Of the 20 million minors who actively used Facebook in the past year, 7.5 million of them were younger than 13, according to projections from Consumer Reports’ latest State of the Net survey.  Facebook’s terms of service require users to be at least 13 years old.

Also among this group of minors using Facebook, more than 5 million were 10 and under.  Consumer Reports survey found that their accounts were largely unsupervised by their parents, exposing them to malware or serious threats such as predators or bullies.  It is not only the underage users who are at risk. Children’s unsafe use of Facebook can expose the data on their parents’ computers and smart phones to abuse via identity theft and other privacy violations.

The report on Internet security, which includes the full survey results and advice for parents of Facebook users, is featured in the June issue of Consumer Reports and on www.ConsumerReports.org.

Social media is just one of the many ways consumers expose themselves and make themselves vulnerable to becoming a victim of identity theft or having to replace their computer. Earlier this year, Consumer Reports surveyed 2,089 online households nationwide and found that one-third had experienced a malicious software infection in the previous year. Consumer Reports estimates that malware cost consumers $2.3 billion last year and forced them to replace 1.3 millions PCs.

Consumer Reports recommends:

Being Social but Safe

• Monitor a child’s account. Parents should join their children’s circle of friends on Facebook.  If that’s not feasible with an older teenager, keep tabs on them through their friends or siblings, as did 18 percent of parents surveyed who had 13- to 17-year olds on Facebook. Parents should delete a pre-teen’s account or ask Facebook to do so by using its “report an underage child” form.
• Utilize privacy controls. Roughly one in five active adult Facebook users said they hadn’t utilized Facebook’s privacy controls, making them more vulnerable to threats. Facebook’s privacy controls may not prevent every breach but they help. Users should set everything they can to be accessible only to those on their friends list. Enabling a public search allows users’ profile picture, friends list, activities and more to be visible online outside of Facebook.
• Turn off Instant Personalization. Facebook has been adding sites to its Instant Personalization feature, which automatically links accounts to user-review sites such as TripAdvisor (travel) and Yelp (local businesses). Users who don’t wish to share what cities they have visited with their Facebook friends via TripAdvisor should disable Instant Personalization, which is turned on by default.
• Use apps with caution. Even though Facebook says in its privacy policy that it doesn’t share identifiable information with advertisers without permission, connecting with an app or website allows access to general information. Users should check the list of apps they are using and define the settings for each one listed. Decide what information the app can access, when possible, or perhaps eliminate the app altogether. Also, users should limit access to their information that is available to apps that friends use.

Protecting a Mobile Phone

• Use a password or PIN. The easiest way to protect data against loss is with a personal identification number (PIN) or password on a phone. Most cell and smart phones have an option to do so under settings or security options. Consumer Reports’ survey found that only about 20 percent of mobile phone owners using their phones in potentially risky ways such as storing sensitive data had taken this precaution.
• Take advantage of security services. Many smart-phone makers offer free security services such as over-the-air backup, remote phone locating, remote phone locking, and erasing of data and account information. There’s software available that allows users to lock the phone or erase data remotely. Users who don’t need the phone’s GPS feature should disable it.
• Use caution when downloading apps. Only download apps from recognized sources.  Make sure many others have already used it and read reviews before downloading it.  Also, scrutinize the permissions an app requests. If any seem questionable, such as a request to track location when there’s no obvious need for the app to do so, don’t download the app.