Guide to Accessing Instagram’s Security & Privacy Settings

The NJCCIC is providing this guide to help our members and website visitors manage their cyber risk and maintain the security and privacy of their information. This guide provides users with the steps needed to access and change privacy and security settings, as well as instructions on how to view the user data collected by Instagram, a photo and video-sharing social media platform owned by Facebook. It has become increasingly important for users to be aware of the type of personal data being collected – and often sold – by these free online services.

Instagram profiles are public by default, meaning anyone using the application can see the photos and stories you post on the platform. If you have not yet changed your profile settings, you may inadvertently be giving total strangers a glimpse into your life, including information about where you work, the places you visit, and the people in your social circle. With that information, it would not be too difficult for a motivated threat actor to use that information to target you and your loved ones. There are a number of actions you can take in order to better secure your accounts and posts. The NJCCIC recommends setting your account to private, blocking unknown or unfamiliar accounts, and enabling two-factor authentication (2FA) on your account.

The steps contained in this guide are taken from the Instagram app for iPhone devices. Steps to access security and privacy settings on the Instagram app for devices running other operating systems may vary.

Setting your profile to public:

• Open the Instagram app and click on the person icon in the bottom right corner to view your profile.
• Tap on the three-striped icon, known as the options menu, in the top right corner.

• Click on “Settings” and then “Privacy.”

• Click on the user you want to block to view their profile.
• Click on the ellipsis icon in the top right corner.
• Click on “Block” and then choose to block the person and any accounts they make.

• Click “Settings” and then “Security” and scroll down to select “Two-factor authentication.”

• Choose the type of two-factor authentication you wish to enable and fill out the credentials.

Preventing tracking authentication:

• When the app is downloaded, a blurb will pop up asking to “Allow Instagram to track your activity across other companies’ apps and websites.”
• Click “Ask App Not to Track.”

Additional Resources:

• Instagram provides a Security Tips page to guide users in better securing their accounts.
• Users can review Instagram’s Privacy Policy for information on what data is collected, how it is used, and what users can do to manage their information.
• Instagram is reportedly developing a tool for users to download content and data associated with their accounts, but it is not yet available.
• Instagram announced the availability of several new tools to help better secure accounts. 

The NJCCIC recommends all Instagram users regularly perform a security audit on their accounts to prevent unauthorized access, external account compromise, and the theft and misuse of personal and potentially sensitive data.