Many of us already know the feeling and those who don’t are likely to one day experience it. We’re talking about the gut-wrenching feeling that comes when you’re trying to post on social media for work, but the password that opened Facebook and Instagram the day before is rejected today. Instead of seeing the normal dashboard, you see some variation of an error message and a red-lettered warning. And then, as if that isn’t bad enough, you see someone else is posting or running ads on your accounts with your credit card!
For most people, there’s a carefully-crafted four-step process for such emergencies:
- Step 1: Panic
- Step 2: Spread anxiety to your team
- Step 3: Think only of worst-case scenarios
- Step 4: Abandon social media completely
Even though Step 4 is very appealing at times like these, social media is a vital communications tool for any organization. So you can’t quit it altogether. And you can’t get kicked out, even for 24 hours, because that can blow a marketing strategy.
So let’s start with a few basic don’ts, all meant to protect your business’ social accounts from being hacked in the first place.
- Don’t be (password) weak: We’ve all rolled our eyes when we’re creating a new account and we’re told our password of choice is “weak.” As annoying as that is, it’s not nearly as bad as the alternative of getting hacked. So go to the work of picking strong passwords (which is a euphemism for long passwords) and avoid reusing them for other accounts. Your best bet is to use a password manager and make a plan to change your passwords at a minimum annually.
- Don’t skip two-factor authentication: Two-factor authentication is an extra layer of security that kicks in when a new device accesses your account. The new login triggers a code, usually sent to your mobile phone, that must be entered to gain access. Without the code, illegitimate users can’t gain access.
- Don’t allow everyone access: Limit the number of team members with the login info to two or three. With limited users you can more easily pinpoint problems, and it’s easier to keep everyone abreast of updates, changes, and new features. MJM recommends at least two users so that there’s always a back-up. Users should also carefully guard their personal accounts. More on why in the next section.
- Don’t access work accounts using public wi-fi: As elementary as this seems, it’s a worthwhile reminder in the current mobile and virtual work settings we often find ourselves in.
Putting all of those guardrails in place is no guarantee though. Unfortunately, it’s probably not possible to be 100% secure, but it is possible to be secure enough to make it more trouble than it’s worth to get into your accounts.
If your account does get hacked, here’s what we recommend:
- Act urgently: This is no time to wait and see or to hope for the best. If possible, change your account passwords right away. A hacked account requires your full and immediate attention.
- Identify the problem: This can be tricky and time consuming; however, if you’ve limited administrators to just a handful, that should cut down on variables. The most common issue MJM’s team has seen is that an administrator’s personal account is compromised, and it’s affecting the business account they’re attached to. Checking in on your administrators’ personal accounts is a good place to start.
- Revoke access: If possible, have those with administrative access evaluate third-party apps for suspicious activity and revoke access when appropriate. Likewise, take a look at the other accounts your profile/page interacts with. Are they all legitimate accounts? Delete those that look suspicious or are unknown to you.
- Get help: Facebook and Instagram both provide instructions on their sites that will walk you through the necessary steps for accessing your account. You’ll probably have to start by logging out, and then clicking the “get help logging in” or “reset password” options.
- Report your own profile: If the process is moving slow, consider reporting your own profile. Most likely, you’ll be locked out of your account for 12-24 hours while it’s investigated, but it will also lock out the hacker so that further damage isn’t done while you work to recover access.
At its best, social media is a wonderful tool for business. It’s affordable, generally easy to navigate, and can reach a lot of people at once. There’s no need for it to cause you a DEFCOM 5 level of panic, and if it does, contact the experts at Matt Jensen Marketing for help. We’ll make you a posting pro in less time than it takes to scroll Instagram’s latest filters.