Social media security: 5 simple tips for small businesses

Actionable info for managers and business owners.

Graphic of Facebook, Instagram, LinkedIn and Twitter icons on a key chain against a blue background

From increasing website traffic and building brand presence to providing online support for customers, social media is a powerful tool in any small business owner’s pocket.

But unless they’re managed securely, your social media accounts could easily be exploited.

In today’s blog, we’re reviewing five simple steps — plus a handful of bonus tips — that all small business owners should take to keep their social media accounts safe.


Why social media security matters

We can probably all agree that someone accessing your business’ social media accounts without your knowledge or permission would be bad.

But what, exactly, could happen if they did?

Damage to your business’ reputation

We’ve talked before about how easy it is for an off-colour tweet or inappropriate image shared on social media to cause serious damage to your brand.

If someone were to gain unauthorised access to your company’s Facebook or Twitter account and post something offensive, could you realistically spot and delete it before any of your customers — or would-be customers — saw it?

In 2020, tech giant Apple's own Twitter account was hacked by cryptocurrency scammers who then used the account to request Bitcoin payments to a private account. Even with a full-time social media team standing by, it still took several minutes for Apple to spot and delete the tweet.  

Account hijacking

It’s one thing to have someone post something offensive via your social media account; it’s another entirely to have your account held to ransom — especially when you’ve worked hard to build up a loyal following.

Hijacking and ransomware attacks are becoming increasingly common, with businesses having their accounts seized by criminals who change the login details then demand exorbitant sums of money for their release.

Either pay up (and be marked as a soft target for future scams), or be prepared to say goodbye to your account — and with it all of your followers — forever.

Loss of sensitive data

Would your business be able to recover if you lost sensitive client or company data as a result of a social media hack or a member of your team following a malicious link?

Without having adequate security measures in place, social media can easily provide a route in for those who are determined enough.


Our top social media security tips

A red brick wall with faded bricks towards the bottom

Ready to beef up your social media security? Check out these five tips for keeping your business’ accounts safe.

1. Assign a social media manager

Or, at the very least, limit who on your team has access to your social media accounts.

The more people who share a login and the more devices you use to access your company’s social media accounts, the greater the risk to your business.

Whether it’s just you and a business partner or you have an entire team working for you, it’s important to agree who’ll be in charge of managing your accounts. They alone will do the posting to your accounts (though make sure you or another senior team member can access them if necessary), as well as be responsible for knowing which devices are logged in to them at any one time.

By doing this, if you’re ever notified that someone has logged in to one of your accounts from an unrecognised device, you’ll easily be able to find out who it was — and whether or not you need to take action.

Ideally, all of this would be covered in your business’ social media policy so that everyone on your team is on the same page.

2. Keep up to date on social media scams

When you have a business to run and are frequently hopping between different roles, it's surprisingly easy to fall victim to a sophisticated phishing scam or follow an innocent-looking link arriving in your Facebook inbox.

For this reason, your social media manager should make a habit of reading up on new and common social media scams and educating the rest of the team on what to look out for.

Sites like Social Media Examiner are great for keeping up to date on the tactics hackers and fraudsters employ in an attempt to gain access to businesses’ social accounts — as well as for picking up handy tips on getting the most out of your social accounts.

3. Use unique passwords for every account

Losing access to one of your social media accounts would be terrible. But imagine losing access to all of them on the exact same day…

When criminals gain access to an online account, the first thing they do is run bots that attempt to use that exact same login information on hundreds of other websites. For this reason, it’s not enough to have one password for your laptop, one for email, and one for social media accounts; each account should have its own, unique password.

As we're frequently told, passwords should be a combination of both uppercase and lowercase characters, numbers, and at least one special character. This might seem tiresome, but as this chart from security experts Hive Systems shows, the number and type of characters we use can be the difference between a hacker cracking a password in anything from a few seconds to a few thousand years.

If you have a lot of accounts to keep track of, consider investing in a password manager like 1password or Dashlane — just be sure that you keep its password secure.

4. Use two-factor authentication

Also known as two-step verification, or sometimes just 2FA, two-factor authentication is easily one of the best ways to protect your online accounts.

Two-factor authentication works by sending you a unique, time-sensitive code via app, SMS, or a verified email address after you enter your normal login information. Only after this code is entered into the site can you access your account.

2FA protects your business in the event that an unauthorised person gets hold of your username and password, but also helps you (or your social media manager) control which devices can log in. Bear in mind that, if you lose the device your authentication codes are delivered to, you could be locked out of your accounts forever, so be sure to nominate a backup phone where the option is available or set up 2FA on a couple of devices.

You can find more info on how to set up two-factor authentication for the social media platforms you use here:

5. Put a contingency plan in place

So, you’ve assigned a social media manager, set rock-hard passwords, and are using two-factor authentication.

But what if, even after putting all of this in place, someone still finds their way into one of your accounts?

That's where your social media contingency plan comes in.

A few scenarios you might want to consider in your plan:

  • What would you do if you received a notification about a login, or login attempt, from an unknown device or location?
  • What happens if that same notification arrived late at night, during the weekend, or when your social media manager is on holiday?
  • If you spotted a post on your business’ Twitter account — perhaps containing a link to a third-party website — that you don’t recognise, who would you speak to about it and how would you get in touch?

Be sure to put a protocol in place, deciding whose job it is to take action in the event of a security breach, and familiarise yourself with how to do things like update passwords and user permissions, or how to contact support, in the event that your account is hacked.

Bonus tips

Extra info to help keep your accounts safe.

Use a dedicated mobile device for social media
Avoid managing your company’s social media accounts from the same device you use to access your personal profiles. Instead, use a dedicated smartphone for all business-related social posts, and decide who’s responsible for it.

Don’t use personal email addresses for social media logins
The email address associated with your social media account should always be one that belongs to your business and one you’ll never lose access to in the event someone leaves the company.

Never log in via public or free wifi connections
Free, unsecured wifi networks are an easy way for criminals to record things like login details. If you or your staff are ever working from outside the office, be sure to use only either a private, password-protected wifi network that you trust or your own mobile data connection.

Wrap up

When you've got a business to run, or are contending with things like lockdowns and restrictions due to Covid-19, it can be easy to momentarily drop your guard or be caught out by a sophisticated social media scam.

Basic steps like setting up two-factor authentication, designating a social media manager, or limiting the number of devices that are logged in to your accounts will all help to reduce the number of threats to your business, as well as increase accountability.

Some of this might seem obvious, but often it's our smaller, everyday behaviours that are exploited by criminals to gain access to your accounts or business, so be sure to revisit these security steps often and keep them fresh in your team members' minds.

Stay safe out there!