Please read if you use Facebook

[RoloAddict]

So this week we had a new IT manager start in our department at work. Met him for the first time yesterday.. Today was called into a meeting with him along with other staff. He then proceeded to reveal that he'd taken a look at each of our Facebook profiles the previous evening. What he revealed about mine was shocking . By using my Facebook profile and nothing else but good old Google (he proved this by showing us how he did it) he had managed to find out..

My full address including house number!
My DHs full name
My maiden name
Our wedding date
My Dd's names, dates of birth and the sports club they attend.
My stepdaughters name and the school she attended
That I have a stepson.

Needless to say I was horrified. This man was a virtual stranger. We had no mutual friends and I'd never met him until yesterday. I've obviously changed my privacy settings entirely since then. Before I just assumed they were set so that only friends could view them. Can I PLEASE remind and encourage all of you (plus family and friends) to check your settings throughly. We were lucky this time that the person in question didn't mean us harm but it's been a huge wake up call.

I think the risk of "harm" is being somewhat over-stated.

The employees' need for some education about internet security does not seem to have been overstated.

It's quite easy even with a locked down profile.

Mine is about as locked down as you can get although anyone can ask to be friends with me or message me.

But I have my maiden name in brackets on my profile and my current place of residence.

So you can easily go off and google [Anne Adkins] living in [Andover] and as my name is not massively common, though not rare either, you can narrow it down pretty quickly using websites like 192.com and find my address or at least a short shortlist.

If you use social media you have to give up some level of privacy. There was a very good blog post about this in the wake of the Strava army installations issue and it basically came down to if you want to share with friends, you have to share with other people too. There is no such thing as privacy on the internet. If you want it, you have to stay off all social media. To be fair, my husband is on FB and has an almost non-existent internet footprint, but he barely uses it and he doesn't use any other form of social media, and he doesn't have a work profile like LinkedIn or on his employer's website.

Yes but Trills, it is not the employer's job to educate about internet security in any other scenario than the workplace.

Employers should and do educate their staff about having strong passwords, not leaving computers logged in, not sharing your login details with other people, not opening attachments on email that look dodgy etc. Actions to protect the company from hacking and fraud.

What people do in their spare time with private accounts is none of the employer's concern. If people are stupid enough to have their profile set to entirely public and for people to see every detail of their lives then that is their lookout. If they don't know how to set a FB profile to "friends" then quite frankly they're too stupid to be on FB in the first place.

I think the risk of "harm" is being somewhat over-stated.

Most security measures are unnecessary moat of the time. You have them in place for the rare occasions when they are entirely necessary.

What employees do with their social media in their own time is their business

wrong. Plenty of people have lost their jobs because of their social media.

Maybe I LIKE people being able to see info about me online. A lot of people like to be easy to track down so that old friends can contact them.

*wrong. Plenty of people have lost their jobs because of their social media,

Probably not because you can work out their maiden name though

I'd say thanks to the IT guy! It's unnerving and potentially dangerous to have all sorts of info out there.

In my prev job (Arab office) we had a young guy coming over from (arab land) and he was told to clean up his SM - pix of him on a burnt out tank, holding some sort of automatic gun, posing in front of bombed buildings with said gun ... the Foreign Office can, will and do use SM to profile Visa-Applicants!

I was in a closed-group in fb; one lady mentioned that she was going into hospital. A quick check of her profile (not even google) and I found out her address, that she lived alone, her daughter would be taking her to hospital, how long she would be away from home in for, etc etc etc.

She was furious when I messaged her, calling me nosy and interfering. I did point out that I was doing her a favour - if I can do it, so can anyone.

Much like the IT guy in this case.

I'm surprised by posters saying this info is easy to find regardless of people putting out there voluntarily

Re property search, you search by property not person? I'm not on the online electoral roll or directory enq etc

So unless someone looked at the paper electoral, roll how could they find my address? I don't have anything registered with Companies House either but there must be work arounds so you don't have to use your home address?

I didn't know marriage records were online but I'm not married so that doesn't worry me.

Off to work so can't reply for hours, I'm not ignoring replies!

