I wrote this guide after seeing too many friends’ business pages get hacked.
Here are some simple steps to secure your accounts and dramatically mitigate the risk of this from happening to you.
Aside from the more technical steps below, be very wary of social engineering. Hackers can appear very nice and helpful to gain your trust; however a small hack can turn into a disastrous one where your identity and those of your friends and family are compromised if you let them in.
Never install anything (including Facebook apps) without fully checking them out first!
1. Multi-factor authentication (MFA)
If you have MFA enabled a hacker needs to know your password AND have access to something else (e.g. mobile phone) to get into your account.
Sometimes this is called two-factor (2FA) or two-step authentication.
This is critical for your email AND for Facebook; access to your email means hackers can reset your passwords easily!
Quick links – use each one if you have an account with that service:
- Google (including Gmail)
- Apple ID (including iCloud.com, me.com, mac.com email)
- Microsoft (including Outlook.com, Hotmail.com)
If you ever have an option to use an authentication app instead of SMS, it is worth doing so as it is more secure. I use the Microsoft Authenticator app as you can back it up (changing your mobile can be painful otherwise).
This should be enforced for ALL users across your Facebook business page.
From https://business.facebook.com/settings/security for all business pages where you are an admin, ensure the following is set to “Everyone”:
2. Check your Facebook Business Integrations
Business Integrations are setup from e.g. social media management or CRM accounts (Hootsuite, HubSpot etc.) or for advertising accounts.
However, they are often used by hackers to gain access to business pages & cause damage.
Using your desktop or laptop, visit https://www.facebook.com/settings?tab=business_tools (link does not work on mobiles).
Delete anything you don’t use or recognise;
If you have any with these settings, you should make sure you are comfortable with their Terms of Service, Privacy Policy etc. (it is always worth re-visiting ToS & other policies to ensure you’re comfortable with the level of access 3rd parties have and who they share your data with!)
3. Check Facebook Apps on your personal page
Remember that your personal page is often a route in to your business page.
From your laptop/desktop visit:
https://www.facebook.com/settings?tab=applications
Delete anything that you don’t recognise or use.
Whilst these apps should are a low security risk of phishing (where they could ask you to re-enter your credentials) there is also a privacy consideration. Many apps will have access to more on Facebook than they need, they can use this data for social engineering and/or targeting your friends who may not have read a useful guide like this 😊
4. Check your Business Page roles
From your Business Page use the Page roles tab:
You should be the Page Owner and you should recognise all the accounts that have access under Existing Page roles:
Make sure anybody who has access to this page has Multi-Factor Authentication setup too!
5. Check your Page management history
If anybody has had unauthorised access to your Page, you should find it in this section; one person I was helping had this – bad news!
Note the change to a different country’s audience… and the Pages Manager was actually an App…
Finally… Use Revoke
Not strictly related to securing your Facebook page(s) but you should also be taking back control of your data!
www.revoke.com (disclaimer: I’m the CEO)
I hope that was useful and helped to protect your Facebook account and business page(s)!
Leave a Reply