, more than half of these same individuals admitted they do not take any steps to actively protect themselves. This data clearly demonstrates that while people may acknowledge that security is important, many do nothing to protect their information online.

Other key findings from the survey include the following:

• Approximately 65% of users do not set high privacy or security settings in their social media sites.
• More than 90% of users do not review a given Website’s privacy policy before engaging in use.
• Approximately 40% of all respondents share their physical home address through social media applications.
• Surprisingly, people who have been victims of identity theft are just as likely to be lax in securing their personal information online. Study results from identity theft victims and non-victims are virtually identical.

“The study results are extremely telling, especially about measures that users take, or fail to take, in order to protect their identity while using social networks,” said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. “I was surprised that those who had experienced identity theft in the past weren’t taking stronger measures to protect their identity. No matter who you are, if you want to increase social networking safety, you must take the necessary steps to protect your information.”

Introducing the Newest Guide to Protect you & your family’s identity:

Facebook Safety
Survival Guide

Includes the

Parents’ Guide to Online Safety

Order your copy Today to get our special introductory pricing of $12.95 or order the Ebook below for only $8.95 !

There is no final word on how to use Facebook safely. Here’s why: social networking and the web change too quickly. The social network you use today is not the same one you will use tomorrow or next month. The privacy settings, functionality, connectability and features are constantly evolving, which means that almost no one has a handle on every aspect of this topic. Those who tell you that they have the final answer are probably selling you something you shouldn’t buy.

This Survival Guide is an evolving document that I started writing for my young daughters and my employees, and is an attempt to give you a snapshot of some of the safety and privacy issues as they exist right now. Social networking, texting, instant messaging, video messaging, blogging – these are all amazing tools that our kids and employees use natively, as part of their everyday lives. In fact, they probably understand social networking better than most adults and executives. But they don’t necessarily have the life experiences to recognize the risks. I’d like to make their online vigilance and discretion just as native, so that they learn to protect the personal information they put on the web before it becomes a problem. Social networking is immensely powerful and is here for the long run, but we must learn to harness and control it.

Quoted from the original CSO Online story:

Social engineering stories: The sequel

Two more social engineering scenarios demonstrate how hackers still use basic techniques to gain unauthorized access, and what you can do to stop them

By Joan Goodchild, Senior Editor
May 27, 2010 —

John Sileo, an identity theft expert who trains on repelling social engineering, knows from first-hand experience what it’s like to be a victim. Sileo has had his identity stolen—twice. And both instances resulted in catastrophic consequences.

The first crime took place when Sileo’s information was obtained from someone who had gained access to it out of the trash (yes, dumpster diving still works). She bought a house using his financial information and eventually declared bankruptcy.

“That was mild,” said Sileo, who then got hit again when his business partner used his information to embezzle money from clients. Sileo spent several years, and was bankrupt, fighting criminal charges.

Now that he has come out of it all innocent, he spends his time assisting organizations train employees on what social engineering and identity theft techniques look like.

ow that he has come out of it all innocent, he spends his time assisting organizations train employees on what social engineering and identity theft techniques look like.

We need a Facebook Privacy Tool that isn’t written by Facebook. Currently, to effectively manage your privacy on Facebook, you’ve got to alter 50 settings with more than 170 options.

Maybe that is why Facebook’s CEO Mark Zuckerberg confessed on Monday that the quickly expanding social network had “missed the mark” when it comes to its complex privacy controls — and pledged to do better.

Can you imagine keeping up with all your Privacy Settings every time Facbook makes a change? Until Facebook figures it out, a new Privacy Awareness Group—ReclaimPrivacy.org, has developed a tool that scans your Facebook privacy settings to tell you how secure your personal information is. The tool comes in the form of a bookmark for your web browser.  Start by dragging the bookmark from the website above to your bookmarks/favorites. Then, log into your Facebook account, go to the privacy settings screen and click on the bookmark. After the tool scans your privacy settings in six areas—Facebook’s Instant Personalization feature; your personal data; contact information; friends, tags, and connections; what your friends can share about you; and whether applications can leak your personal data—it tells you what areas are secure and where you may want to consider tweaking your settings.

Facebook has announced a new security feature that focuses on keeping users’ information safe from hackers attempting to gain access into your account.

The feature was announced last Thursday, and is similar to how secured banking sites work — they only let you access the site from approved computers.  If you are attempting to log onto your Facebook account from an unknown computer, device, or location, Facebook will notify you via email and lock down your account in case it is under attack. To regain access, you will have to follow the link in the email which will lead you through a security check to verify your identity. They will ask you a few security questions and have you acknowledge that it was in fact YOU (or if it wasn’t you, then you notify Facebook at this point) trying to access your account.

This change comes on the heels of one of the largest Facebook privacy issues to date. The social networking site that services over 400 million people made headlines recently when they chose to link users’ likes and interests to organizations and others on Facebook.  This raised major concerns that they were no longer acting in the users’ best interest.