It’s a phrase which no one working in social media or marketing wants to see appear in their inbox.
“You have been removed as an admin of [BRAND PAGE] on Facebook.”
If you’re on the receiving end of this message, it could be an honest mistake, like an accidental removal by another page admin. It could be something more sinister, like a phishing attempt to gain access to your Facebook account or personal info.
But if you log into Facebook to investigate only to find that the page itself along with thousands of fans has disappeared, chances are high that your brand page has been the victim of a Facebook hack.
Hacked Facebook brand pages usually occur as an extension of a personal Facebook account hack. If a user’s account is compromised and that user is an admin of a brand’s Facebook page, a saboteur can gain access to all of the brand page’s admin powers including posting, role management and overall page settings. This opens the door not only to the posting of malicious content, but also to the ability to remove other page admins from their role and unpublish or delete the page altogether.
If you think your brand’s Facebook fan page has been a victim of hacking, you and every employee with Facebook page access should go through Facebook’s hacked account reporting process immediately. It might require coordination, but it’s important to be patient and open in correspondence with Facebook. Hopefully they can restore your access, but if their systems don’t detect malicious activity, it’s not guaranteed.
Fortunately, the situation surrounding Facebook security need not be so dire. There are a few simple safeguards we at Traction Factory recommend to any brand or marketer looking to prevent account hacks and ensure their Facebook brand page(s) stay secure.
One of the easiest ways to prevent a breach or accidental loss of access is to limit the number of users with the Admin role on a page. Try to keep the number of page admins – the masters of all page settings, publishing and role assignments – to one or two users. Assign additional roles like Editor, Moderator and Analyst to your users based on what they need rather than providing everyone with blanket access to edit your page and post as your brand.
Another great method for securing brand (and personal) Facebook pages is to enable two-factor authentication. Two-factor authentication requires users to input a verification code in addition to a password when attempting to log-in from an unrecognized device. We recommend that all Page Admins use two-factor authentication to prevent a hacker gaining access to your brand’s Facebook page.
Facebook offers a variety of two-factor login methods, including text message (SMS) codes, the Code Generator within Facebook’s mobile app, using a USB security key, and more. Details on setting up two-factor authentication can be found here.
For brands with multiple pages and ad accounts or several people managing Facebook marketing, Facebook Business Manager is essential for added security and management. In addition to housing all a brand’s Facebook assets (Pages, Ad Accounts, Audiences, Apps, Facebook Pixels, etc.) in a central location, Business Manager allow brands to claim ownership over pages and ad accounts and act as a “super-admin” that can manage all users’ roles and permissions without the possibility of removal by another admin.
Business Manager can also be set-up with two-factor authentication for all employees in the business, regardless of an individual user’s security preferences.
Facebook has an excellent step-by-step guide for setting up Business Manager with multiple employees and assets.
. . . .
These security recommendations are important in preventing your brand’s Facebook page from getting hacked and experiencing the same rude awakening as thousands of other hack victims. But they’re just one part of developing a cohesive, engaging social strategy for your customers and fans. If you’re interested in learning how Traction Factory builds momentum on social media, strike up a conversation with us over Facebook, Twitter or email.