Think you just need to get back in and change your password? Think again. You need to check, and if necessary sort, four things:
- Email address
- Mobile phone number
- List of applications granted access to the account
The first item – password – is the most obvious and usually the most important. However, simply changing and securing the password will not be enough if there are problems with any of the other three items as they all would leave the way open to someone abusing the account (again).
Check and change your password
If you think there may be a problem with an account, try to login and change the password to a unique password that is not, and has not been, used for anything else. (Ideally, don’t just pick a good one, make it unique and store it in a password safe.)
If you are not able to login – i.e. because a malefactor has already changed the password – then try using the option offered to reset your password. This will normally involve sending an email to the email address registered on the account.
If none of that works, try these help pages:
- Facebook: https://www.facebook.com/help/131719720300233
- Instagram: https://help.instagram.com/368191326593075/
- LinkedIn: https://www.linkedin.com/help/linkedin/answer/56363?lang=en
- Twitter: https://support.twitter.com/articles/31796?lang=en
Check the email address
As touched on above, if you have problems with an account, the email address may well have been changed as that’s a way for hackers to get email reset messages to go to them, rather than you.
So once you are able to login to it, you should check which email address(es) are listed in the profile and, if necessary, edit the list. In particular, remove any which you do not recognise or are no longer in use.
Check the mobile phone number
Often a mobile phone number is also associated with an account, and this can be used as an alternative route for resetting passwords and the like. Therefore, as with email addresses, you should check which phone numbers are listed on the account and again remove any which you cannot verify as being correct or which are no longer in use.
Check the list of applications granted access
You also need to check the list of software applications granted access to the social media account. There are many legitimate reasons why a programme may have been granted access. For example, if you use Hootsuite, it will need permission to access the different social media channels being managed.
However, the ability to let software programmes access an account on your behalf can be abused, so you should check and if necessary prune the list:
- Facebook: https://www.facebook.com/settings?tab=applications§ion=all (if you have a Facebook page which has been in trouble, you should check this address for all the different Facebook profiles which have administrator access to the page)
- Instagram: https://www.instagram.com/accounts/manage_access/
- LinkedIn: https://www.linkedin.com/psettings/permitted-services
- Twitter: https://twitter.com/settings/applications
Don’t wait for problems
Good luck – and remember you don’t have to wait for a problem to do these checks. They’re a good idea to do periodically anyway and especially after any odd events which may have been the result of human error, or may not…
This advice, of course, applies just as much in the corporate or not for profit sectors as it does for political campaigners. If you’re in either of the former and would like to talk about social media security, best practices and planning in more detail, do get in touch with myself and my colleagues at Teneo Blue Rubicon.