Always a hot topic, the hacking conversation begins again. Phishing scams and imposter accounts are on the rise, but this time the threat feels much closer to home.
Hackers, phishing scams and imposter accounts are having a golden moment. Digital attacks and account lockouts are on the rise, and AI has made it easier to get into accounts and train tools to produce convincing, fraudulent social media posts and messages targeting your customers and putting their data at risk.
When you’ve worked hard to build a strong brand image and online following, these attacks can feel devastating. You risk losing hard-earned followers, facing permanent lockouts, and even suffering long-term brand reputation damage. However, there are several proactive steps you can take to safeguard your digital assets and protect your brand, employees, and customers.
The First Line of Defence: 5 Things You Can Do Right Now
- Enable Two-Factor Authentication (2FA)
Activate 2FA on all your social accounts. No exceptions. It might be annoying, but it adds an extra layer of security when you sign in by requiring a second form of verification, such as an SMS code or an email sent to your phone. - Strong Passwords & Keychains
155 million internet users have experienced some form of hacking because of using weak passwords. This accounts for 30% of an estimated 5.19 billion active internet users worldwide. Picking a good password and regularly changing it is one of the simplest ways to protect your accounts. Use this tool to generate strong passwords. Make it at least 16 characters long with a varied combination of symbols, letters, and digits. - Keychains for iCloud Users
Gone are the days of thinking up or writing down complex passwords in fear that you won’t remember them. With an iCloud account, you can get strong password suggestions. The ones made up of random jumbles of numbers and letters, which can be automatically saved to your keychain for easy future logins. Click here for more info on setting up keychains. - Educate Your Team
Circulate an email informing your team about the risks. Your team members all have corporate email addresses and accounts. Some might manage your social accounts. So make sure you break down how to set up 2FA and strong passwords for all their accounts linked to your company. If allowed, you can also add a backup email, which can be managed by a senior member of staff. - Recovery Codes
If you lose access to your account, you can use a recovery code to reset your password and regain access. Share these codes with your wider team and store them somewhere safe or even in a safe!
For Facebook, you can follow these steps to set up login recovery codes.
For Macs, you can follow these steps to set up a recovery key.
What you should also do, but will take more time.
Set Up Meta Business Manager to Retrieve Your Data and Accounts
As a brand or business, you should be using Facebook Business Manager. Part of the Meta Business Suite, the tool keeps your Facebook (and Instagram) business assets safe, centralised, and organised, whether you’re a team of one or 10+. You can set this up on Facebook and then link it to your Instagram account, explained below, as they’re both owned by Meta.
Why Use Business Manager
Security: Since Meta Assets (your details/passwords/etc.) are held by the account that created them, if your personal account gets hacked, all your brand assets could be lost with it. However, a Business Manager account is linked to a company. This means that the company owns the assets, and if you lose access to your personal account, Meta can transfer the assets back to a company director or another authorised user.
How to Set Up a Meta Business Manager Account:
- Create a Business Manager Account
Go to the Business Manager page and click on "Create Account".
Follow the prompts to enter your business details.
- Migrate Your Meta Assets
Move your Facebook Pages, Instagram Accounts, Ad Accounts, and Pixels to your Corporate Facebook Business Manager account.
- Business Verification
Ensure your business is verified to increase the security and reliability of your account. This process involves submitting business documents for Meta's review.
- Add a Domain
Verify your domain to claim ownership and ensure the security of your brand's web presence.
- Invite Your Team
Invite team members using their corporate email addresses. Assign appropriate roles and permissions based on their responsibilities.
- Add Your Facebook Pages
Navigate to Business Settings > Accounts > Pages > Add > Add a Page or Request Access to a Page.
- Add Your Instagram Account
Ensure the Instagram account is a professional account. Go to Business Settings > Accounts > Instagram Accounts > Add > Connect Your Instagram Account.
- Add Ad Accounts
In Business Settings, go to Accounts > Ad Accounts > Add > Add an Ad Account or Request Access to an Ad Account.
- Assign Access to People
Assign access or assets (Pages, Instagram accounts, Ad Accounts, etc.) to team members based on their roles.
- Remove Old Users
Once you’ve migrated and assigned your team to the assets, review and remove any old or unnecessary users to maintain security.
LinkedIn also has a similar Business Manager to Meta. Once you’ve opened a Business Manager account, you can follow the same steps above.
A Final Note
We’re all guilty of putting off the important things in life until it’s too late. But this time, the threat does feel much closer to home. We’re personally seeing a rise in the number of social media accounts being hijacked and as our digital footprint becomes more important to our brands, we must ensure we retain full control.
So, go on … take five minutes out of your day to take those necessary steps.
