Regarding social media presence for companies, Facebook is still the king. Even though the upstart of other social media platforms, the Facebook page is still the anchor for most companies’ social media strategy.
The great thing about this is that it makes it easy for social media marketers to know where to target their efforts: the channel that puts you in front of the most people. The bad thing about this is that it also makes it easy for hackers, criminals, and people who harm your company to know where to target their efforts: the channel that puts them in front of the most people and gives the most efficient advertising platform.
In the security world, this makes your Facebook page “a high-value target”. A successful attack against your page has the potential to do the greatest harm to your online reputation. It also has the potential to do the greatest harm by enabling attackers to use your page to identify and target your customers for attacks that can lead to real financial losses for you and them.
This means that the bad guys have the greatest interest in getting control of your Facebook page for their use. The key to using pages safely and smartly is ensuring that you do all you can to remain in control. It is also about being proactive regarding cybersecurity, as Hari Ravichandran put it.
The good news is that Facebook has some of the most sophisticated security controls available for social media. It has a dedicated security settings center with some industry-leading tools at your disposal. The bad news is that these tools aren’t enabled by default or are well-known, and the relationship between your account profiles and pages can make it unclear how to set security for maximum protection.
The important thing is that Facebook pages can be made more secure than other social media channels if you do the right things. By taking two simple steps today, you can increase your page’s security to ensure you don’t lose control of it better.
- Minimizing the number of administrators (“admins”)
- Increasing the account security options for all admins
The Weakest Link: Admin is Admin
Every Facebook page has at least one admin. When you create one, you are set up automatically as an admin. The admin is important because they have complete control over every aspect of the page.
The idea of an “admin” borrows from a concept that’s been used in computers for decades (you may recognize it from your Windows or Macintosh system, for instance) to ensure at least one account can do anything on a system for maintenance purposes. It is critical to understand that an admin always has TOTAL control.
There is nothing that an admin can’t do on a system, and that applies to Facebook pages. An admin can add or change any content on a page, add other admins, remove other admins, and even delete a page.
When you have a Facebook page that you manage and are the only admin, the greatest risk is that you might make a mistake that can cause damage to the page. This concept gets tricky, though, when you need more than one person to manage them. Every admin that you add has the same total control over that page. All admins are equally powerful and have the same control.
This means that your Facebook page security is only as secure as the account of the people who are admins. If one of your admins loses control of their account, you can lose control of your page to whoever has taken control of that account.
That attacker can then remove all other admins, locking you from regaining access. The attacker can then delete content, post their own content, and even set the page up to deliver malware to users. Once this happens, you can work with customer support to get control of the hijacked admin account by reporting it through their “hacked” page. Until you control the page, though, the attackers have free reign with it.
Because you can’t limit admins’ power, you should help protect your Facebook page by limiting the number of admins as much as possible. Ideally, you should have no more than one or two accounts as true admins. The fewer accounts that have this power over your Facebook pages, the less chance of one of them being hijacked and you losing control.
Strengthening the Link: Account Protection Options
Once you’ve minimized the number of accounts with admin rights to your Facebook page, you next want to increase the security of the accounts that still have admin rights.
You should consider creating special Facebook accounts that are only used for admin of your page and nothing else. You should only log in to your admin account on fully up-to-date systems with security patches and antivirus.
In addition to creating a strong password for your admin account, you should utilize the platform’s enhanced account security tools. These tools are a relatively new addition to Facebook and are not well-known. But these provide an extra layer of authentication, increased monitoring for unauthorized activity, and a faster means to regain control of a compromised account.
To access these options, on your Facebook page admin account, select “Account Settings” from the drop-down box in the upper right. One the left-hand menu, click “Security“. This will give you access to the additional account security options (Note: this information is current as of this writing, these options may move or change in the future).
First, you should ensure that “Secure Browsing” is enabled. This will always encrypt your username and password from any device.
“Login Approvals” is very important: this will make it so that an additional one-time code has to be entered each time someone tries to access your account on a new device. The code is sent by text to a mobile phone number. This enables what we call “two-factor” authentication by requiring that you give Facebook not just something that you know (your password) but something that you have (this one-time code sent by text to your mobile phone in your possession).
This feature significantly increases the security of your account because an attacker would have to get your password AND your mobile phone to access your account from a new device. As devices are approved, you will see them listed in the “Recognized Devices” section and any active session listed in the “Active Session” section.
“Login Notification” will let you know via email, text, or both every time a new device accesses this account. You can use this to watch for any unauthorized access and take action right away to regain control of your account.
The “Trusted Friends” feature lets you list up to five FB friends who can help you regain access to your account if you’re locked out. As Facebook notes, you will need at least three friends but five is preferred. If you get locked out, you must enter three codes sent to these friends to regain control of your account. In picking these friends, you want people you’ll be able to reach quickly.
Taken together, all these options significantly enhance the security of your account. And they do so without significantly increasing the “hassle factor”. They also provide good mechanisms to let you know if your account is compromised and how to quickly regain control.
Two Easy Steps to Greater Peace of Mind
Whether you are just starting an online store on Facebook or have an established page, prioritize your privacy and security.
Comparatively speaking, Facebook has done an admirable job of increasing the security of its platform. For companies, Facebook is still the king of social media channels. And they’ve built-in security capabilities that are fit for a king. The only trick is knowing what’s there and how best to use it.
With these two steps, minimizing the number of admins and strengthening the account security options on your admin accounts, you can significantly reduce your risk factors and increase the overall security of your admin accounts and your page, bringing you better peace of mind.