As social media becomes more important for businesses, social networking security is becoming critical as well. In this guest post, Henry Enebeli offers some tips IT pros and marketers can use to secure their organization’s Facebook pages.
Facebook pages have become a key component of an organization’s marketing campaign. As such, it is very common to see businesses invest substantially to establish a massive presence on Facebook. As Facebook pages become increasingly valuable as a marketing tool, securing them against theft (an area that is often overlooked) becomes paramount.
First, it is worth noting that while a Facebook page has its own profile, it can’t exist as a standalone account like a personal account can. It requires a personal Facebook account to setup and administer a page, and because a personal account is the gateway to the page, it is a prime target for intruders (not just the page itself).
Therefore, this article addresses the threat of page theft from both the page’s standpoint and also its corresponding personal account.
1. Manage admin roles properly
As a security measure, a Facebook page should be set up such that it has only one account designated as a page manager. The manager will have sole right to add or remove other admin accounts. He/she would typically grant admin privileges to other admins no more than they require to carry out their duties. A page set up this way would reduce the risk of a third party hijacking it through the other admin accounts.
2. Password length and complexity
This is arguably the most talked about Facebook security measure. Ironically, it is also the easiest to overlook. Despite the number of times it’s been mentioned in the past, it is worth reiterating that all admins should use complex passwords containing mix-case alphanumeric characters (this greatly reduces the risk of a brute-force/dictionary attack). In addition to this, admins should ensure that their passwords are renewed periodically
3. Enable two-factor authentication
To combat the issue of account compromise, Facebook introduced two-factor authentication. Basically, this requires users to link a verified phone number (to a personal account) which will be used to grant log-in approval. With this feature enabled, any attempt to log in into a personal account from an unrecognized browser will prompt the user to enter a six-digit number (sent to the verified phone number) to proceed. This adds an extra layer of protection since a potential intruder must have the phone and password to break in.
4. Third-party application permission
Be very careful with third party applications that request access to personal information and pages. You need to know exactly what information the apps are requesting access to and ensure that they don’t have more permission that is required. Also, do proper research and read reviews about the app and the reputation of the developers behind it.
5. Hide Personal & Page Owner Information
A potential intruder would probably start by gathering information about the target account. So, the less information the company reveals publicly, the more difficult it is to compromise the Facebook account. For example, a username is required to log in to a personal account. This username can be an email address, phone number, Facebook email address or Facebook username. Because this information, by default, appears in the “About” section of a personal profile, it is a good idea to hide this information. Also, hide the page owner identity from the “About” section of the company’s Facebook page so that a potential intruder will have no clue about what personal account to go after.
6. Turn on secure browsing (https)
This ensures that the data exchanged between the web browser and Facebook’s server is encrypted. As such, it cannot be read or forged by a third party. This feature is enabled by default. However, if for some reason secure browsing is not enabled, turn it on in your personal Account Settings.
7. Enable email/SMS notification
Enable email and SMS notification (under Account Settings) especially as it relates to security. For example, the page’s Admin can opt to receive instant notification on security related activities on the account. This way, if a third party attempts to gain access to the account, the right person will be notified by Facebook via email and/or SMS.
While there is no 100% foolproof solution to completely eliminate the risk of Facebook security breaches, implementing the solution above should help mitigate the threat.
In addition, always be on the look out as Facebook periodically introduces new features to further secure its platform. If you have specific questions, Facebook’s help community (www.facebook.com/help/community) is the place to post them, as well as learn from others.
About the author: Henry Enebeli is an IT professional with over 5 years of experience in providing end-to-end ICT solutions/services to small and medium enterprise. (Linkedin profile-> http://ng.linkedin.com/pub/henry-enebeli-ccna-mcitp-mcts/14/826/974 ) He can be reached via firstname.lastname@example.org