Hackers are in full force. Ensuring the security of your Facebook Business Manager is paramount. A compromised account not only puts your assets at risk but also those of your employees and clients. Meta’s response to a breach involves freezing all associated assets, a process that can take days or even weeks to resolve.
To safeguard against such risks, here are essential measures you can take:
1. Review and Manage Access Permissions:
Navigate to the People tab under Users in Business settings.
Identify and remove former employees or agency partners with unnecessary access, especially those that are inactive.
2. Export People Permissions and Business History:
Download a spreadsheet showcasing people’s permissions from the People tab in Business settings > Business Info > Export a history of management actions taken by people in this business account.
3. Enable Two-Factor Authentication:
Ensure that all Admins/Full Control users have Two-Factor Authentication (2FA) enabled.
I use the Google Authenticator app for enhanced security, rather than text codes, as your mobile phone number can easily be cloned and the Authenticator app is attached to your device.
Head to Business Settings > Business Info > Business Options. In the Two-Factor Authentication section, choose ‘Everyone’ for added security.
4. Maintain Multiple Admins:
Ensure there are at least 2-3 admins on the account.
Meta sends a confirmation to an additional admin in case of any status changes among the existing admins.
5. Remove 3rd Party Apps:
Regularly check and remove unnecessary third-party apps linked to both Facebook and Instagram.
Go to Facebook Personal Profile > Settings > Apps and Websites / Business Integrations.
Go to Instagram, tap Settings > Website Permissions > Apps and Websites.
6. Invite Only Trusted Email Domains:
You can manage a list of trusted email domains in the Security Center in Business settings.
Only invite individuals with trusted email domains to enhance security.
Obtain approval from another person with full control for inviting those without trusted email addresses.
7. Check Pixel access:
Check which website domains you receive pixel events from.
- Go to Events Manager.
- Click the Data sources icon on the left-hand side of the page.
- Select your pixel.
- Click Settings.
- Select Create allow list or Create block list from the drop-down menu under Traffic permissions.
- Click the button to confirm your selection.
8. Phishing links:
Be wary about links sent from “Facebook” telling you that your Page in violation for example. Most of these direct messages are not from Facebook. The hacker uses scare tactics to get you to click on the link diverting you to a cloned site that looks like you are logging into Facebook.
If you receive an email that you are not sure about, click forward and check the sender address.
If you ever get an email claiming to be from Facebook, you can also confirm if Facebook have sent it by checking if it came from facebookmail.com and by reviewing recent emails we’ve sent you from a list in your security and login settings.
Review recent emails sent from Facebook
- Go to your Security and login settings by clicking in the top right of Facebook, clicking Settings & privacy, then click Settings
- Click Security and login.
- Scroll down to See recent emails from Facebook and click View.
Here are some things to bear in mind:
- Facebook will show you recent security emails (such as a request to change your password) from the last two weeks in your SECURITY tab.
- If you see an email saying that Facebook has changed your password or made a change to your Facebook account that you don’t remember doing, you can click I didn’t do this or Secure your account to let us know so that we can help you review recent activity.
- Facebook will show you any other recent emails sent in the last two days in your OTHER EMAILS tab.
- If Facebook send an email containing a special link or a security code, they may hide that information in your security and login settings to help protect your Facebook account. You’ll need to be able to log in to your email account in order to view it.
By implementing these measures, you can significantly minimise the risk of unauthorised access and protect your Facebook Business Manager.
Regularly reviewing and updating security settings is crucial in the ever-evolving landscape of digital threats.
Stay proactive and ensure a secure digital environment for your business and its stakeholders.