Check All of the Following Steps
1) Turn on two-step authentication where you can, especially on Facebook and Instagram.
Enable two-step authentication on your personal and business social media accounts, as well as any other online accounts that provide the option (including Google Drive, Buffer, etc).
2) Two-Step Authentication on Your Personal Facebook Account
Always turn on two-step authentication for your personal Facebook account. Hackers can access your business assets through your personal account, including any pages you are an owner or admin on.
3) Check for Staff and Employee Facebook Page Admin Accounts
Make sure any/all employee or staff members with admin access to your Facebook page have two-step authentication turned for their personal Facebook accounts. Admins can remove other admins, and your business page could get hacked through another admin account.
4) Facebook Business Manager Two-Step Authentication
If you use Facebook Business Manager to manage your business account or ads, this requires its own two-step authentication. You can go to business.facebook.com and turn on two-step under “business settings” (on the left-hand menu).
5) Managing Passwords and Backup Codes
If you notice an attempted hack attempt, but don’t get hacked because you have two-step authentication turned on, it could still mean your password was in data breach. If you have used this password or login credentials on other sites, your other online accounts could be at risk. It is aways a good idea to set up a unique password for each online account for this reason. A password manager such as 1Password can be used to store all of your passwords backup codes.
What could happen if you get hacked?
Accounts more often than not get hacked because your password was in a data breach, but it can get hacked other ways. Notification of data breaches won’t come until weeks later.
The goal of hackers is to get access to your account, immediately add their own email and phone number so you can’t recover the account, remove you as an admin, and take over with their own content.
Some Real-Life Examples
- In one recent instance a colleague of mine had her Instagram account hacked and in the 48 hours it took to recover the account, the content had been permanently erased by the hackers.
- Another client had their Facebook account recently hacked via their personal login. The hackers took over the ad account, removed all the admins, got the account suspended for breaking ad guidelines, and both the ad account and personal account (of the account owner) were then permanently banned by Facebook. We have yet to recover either account.
- One of the accounts I manage has two-step authentication turned on and this week I received a security code notification, twice. Fortunately, because of two-step authentication, the hackers never made it in, but we changed the password immediately on that account, and everywhere else it was used, since it probably had been involved in a data leak.
What should I do if I get hacked?
With two-step authentication turned on it is very unlikely you will get hacked. You should definitely change your password immediately if you get a security notification. If you are hacked, follow the instructions emailed to you and recover your account as quickly as possible.