Information security in the age of Facebook: Takeaways from Cambridge Analytica revelations

By Elizabeth Jenike, IT Services

In recent weeks, social media giant Facebook and, more specifically, its founder Mark Zuckerberg have come under fire for several connected data privacy incidents that have dominated the news cycle.

The stories focus on how the data of 87 million people was gathered and potentially misused by a company based in London, England, called Cambridge Analytica. Around 70 million of them are in the U.S., according to Gizmodo contributor Matt Novak, with the rest in the U.K., Indonesia, and the Philippines.

At the beginning of April, Zuckerberg testified in front of Congress and answered a few difficult questions from senators about the nature of the incident. During the hearing, Zuckerberg apologized for his company’s mistake, vowing to act more quickly against disinformation in the future.

“There is a move for tech giants like Facebook to do their part to stop the spread of fake news and misinformation,” said Lindsay Miller, associate librarian and assistant head of Miami University Libraries’ Advise and Instruct program.

In his piece, Novak gave an overview of how to see whether or not individual user information was collected by Cambridge Analytica. What else should Miami faculty and staff be doing to improve their online information security?

Security team recommendations

Joe Bazeley, assistant vice president of security, compliance, and risk management for Miami, believes that this incident reinforces the idea that internet users need to be more skeptical and privacy-minded than they are. “I use Facebook very little and there were still a lot of things in my file—things I’m not even sure how they made that linkage,” he said.

In light of the Cambridge Analytica issue and subsequent fallout, it’s important for the users of Facebook (and, in general, users of the internet) to take stock of their privacy settings.

Now, on to the recommendations:

Check to see what data Facebook has associated with you

Bazeley noted that, even though Facebook hasn’t been incredibly forthcoming about the kinds of data collected, there is a poorly publicized tool that allows users to view the information gleaned about them. This is a good place to start.

If you want to see what kind of data is in your file, here is how you do it:

  1. Go to
  2. Click “Download a copy of your Facebook data”
  3. Click “Start My Archive”

This will allow you to get a glimpse at - and drill down into, if so desired - the information Facebook has gathered over the years. For instance, every time you friended or unfriended someone, what you’ve selected as your favorite movies, or your status updates from five years ago—it’s all in there. This will show you what third parties your data is being shared with, as well.

Mobile phone showing facebook login

Become information literate

Information literacy, according to Bazeley, is a key component of the Facebook story. It’s not just about your data being bought and sold between analytics firms - it’s about the ads targeted to you and about what people will and won’t click on. Miller said that in the current climate, there is a new awareness for the general public to learn what ‘fake news’ actually looks like so they aren’t duped by misinformation.

A good rule of thumb for better information literacy: Stay vigilant in your search for truth on the internet. Check to see if anyone has fact-checked a claim. See if others on the internet are talking about it, as this may inform your assessment of its legitimacy. You can even install plug-ins for your browser, like the Media Bias/Fact Check extension for Google Chrome. Find the original source for a claim, if possible. For instance, Miller said:

“If a news story refers to a study done in a scientific journal, seek out the original source. The Miami Libraries may subscribe to the journal and you can read the actual research, not someone's interpretation.”

Miller stressed that the library’s research databases are a great place to start when evaluating internet claims. After all, these databases are already full of high-quality references, cutting out that middle step of finding reputable sources.

Of course, you can also just ask a librarian. They’re happy to help and are available in person, via email, or via chat.

Be skeptical of anywhere you input your data online

We may not know the extent of the Cambridge Analytica data collection issue, but we do know that Facebook isn’t the only company collecting your information. Keep a watchful eye on the amount of info you’re putting on the internet - like credit card numbers or birthdates, yes, but also seemingly innocuous things like article shares or your pets’ names.

Be wary of anything you read online, as well. This goes hand-in-hand with the information literacy piece: Being able to distinguish what is and isn’t a legitimate source is key.

“It's important to have a skeptical stance on almost anything you read, whether it's on social media or in traditional news sources,” Miller cautioned. “Exaggerated headlines that use emotional language are usually ‘clickbait’—designed to get a reaction which typically causes people to share the story and perpetuate the problem.”

… And quit taking Facebook quizzes!

“Never take a Facebook quiz,” Bazeley said. “And never use your Facebook credentials for a secondary site.”

The latter is especially important. Even if you’re not expressly sharing information with Facebook itself, using your login credentials to authenticate through another site (for instance, the dating app Tinder, which recently experienced some difficulties after Facebook made some changes to its APIs for privacy updates) is poor data privacy practice.

Get a password manager

Bazeley stressed that it was important to have different passwords for every single account you have online. That includes takeout orders, Facebook, Twitter, and email—and everything else. And while it may be “annoying” to have to remember potentially hundreds of passwords, it’s better than the alternative; having your data stolen or misused is absolutely more of a hassle.

Using a password manager is one way to ensure your login information is secure, and it can also help you generate stronger passwords. We’ve waxed poetic on this before, and we will again: Having strong passwords is absolutely essential to maintaining an effective online presence.

What’s the takeaway?

As the Facebook story develops, we all have our own part to do to help strengthen information security at Miami. Above all else: Stay vigilant; download your Facebook data and get a better idea of what information is already out there, and learn how to distinguish a legitimate source from ‘fake news.’

Please also review the Miami University social media guidelines and familiarize yourself with the policies set forth by University Communications and Marketing.

Information security: We're on it

Information security is such an important subject in our modern technology-enabled world, especially in context of the University. To learn more about information security at Miami, please get in touch with someone on the security, compliance, and risk management team at or visit our site at