Milwaukee, Wis. – If you think hackers are only after the social media accounts of large companies, think again. Small businesses are three times more likely to be targeted by cybercriminals than larger companies. Your data, social media followers, and company reputation are valuable to con artists, no matter the size of your business. And what’s more, scammers know that a smaller company is less likely to have training in cybersecurity and social media best practices, making them an easier target.
What can you do to protect your business’s social media accounts? And how can you get your account back if you’ve already been hacked? BBB recommends the following tips.
How to restore a compromised account
- Run a malware scan. Ensure the hackers do not install viruses on your device by running a scan with reputable security software. If the scan identifies any malware, delete it and restart your device.
- Change your passwords immediately. If you can still access your account, change your password. Then, change the passwords to all of your other social media accounts, even if you only see suspicious activity on one network, just in case.
- Report the social media hack. Once you change your password, or if you are locked out of your account by scammers, contact the social media network. Don’t delete any damaging posts immediately since you may need them as evidence of the hack. Take screenshots of unauthorized posts or messages and then report the issue. Follow any instructions to restore your account, which may vary from platform to platform.
- Report compromised information. If you suspect your sensitive, personal information was compromised, report it at IdentityTheft.gov, where you can create a personalized recovery plan.
- Review your activity log and account settings. Look at the activity log to determine when and where your social media account was accessed. Then review your followers, the accounts you follow, and recent comments and messages.
- Let your customers know. Especially if hackers posted something to your account or sent out messages to your followers, it’s important to notify your customers. Let them know what happened, and assure them the issue is resolved as soon as it is.
How to secure your business’s social media accounts
- Understand hackers’ motives and tactics. Hackers can use your social media account for a variety of nefarious reasons. They may be planning to run malicious ads using your stored credit card information, hoping your followers will pay attention since they come from a trusted source. Scammers can also target your followers via direct messages with phishing attacks. Or they may be after your sensitive personal or business information. Sometimes, they might try to steal your sales revenue or even sell your account on the black market. Regardless of the motive, scammers can only hack your account if they get a hold of your login and password information. To steal that, they may target you or one of your employees with a phishing or malware attack, so protecting that information is critical.
- Create a social media policy. Write a social media policy with clear guidelines and requirements for your brand and employees. What should it cover? It can contain rules about brand voice and post guidelines, but it should also clarify your employees’ responsibilities. Who is responsible for crafting social media posts? Who has access to the passwords and login information? What devices can be used to log in to your accounts? These questions should be answered in your policy. You should also include a plan of action if your company does experience a security crisis. How will you handle a hacked account? Laying out a step-by-step plan ahead of time can minimize the damage caused by an attack.
- Recognize the signs of a hacked account. If you see unfamiliar posts on your account, you didn’t authorize; someone has gained access to your account. You may also get messages from friends saying they received a strange message or email from you. And if your data has been compromised in a data breach or malware attack, or if a device with stored login information was stolen, hacking becomes more likely.
- Use strong passwords. Avoid easy passwords. Use long passwords with numbers, letters (upper and lower case), and symbols. Never use the same password twice. And if that sounds like a lot to manage, consider using a password manager.
- Set up two-factor authentication. Multifactor authentication (MFA) makes it harder for cybercriminals to access your account, even if they’ve gotten a hold of your password. Setting it up for your business accounts is a must.
- Keep antivirus software up to date. Protect your computers and mobile devices from malware attacks by installing antivirus software and running regular scans.
- Be careful with third-party apps. Instagram warns users that they can gain complete access to their account if they give their login information to a third-party app by handing over their password and username or even a login token. The same is true for any social media network. If you use a third-party app, like a social media scheduler, ensure it’s from a reputable source.
- Check your accounts regularly for suspicious activity. Keep an eye on your social media accounts. Check in daily, if possible, to ensure your account hasn’t been compromised.
- Train your employees. Give your employees regular training to help them spot a phishing attack before it’s too late. Review your social media policy and any up and latest threats on social with them. Keeping your team alert can go a long way toward protecting your accounts.
