Safeguarding Meta Business Manager

Meta Business Manager is a centralized hub for a business to house their Facebook Page, Instagram account, ad account, mobile app, pixel, domain, and more. This is the safest and most secure way to manage permission to social media assets with employees and external partners. While having a single location to manage accounts can streamline access, someone with nefarious intentions who is able to gain access to one person’s Facebook login credentials, could gain access to all brand assets in one fell swoop.

Keeping Meta Business Manager secure is crucial for a business, and involves coordinated efforts from every individual with a login in to the platform.

The Rising Threat of Hacking

Over the past year, you may have heard more people you know reporting that their Facebook or Instagram account had been hacked. It seems like every day there’s a new scam hackers are using to gain access to users’ accounts. An example of a recent scam goes something like this:

• One of your “friend’s” profiles reaches out through Messenger and tells you they’ve lost access to their account, but you’re one of the few trusted people listed that they can send a code to in order to regain access
• You agree…and a code is texted to you
• You provide that code to your “friend”, and suddenly you have no Facebook access anymore
• Turns out, the code you provided was the two-factor authentication code to your own profile, and now the hackers have taken control of your account

If you have access to a Business Manager, that means the hackers also now have control of your company Facebook Page, Instagram account, and ad account where they can wreak havoc and run paid campaigns on your funding sources. 

Hackers have been able to gain access to major notable brands and small businesses alike, and use their ad accounts to run campaigns for cryptocurrency scams, other spam, or phishing links to continue hacking accounts.

With reports of hacking on the rise, it’s more important than ever to take proactive steps to securing your accounts to avoid potential serious impacts on your brand and bottom line.

Tips to Secure Business Manager

• Two-Factor Authentication (2FA): In Business Manager, you can require that all users with access have 2FA turned on for the profile they use to access Business Manager. Any individual invited to join Business Manager will automatically be prompted to turn this on and won’t be able to join until they do
• Business Verification: Verifying your business through Business Manager’s Security Center gives you access to additional tools and resources for security.
• Backup admins: Ensure that there are always at least two admins in case someone loses access or gets locked out of their account
• Trusted Email Domain: Through Business Manager, you can set up a trusted email domain. Users invited with that trusted email domain can be added automatically, but anyone without this trusted domain will need to be approved by another admin before access is granted
• Use professional Facebook accounts: Personal Facebook and Instagram accounts are much more likely to be hacked simply because they’re used more often. Having your agency employees create Facebook accounts under their work email addresses and only using those accounts for Business Manager access can reduce the likelihood of someone gaining unauthorized access.
• Strong passwords, updated often: Use a strong password for all social media accounts (random password generators are great!), and update your password at least once every 6 months, but ideally more often.
• Regularly manage access: Access should be immediately removed from anyone who is no longer employed at your agency as part of a standard offboarding process. Admins should maintain a record of all users with access to Business Manager and regularly check activity.
• Stay up-to-date on phishing scams: All employees should be careful about clicking on links in emails or messages. Check the “from” email address–is it a real domain? If in doubt, don’t click! Check with your IT department before proceeding.

The recent influx of hacking incidents targeting users with access to Business Manager accounts is a reminder of the need to prioritize security measures. Every employee with access to Business Manager has a role in maintaining the integrity of social accounts, and proactively combating brand reputation and financial risks associated with security breaches. Smarty’s team is well-versed in Business Manager and can audit your current setup to assess security risk, or we’re available to work with you hand-in-hand to protect your social assets and stay on top of the latest best practices!