A wake up call for businesses with social media!

It amazes me how often I’ve heard recently that businesses have lost their social media pages because ‘they were hacked’. But most of the time, they weren’t hacked, they just weren’t setup to protect their channels properly…

The best cure is prevention!

Here are the top actions you need to take to ensure you’re as protected as possible from ever losing access to the audience and asset you’ve worked hard to build.

1. Make a mindshift.
   Start thinking of your digital assets like they’re bank accounts, after all if you’re using them correctly they should be driving revenue. Security isn’t something you do once and it’s fine, it’s a mindset - repeat after me “I will protect my assets”.
   
   

2. Make sure you’re an admin of the Facebook page.
   Go to Settings, Page Roles, then see who is listed. You should be the only admin (or have a business partner too) - but do not have your staff members as administrators. If they leave and are admins, they have the same rights as you and could downgrade you or remove you altogether. Ask yourself, would I give them full access to my bank account?
   
   *Some people decide to setup a Business Manager with a fake account, so that their personal Facebook isn’t attached to the business. This is a mistake. Your personal profile has credibility with Facebook, and if there is a hacking attempt they can send you an alert. If you use a fake account, there is no way for you to have any control, because you’re not who you say you are! Business Manager does not access your personal data or share between the users in Facebook group.
   
   

3. Connect Business Manager.
   This can be daunting, and most people get too confused. What is Business Manager? It’s a part of Facebook where you can manage your business assets and most importantly ACCESS to those assets.
   
   These assets include your Facebook + Instagram pages and your ad accounts (most important), but if you want to really make your socials make some money it’s also where your pixels, custom conversions, catalogs, store locations, payments live too. Most importantly right at the top left of options are People (your people that should have access) and Partners (any outsourced agencies that need to run campaigns or manage your assets on your behalf).
   
   * As an agency, we set our clients Business Managers up so THEY have ownership, then give ourselves access to their assets. When it comes time for us to leave we just ‘back out’ by removing access.
   
   Let’s stay focused and just get started with the stuff that will protect your page.
   
   FIRST - Setup your Business Settings and attach your primary page. Get Facebook’s up to date setup instructions here.
   
   SECOND - Add your page/s by clicking on the Pages section on the left then click the add button. Give the people access to it that you think should have access by clicking the ‘Add People’ button. Remember, only you and one other admin, the rest should have lower levels of access if they’re staff.
   
   *By having two people with admin access, even if your personal page did get hacked and you lost access to the Business Manager, you’d still have someone else that has access too.
   
   THIRD - Add your ad account. You should first go to Payments down to the bottom left and put in a credit card for ad payments. Try to use a credit card that has no overseas transaction fees because otherwise you’ll get hit with an extra 2% each time you’re billed (trust me that’s bad when you’re spending $20,000/month!). Then go up to Ad Accounts and click the Add button. You have three options, unless you’re an agency you won’t need the middle one - so either bring your ad account for the business in to Business Manager or start a new one. Be aware that any ad accounts brought in to Business Manager can’t be moved back out. Once the account is there, add people the same way you did with the pages.
   
   

4. Secure your personal accounts with 2 factor authentication.
   This will ensure that anyone that has access to your assets in business manager also has two-factor authentication (2FA) on their personal account to make it as secure as possible. 2FA will mean that when you log in to your personal Facebook account you will either have an authenticator code or an SMS sent with a code number to prove it’s you before you’re given access. If a hacker tries to get in, they won’t be able to because they don’t have that second device to get the authentication code from.

To do this, you first turn on the requirement in Business Manager. Go down to the Security tab (towards the bottom on the left in Business Manager). You’ll then see the option for Two-Factor Authentication. Turn it on for Admins AND Employees. Click the Review Access tab, and anyone that doesn’t have 2FA turned on for their personal account will have a red warning symbol underneath. At this point their access will be withheld until they turn on their 2FA in their personal settings in their personal account.

Also, you’ll see a button to the right recommending you have a second admin. You should make sure that job is ticked too.

From here you now know that everyone who has access to your Business Manager (think of it like your bank vault), are armed to protect your assets.

Hopefully this has given you some good insight. Don’t put it off until tomorrow. We’ve had to ‘recover’ facebook pages before and we cannot tell you how intensive and time consuming that can be. Do yourself a favour, start the account lockdown journey now.

Then be alert, not alarmed. ;-)