Originally published in 2018.
Facebook is scrambling to recover after its most recent security breach, which put an estimated 50 million users’ data at risk. That’s 50 million people whose personal information could have fallen into the wrong hands. In light of the breach, Facebook took safety precautions securing an estimate 40 million users’ data. CEO Mark Zuckerberg claimed that only general demographic information was exposed, including the name, sex and location of millions of social media users. Thankfully, it was reported that credit card information and private messages were spared in the security breach (although reporters are being cautious, as it’s too early to know anything for sure).
Earlier this year, the Cambridge Analytica scandal had Facebook users up in arms, some even jumping on the #DeleteFacebook bandwagon. Roughly 87 million Facebook users were put at risk. The Federal Trade Commission issued an investigation, but overall, Facebook didn’t lose very much of its user base.
These aren’t the first social media security breaches, and they won’t be the last. So, where do startups and small businesses stand in protecting themselves? Are we as vulnerable as we think? If in 2017, brands like McDonalds, CNN and Forbes had their accounts hacked, what chance does a smaller brand have of protecting itself with more limited security resources?
Third party apps
If you’re concerned about your brand’s security on social media, the first thing you can do is assess third party apps. These are apps that store your personal data when you log in with your Facebook username and password. Using a number of third party apps means that your brand is relying on many outside resources to run smoothly.
A Global Security Report revealed that the vast majority of enterprise security breaches (85 percent) occurred because of a third party application. Thus, it’s important to thoroughly research apps before connecting them to your brand, and if you can avoid using them entirely, even better.
Before putting your brand’s data at risk, know what a breach would actually look like in relation to that app, as well as what assets would be at risk, and have a plan of action ready in the event of a breach. It’s common for businesses to underestimate or ignore the risk of running third-party apps, but as hacks become more sophisticated, it’s not something to sweep under the rug. While third-party authentication is quick, convenient and doesn’t require you to remember several passwords, it also increases the risk of a data breach.
Managing page roles
A simple rule of thumb for any Facebook Business page is to have more than one admin. This ensures that if your account is ever blocked or hacked, you or another trusted person on your team can access it through another login. At the same time, don’t subscribe to the idea that the more admins you have, the better.
Actions like publishing, banning followers and sending messages should be limited to only those that need to perform these tasks. Facebook allows for admins, editors, moderators, advertisers and analysts. Admins have the most rights and analysts have the fewest. Forgetting to delete old employees and generally being sloppy with page roles only makes your page more vulnerable to a security breach. Know who has access and exactly what they can do.
Securing mobile access
If you or other team members regularly access your business page from a phone, consider an application that can protect you in the event of a lost or stolen phone. Some security apps offer a Facebook blocking feature so you can prevent your page from falling into the wrong hands.
If you haven’t already, the easiest and most obvious way to protect your Facebook Business page is by enabling two-factor authentication. This prompts Facebook to send a security code to your phone when logging in from an unfamiliar location. Remember: If your personal page is hacked, you may also lose access to your business page. They are one in the same.
In addition, the “Security” tab in Facebook’s setting allows you to choose up to five friends to contact in the event that you are locked out. You can also manage which devices require extra security verifications, set up alerts for unrecognized logins and enable encrypted notification emails. Encryption is especially effective because many hacks involve official-looking emails from “Facebook” that prompt the user to sign in. Before they realize what has happened, the hackers have already received the login info they need to take over.
While you can’t control the security measures taken by Facebook itself (or the lack thereof), you can control your personal page settings. In a world where security breaches have become weekly news, taking these small extra steps can make the difference between data safety and a full-blown security crisis.