For individuals with personal social media accounts, becoming the victim of social media hacking can be embarrassing. However, because they’re likely to personally know many, if not all, of their followers, an apology and an explanation may be all that’s needed to clear up any offences committed while their account was out of their control.

But when your SME’s social media account is hacked, the consequences can be dire.

Hacking DOES HappenSocial Media Account Hacking

In case you’re under the illusion that social media hacking is rare, a recent survey by top law firm Slater and Gordon has found that one in five small businesses have fallen victim to social media hacking in the last three years. Half of the businesses that had fallen victim to hacking said it had caused significant damage to their business.

And in case you’re rolling your eyes yet again and thinking, ‘Huh! How could hacking a silly old social media account damage my business? I only post offers and pictures of the office cat,’ think again. The survey also showed that many SMEs underestimate both the value and risks of social media.

Hackers can:

  • Lose you followers by posting abusive messages or more subtle misinformation
  • Use your account to phish for information and compromise the accounts of your followers, either via messages or malicious links
  • Change your profile, including your profile name

Once a hacker has seized control of your account, getting it back can be a nightmare. Nearly two thirds of the SME hacking victims surveyed said the hackers had demanded a cash ransom for returning account control back to the business.

“We see all too often that SMEs only identify the risk once it’s too late, after they’ve suffered a hack or some sort of serious reputational damage because of a careless or malicious post,” warns Steve Kuncewicz, business advisory lawyer at Slater and Gordon.

So, what steps can you take to protect your business social media accounts from hacking?

Steps to Keep Your SME Safe on Social Media

Treat DMs Or Private Messages with Suspicion
Is it from someone who messages you directly often? Does it contain links? Don’t click on any link without checking where it’s actually taking you.

Protect Your Passwords and Change Them Regularly
Ensure your passwords are strong and have a schedule for changing them. Don’t choose something obvious and use symbols and/or numbers in there to make them more difficult to guess or crack. And DON’T write them on a sticky note and stick them to your monitor. Or keep them on that note app on your phone – you know, the one that’s pinned to your lock screen…

If you have a real problem with remembering suitable passwords, you could consider using a password manager. KeePass is a free, open source password manager but there are many others such as the popular LastPass (which offers a free basic service and a cheap premium upgrade option).

Use Two-Factor Authentication
Two-factor authentication means you’ll need two pieces of information to login – for instance, a pin or a confirmation code that’s sent to your phone or via the registered email address. confirms a user’s identity by utilizing a combination of two different components, typically the account password and a confirmation code, which is sent to the user via text message or email.

All major social media sites have this facility – it’s just that most of us don’t use it! So hop over and get it sorted! We’ll make this easy for you:

Twitter (they refer to it as ‘login verification’)

Possibly the most easily overlooked security measure of our times! Do you always log out of your social media accounts – not just on your laptop or PC, but also on your phone or tablet.
Thought not…

Keep an Eye on Your Apps
Stay aware of what information additional and third-party apps use (such as post schedulers, cross-posters, ‘on this day’ gadgets) and ensure you only authorise ones that are legitimate; do your research. Delete any you’re not using.

Think Education & Authorisation
Who controls your social media accounts? Think carefully about who can access them. Any staff who have access to your business social media account should receive training to make them more aware of account security – it’s pointless to train yourself to log out of your accounts every time if everyone else is staying logged on, particularly if this is on their own devices.

Also ensure they’re aware of the dos and don’ts of social media – ideally, you need a social media policy that covers not just what employees should post on the business account, but what they shouldn’t post on personal accounts. This is your public face; make sure it’s an agreeable one that won’t bring your company into disrepute.

The Team Organic Admin. Keeping everything tidy and neat!