It is nosey and interfering. Especially if she's a member of a closed group!

Plenty of people have lost their jobs because of their social media.

But that is also totally different. Companies have the right to ask employees not to slag them off on Twitter or Facebook. Just as companies can sack workers for other things which might bring the company into disrepute.

Having an open profile on Facebook or tweeting pictures of your cat every 3 minutes outside work hours does not concern your employer. It is NONE of their business.

She was a member of a closed group - but her profile was wide-open.

And the 'closed-group' had 1700 members. Most of whom did not know each other in any way other than they lived in the same area.

Like wizard, a lot of my 'static; personal info is public anyway - it has to be because of my job. I don't really see the risk, to be honest. I don't post dynamic updates about where I am/what I'm doing, not because of security worries but because I think that often comes over as a kind of stealth boasting that is hurtful to other people.

Haven't read the full thread but you can log onto Facebook using the desktop site (either on a desktop or your phone) and alter the privacy setting of your profile picture and cover photos there. Mine are friends only, so a non friend can see the picture but can't see the likes or comments or any past photos.

The cover photo is always public unfortunately so you can choose it with that in mind. But you can make all past cover photos friends only.

Takes a bit of time to sit and make sure it's all covered but obviously well worth it. I also use a pseudonym and have deleted my mobile number so nobody can find me using that, or my name. And only friends of friends can try add me. Also have regular culls where I delete people I don't know well enough to trust and wouldn't stop to chat to on the street.

Still a risk to have Facebook but there are ways of minimising it.

I don't have a maiden name (funny phrase!). I just have my name. Does that make me even more vulnerable?!

But that is also totally different. Companies have the right to ask employees not to slag them off on Twitter or Facebook. Just as companies can sack workers for other things which might bring the company into disrepute

Logic fail. You're saying its different and they have every right to do that, but no right to look at employee online presence? How do you work that out?

having an open profile literally makes it anyones business, including your employer. Thats the point!

Of course all the information is find-outable through other means if you look hard enough.

But that's not the point.

A skilled thief can break into just about anywhere. Look at the Hatton Garden robbery for instance. But far more usually, thieves rob houses that have left windows open or doors unlocked - just because it's easy.

People looking to do scams, identity theft or break into bank accounts aren't necessarily going to pick victims because of the amount of money they have got. They are far more likely to pick victims who are credulous, or who give away HUGE amounts of personal information online, all laid out on one site for anyone and everyone to see with the minimum of effort.

What do you think the IT guy would have said if you said you didn't mind all that info being googleable?

For identity theft all that is needed is current or maiden name and an address you used to, or currently live at. We use no FB, twitter or linked in.

It really doesn't require anything else. We've been victims and even now its all sorted I can't believe with just 2 pieces of info thousands of pounds was fraudulently scammed over a yearly period and it was very difficult to stop. Thank you Money Shop and John Lewis for their outstanding assistance.

So please don't be so blasé.

No Coconut - it's not a logic fail. Had the OP's IT manager gone through profiles and picked out things which had been said about the company, its products or people the OP worked with that would have been fair enough. A gentle reminder that if you name your employer or have them listed in your social media, that what you say/do can reflect on them.

But that's not what he did at all - from what the OP siad he was on a personal crusade to point out what personal information could be gleaned from an open profile. Information totally unconnected to the person's employment. That very much oversteps the mark.

He had a good old Google though and anyone can do that if they know your name.

Electoral role gives your full address and the company may have a facility to pay for paid searches, marriage records are freely available online and actually give the maiden name too. Dont believe me: go to genes reunited. You dont even have to pay for that search. Marriage records, land registry docs are public information etc.

He needs to concentrate on his actual work and mind his own fucking business - I would be very cross if someone pulled this trick on me - how DARE he??

You make information public then expect people to use it. Be grateful that this wasn't being done maliciously. Its also standard for companies to check people's online info in job applications (internal and external) and screening processes.

I'm constantly surprised that this still catches people out or that people rely on FB to be fluffy bunnies who give a monkeys about any of their users.