How to secure your social media accounts
When I tell people I’m a Social Media Manager, they usually ask me about how to deal with internet trolls or commenters displeased with their company for *draw random reason from hat here*.
While I’ve suffered my fair share of grueling days dealing with both scenarios, they’re far from the worst-case challenges I’ve faced.
What’s a social media manager’s worst-case security breach scenario?
Well, losing access to your account due to hacking or deactivation seems to take the cake.
Every time one of my co-workers or I’ve experienced being locked out, the temperature seems to drop 30 degrees. Why? Because, to be frank, social media platforms are notoriously slow when asked to help you reinstate your account.
Type “Instagram account hacked” into Google and you’ll find an onslaught of horror stories and frustrated users seeking help on message boards.
What you won’t find, however, is a tech support number – as it does not exist. In fact, LinkedIn, Facebook, Twitter, TikTok, and Instagram all lack tech support numbers.
According to security firm Trail of Bits CEO Dan Guido, “Instagram has been notoriously uncooperative when people lose access to their accounts, and insensitive that many people have business revenue that depends on them.”
In the end, you’re only option is to submit a ticket here and wait for a response.
The first time I faced this type of upset, Instagram and Facebook deactivated an account managed by a colleague of mine. We had no clue what caused the deactivation. When we surfaced the issue with each platform, we weren’t given any information. We were simply told to appeal the action.
However, when we submitted the appeal, the social platforms said we’d hear back within 24 hours. Fifteen days later, we got the accounts back with the following message: “Oops. Sorry. :/”
The situation was seemingly unavoidable. And recently, similar incidents are on the rise. Personal, micro-influencer, and small business accounts are being hacked left and right.
To illustrate the point, get a load of these numbers:
As of 2021, 43% of hacked accounts belonged to small businesses. In 2023, cybercriminals are expected to steal approximately 33 billion personal records. Furthermore, 16% of the conversations within online hacker groups are focused on taking over accounts.
So, if you notice an account you follow suddenly posting (or personally messaging you) with “Get rich quick with Bitcoin” content, you’re likely witnessing hacking in real-time. Unfortunately, it will cost the account owner valuable time and resources to get their account re-secured due to a lack of urgency from most platforms.
If you use social media to help run your business, losing out on communication and advertising for even a small amount of time can take a massive toll.
Imagine all of your ad accounts just sitting idle in some e-purgatory. Think of the losses you’ll incur if you’re unable to connect with your customers. And won’t your followers grow frustrated when they can’t find their favorite influencer or company on social media? Who’s to say they offer their loyalty to one of your competitors whose ads appear when yours are absent?
In such situations, inactive or hacked social media accounts can cost your organization a great deal of money. Especially if hackers post from your account. But there are ways to protect yourself.
Here to help you beef up your social media protection protocols is Automox’s own Jessica Onorati (Team Lead, Organization Security).
How do you protect your social media accounts?
I’m glad you asked!
1. Automatically update all of your devices
By turning on automatic updates, you’ll ensure your devices are at the highest level of security at any given time. After all, your social media passwords aren’t the only information that can be exploited by hackers. This is particularly important for any dependent applications you use, such as your browser.
2. Limit the information you share online
This may seem like a no-brainer, but internet trends often get the best of us. We waste no time jumping on meme bandwagons like, “Share a pic of you with your first pet,” or what have you.
Without hesitating, you slap on a caption like, “I miss you, Scout!” Suddenly, anyone with access to that post knows the answer to your security question.
Campaigns, such as the one outlined above, are intentionally written to have an emotional response to trigger you to post a common security question answer. While it seems like trivial information, data points like this can be used to track you across the internet or, at worst, compromise your accounts.
3. Consider the use of a social media management platform
Besides the obvious benefit of simplifying marketing and analytics, these platforms have security benefits as well. Limiting direct access to social media sites can reduce your risk footprint. This reduces the need to share passwords and allows you to put in monitoring and controls for what is posted when and where.
4. Limit access to third-party apps
While add-on applications such as games, quizzes, photo editors, and more seem like fun they can be hiding sinister intentions. Many third-party apps require extensive access to your social media accounts to sign up. Once you have given them permission, they have unfettered access. Don’t open the door for data miners and hackers. Only add trusted third-party applications that you absolutely need and review third-party app permissions regularly.
5. Be mindful of what passwords you use and change them often
According to 2022 breach patterns, the use of stolen credentials is 6 times more likely than exploiting a vulnerability. For this reason, one of the best ways to keep your account secure is to use good password etiquette.
Use lengthy, non-trivial, passwords
NEVER reuse passwords across sites
Do not use identifiable information (ie, your child’s name or your favorite place) or context-specific information (ie, facebook123!, insta2022) in your passwords
Never share your passwords with anyone! Admins of social media sites will never solicit your password.
Change your passwords immediately if there’s any sign of compromise – such as a suspicious login attempt or a device on your account you don’t recognize. Don’t forget to change the password of your email, too, if applicable.
While the list may seem daunting, you can easily accomplish all of these by using a randomly generated password with a password manager. Applications such as Keychain, Lastpass, Bitwarden, and 1password can help you out tremendously here.
6. Enable two-factor authentication
This is one of the best ways to protect yourself. Two-factor adds an additional layer of security that is hard for hackers to bypass. Whether it’s a token you’ve set up, email or text, these layers add a great deal of security and awareness to your accounts. If you ever notice a two-factor request that you didn’t authorize, report it and change your passwords as soon as possible.
Remember that two-factor tokens are essentially short-lived passwords, so never share them with anyone! Again, social media admins will never request this information, so if it’s being requested, you’re likely dealing with a scammer.
Post securely
The more secure you can keep your social media accounts, the better off you’ll be. You shouldn’t have to deal with interrupted productivity or an inability to post because you're waiting on your platform’s helpdesk.
Hopefully, the tips above make you feel more secure and keep your accounts in good standing. Happy posting!
As a SysAdmin working from home, how can I best manage my remote coworkers?
What do current IT and security stats tell us about industry trends?
Automox for Easy IT Operations
Automox is the cloud-native IT operations platform for modern organizations. It makes it easy to keep every endpoint automatically configured, patched, and secured – anywhere in the world. With the push of a button, IT admins can fix critical vulnerabilities faster, slash cost and complexity, and win back hours in their day.
Grab your free trial of Automox and join thousands of companies transforming IT operations into a strategic business driver.