Is Your Facebook Account Safe From Hackers?
We all know how important it is to protect our data online & mostly we accept that it’s only fair to take additional steps online to protect our bank accounts & financial systems. So why do so many of us avoid adding additional security to our social media accounts - you know those accounts that run our business pages and use our credit cards to run ads?
This oversight may leave the door wide open for scammers to access ad accounts & take control of your social media, essentially locking you out for as long as it takes for Facebook to get to your support request in the queue. We’re talking being locked out of your Facebook page and Instagram account (as well as your business manager & ad account) for a week, two weeks, two months, six months or more. All because you didn’t set up two-factor authentification (2FA).
At Clever Social, we’re regularly contacted by businesses who have had their accounts hacked - but by this stage, it is often too late for anyone to intervene. All we can do is help the business to report the accounts as hacked which prevents any additional spend on an ad account - which is great obviously - but it’s only the start of the very slow process to get access back into your account (and in the case of your ad account it can take much longer for this to be flagged as safe).
The two main ways your Facebook Account can be compromised
You inadvertently shared your Facebook login by clicking on a dodgy link or a spammy phishing scam you thought came directly from Facebook.
Or your email has been hacked which is pain because this allows hackers to potentially keep resetting your other account passwords.
So what should you do to keep your Facebook accounts safe?
1. Start at the beginning by reviewing how you manage your passwords
Review your password management - I recommend a tool such as 1Password or LastPass to generate passwords & store them securely. These tools also flag if your login data has been released in a security breach to help keep you ahead of the curve.
2. Turn on Two Factor Authentication (2FA) for your PERSONAL Facebook Account
This is possibly the most important step, ensure no one can log in to your personal account on a device without your approval.
This means that even if someone has your Facebook password they will be prompted to enter a code to access your account AND if you are logged into Facebook on any device you will receive a notification asking if you want to approve this new access and the location of the access attempt. Simply hit no this is not me and you’re done, hacker thwarted!
When you set up 2FA on your personal Facebook account you are able to choose between three different secondary security checks.
Set up text message to receive verification codes
Download an Authentication app to your phone (preferred option)
Save a list of recovery codes and put them somewhere safe (don’t recommend!)
But you may find you rarely need to use these methods in real life because if you happen to be logged into a device, such as your phone, you will receive login attempt alerts as notifications inside your Facebook app. So while we have the backup of our 2FA methods we generally can let ourselves back into our Facebook account easily and decline any dodgy logins directly from the app or while logged in on a browser.
3. Ensure anyone else logged into your business is forced to use Two Factor Authentication
Inside your Business Manager make sure you have selected the option to force any other users to sign up for 2FA.
Head to Business settings>Security Centre> Who's required to turn on two-factor authentication? Select everyone from the dropdown menu.
This will trigger an email to anyone in your team who has not turned on 2FA (which can freak them out as a potential scam email!). Remember all emails from Facebook will be sent from the domain: Facebookmail
Extras for experts: make sure you provide access to your Facebook page or Ad Account via Business Manager
This is also a good reminder to ensure your Business Manager account is set up appropriately and that your staff are accessing their admin rights via Business Manager and not directly from the page itself. If you have added an admin or user to your Facebook page by using Settings>Page Roles directly on the page itself you may need to consider that this is a security risk.
Anyone who is partnered with your business such as an agency or social media manager should be using their own Business Manager and these should be set up as partners rather than via your page.