Cyber attacks can be incredibly disruptive to your business, especially if you are reliant upon using Facebook’s marketplace, Instagram and Twitter to generate revenue over social media.

Whilst media attention about cybercrime often is focused on large organisations with big budgets, it’s important to remember that the vast majority of cybercriminals are indiscriminate – any company that works online, sells online or uses social media is a potential victim.

A recent spate of attacks on businesses via Facebook in the second half of 2022 has seen ,police issue increased guidance to small businesses and people with 'side hustles' who are paying for advertising on Facebook. This scam sees the hackers access the settings page, enabling them to change spending limits and other controls. It can be difficult to put a stop to this fraud, even after the business has spotted the problem.

What threats does my business face on social media?

Back in December of 2020, Manchester Restaurant, Northern Soul Grilled Cheese had their Instagram account hacked with the attackers asking for a ransom. The owners lost close to 30,000 followers, with just two weeks before Christmas the company had to start the page again. It meant reconnecting with their customers and fans which they had ,built up over seven years.

“We’ve worked so, so hard and I can’t tell you the pain that we have felt in terms of losing our community online… we won’t give in to hackers or bullies.”

Compromised social media accounts are more often on personal accounts and less so on businesses but in the case of Facebook, you often use your account to access your business advertising profile or business page. So you must be keeping your accounts just as secure with two-factor authentication, and strong passwords and review your privacy settings.

In November 2022, we've seen an increased threat level raised for Twitter users with the recent takeover by Elon Musk. ,Computer Weekly reports that a litany of security and compliance issues have been exposed and in many cases, this has been caused by Elon Musk’s takeover of the social media platform.

At the time this blog was published, there has been no major cyber incident or data breach affecting users of the platform as of yet. However public perception of Musk’s abrupt termination of thousands of Twitter employees is causing the platform to fray at the edges as various technical issues start to mount up.

The emerging favourite to take over from Twitter; Mastodon also has its security issues ,according to Forbes. The decentralized social media platform had numerous vulnerabilities and other security issues; researchers discovered an HTML injection vulnerability that could be used to steal your credentials, it was also found that a hacker could download all the files on a server including shared photos sent via direct messages.

What are our six top tips to keep your social media account secure?

Two-factor authentication (also known as 2FA, two-step verification or multi-factor authentication) is designed to help stop cybercriminals from accessing your accounts even if they obtain your passwords.

Two-factor authentication (2FA) ensures that any new device trying to log in or make account changes needs a second layer of security before access is given. 2FA includes single-use codes being sent via SMS, email, phone, or smartphone application.

How to turn on 2FA for social media - ,Instagram, ,Facebook, ,Twitter and ,LinkedIn.

Remember to have strong passwords, your first level of protection when securing your online accounts or customer data is a strong password. Whilst complex passwords can be difficult to remember, the National Cyber Security Centre (NCSC) encourages businesses to use three random words; such as HouseForestFlower. This helps you protect against common issues like brute force attacks. This is where an attacker tries many passwords with the hope of guessing them correctly.

The aim of a strong password is not to make it so you won’t remember it, but so cybercriminals struggle to crack it. You can include symbols, capital letters and numbers to make it even more secure.

Default passwords must always be changed and you should change any passwords if you witness any suspicious activity taking place on your account(s). If someone leaves the business it's recommended that you review the passwords on your social media accounts and consider changing them.

Consider using user roles on your social media accounts, it’s best practice to grant direct access to just a few select employees so your social media accounts can stay secure. This is especially important if you are using freelancers or external agencies with your social media accounts.

Consider assigning responsibility on a per-network basis - while one staff member takes care of Instagram activity, another can manage Twitter.

With Twitter, ​​you can give different levels of access to individuals affiliated with your Twitter handle. Multiple users can be given access to a Media Studio account. Each user can log in with their username and password and will be able to access the Media Studio accounts to which they have been granted access.

Using user roles can reduce the risk of malicious or erroneous mishaps with your accounts by granting access without sharing any passwords. When a user changes their job or leaves the organization, their access can easily be modified or removed altogether.

Do you know which devices are signed into your social media accounts?

You should always know what devices are logged into, as a matter of basic digital security. We recommend every month performing a checkup, just to see which devices have access to your accounts.

Secure your social media accounts on mobile devices - use the FaceID feature

To make it easy to log in, many people who don't have their settings require two-factor authentication for social media on mobile devices. Although you may not want to require a password each time you log in, you must have passwords to lock your phone and prevent unauthorized use of social media accounts. Facial recognition and fingerprint scanning are also available to keep accounts secure on mobile devices.

Consider implementing a security policy for social media, this policy should allow employees to have access only to sites that are safe and trustworthy. Your policy should also be set up to detect, monitor, and have an action plan if an incident occurs. Businesses should monitor any activity on social media to automatically detect and report threats, and take action.

Make sure your policy makes employees wary of clicking on links from unfamiliar followers. For example, shortened links can infect a system with malware and infect computer systems, if opened. Employees should use tools that allow them to view the full URL before clicking, as an infected link could harm not just their devices but the entire company network.

How to check your privacy settings - ,Whatsapp, ,Instagram, ,Facebook and ,Twitter.

Contact us today if you want to talk through any cybersecurity questions or learn more about our affordable ,memberships and security ,services.