top of page

Are your business social media accounts secure?

Cyber attacks can be incredibly disruptive to your business, especially if you are reliant upon using Facebook’s marketplace, Instagram and Twitter to generate revenue over social media.

Whilst media attention about cybercrime is often focused on large organisations with big budgets, it’s important to remember that the vast majority of cybercriminals are indiscriminate - any company that works online, sells online or uses social media is a potential victim.

Unsecured social media and email accounts reported losing £3.8 million to social media attacks between February 2020 and February 2021. The national reporting centre for fraud and cybercrime, Action Fraud received 15,214 reports of email and social media hacking between February 2020 and February 2021 - with 88% of victims being individuals who had their personal accounts compromised by criminals. Nearly 1 in 4 victims were aged between 20 and 29.

What threats does my business face on social media?

Back in December of 2020, Manchester Restaurant, Northern Soul Grilled Cheese had their Instagram account hacked with the attackers asking for a ransom. The owners lost close to 30,000 followers, and with just two weeks before Christmas, the company had to start the page again. It meant reconnecting with their customers and fans which they had built up over seven years.

They commented:

“We’ve worked so, so hard and I can’t tell you the pain that we have felt in terms of losing our community online… we won’t give into hackers or bullies.”

What are our six top tips to keep your social media account secure?

Two-factor authentication (also known as 2FA, two-step verification or multi-factor authentication) is designed to help stop cybercriminals from accessing your accounts even if they obtain your passwords.

Two-factor authentication (2FA) ensures that any new device trying to log in or make account changes needs a second layer of security before access is given. 2FA includes single-use codes being sent via SMS, email, phone, or smartphone application.

How to turn on 2FA for social media - Instagram, Facebook, Twitter and LinkedIn.

Remember to have strong passwords, your first level of protection when securing your online accounts or customer data is a strong password. Whilst complex passwords can be difficult to remember, the National Cyber Security Centre (NCSC) encourages businesses to use three random words; such as HouseForestFlower. This helps you protect against common issues like brute force attacks. This is where an attacker tries many passwords with the hope of guessing them correctly.

The aim of a strong password is not to make it so you won’t remember it, but so cybercriminals struggle to crack it. You can include symbols, capital letters and numbers to make it even more secure.

Default passwords must always be changed and you should change any passwords if you witness any suspicious activity taking place on your account(s). If someone leaves the business it's recommended that you review the passwords on your social media accounts and consider changing them.

Consider using user roles on your social media accounts. It’s best practice to grant direct access to just a few select employees so your social media accounts can stay secure. This is especially important if you are using freelancers or external agencies with your social media accounts.

Consider assigning responsibility on a per-network basis - while one staff member takes care of Instagram activity, another can manage Twitter for example.

With Twitter, you can give different levels of access to individuals affiliated with your Twitter handle. Multiple users can be given access to a Media Studio account. Each user can log in with their own username and password and will be able to access the Media Studio accounts to which they have been granted access.

Using user roles can reduce the risk of malicious or erroneous mishaps with your accounts by granting access without sharing any passwords. When a user changes their job or leaves the organization, their access can easily be modified or removed altogether.

Do you know which devices are signed in to your social media accounts? You should always know what devices are logged into, as a matter of basic digital security. We recommend every month performing a checkup, just to see which devices have access to your accounts.

Secure your social media accounts on mobile devices. To make it easy to log in, many people who don't have their settings require two-factor authentication for social media on mobile devices. Although you may not want to require a password each time you log in, you must have passwords to lock your phone and prevent unauthorized use of social media accounts. Facial recognition and fingerprint scanning are also available to keep accounts secure on mobile devices.

Consider implementing a security policy for social media. This policy should allow employees to have access only to sites that are safe and trustworthy. Your policy should also be set up to detect, monitor, and have an action plan if an incident occurs. Businesses should monitor any activity on social media to automatically detect and report threats, and take action.

Make sure your policy makes employees wary of clicking on links from unfamiliar followers. For example, shortened links can infect a system with malware and infect computer systems, if opened. Employees should use tools that allow them to view the full URL before clicking, as an infected link could harm not just their personal devices but the entire company network.


How to keep your social media business account secure - Whatsapp, Instagram, Facebook and Twitter.

Contact us today if you want to talk through any cyber security questions or learn more about our affordable memberships and security services.



Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).



The contents of blog posts on this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of East Midlands Cyber Resilience Centre (EMCRC) is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. EMCRC provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us by email.


EMCRC does not accept any responsibility for any loss which may arise from reliance on information or materials published on this blog. EMCRC is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page