Even if you’re embarrassed, it’s important to let people know that you’ve been hacked – and most importantly, set up your accounts and educate staff to avoid it happening again.
If a business’s social media accounts are hacked, it can be hugely detrimental to its reputation and relationship with the public.
Here, security experts and social media professionals share advice on how to handle a hack and restore your company’s image.
Change passwords on all accounts
First, determine whether you’re still able to log into the hacked account.
“If you can log in, change the passwords on all your social media accounts – not just the ones that have been hacked,” advises Romain Ouzeau, chief executive of Iconosquare, an Instagram analytics company. “As some social media platforms offer the ability to log in via other sites and services [Tweetdeck, for example], you may be compromised on additional networks.”
As a general rule, Rob Brown, vice president of the Chartered
Institute of Public Relations
(CIPR), advocates the use of a different password for each social media platform. “Update passwords every two months, choosing longer passwords that contain different characters, and use two-step verification if a social media service offers it,”
If you’re not able to log in, head straight to the social media company’s contact pages and tell the relevant team that you’ve been hacked.
Clean up the mess
If you’ve been hacked, there’s a chance that communications will have been sent from your account by the offender.
“If this happens, take a screen grab of the content before removing it,” says Lee Campbell, cyber computing lecturer at the University of Gloucestershire. “Then report the breach to the social media provider.
“If the compromised social media account includes content of a threatening, or abusive nature, report it to the police via Action Fraud, the UK’s national fraud and cyber crime reporting centre.”
Communicate and take control
Even if you’re embarrassed, it’s important to let people know that you’ve been hacked.
“Post an update from the reclaimed hacked account, stating what has happened and that unauthorised changes and/or communications may have occurred,” says Blaise Grimes-Viort, chief services officer for social media business, The Social Element.
“If any private or direct messages have been sent, contact those who received them directly to tell them what happened and that they shouldn’t click on any of the links that were sent.”
It’s also worth checking to see which third-party apps (auto post tools, for example) are connected to your social media profile. Review the list and delete any that you no longer use. If you keep seeing unwanted content posted through your account, you may want to revoke access for all third-party apps.
Prevention is the best plan
“It's easier to act quickly in the event of a hack if you have a response plan in place beforehand, and if employees are trained to identify attacks,” says Ben Rose, co-founder of insurance provider,
“The majority of cyber attacks are caused by human error – deliberate or not – so employee training and communication should also cover advice on spotting suspicious activity, such as phishing emails.”
There are also some simple things that you, as a business owner, can do to improve security across your network. Use the latest antivirus software, run frequent scans for malware (malicious software) and perform a regular off-site backup of your systems.
“You can manually adjust the settings on your [social media] account profile pages, restricting who can see your posts, photos and user profile,” says ethical hacker, Ken Munro, of Pen Test Partners. “Also, tighten access to your mobile devices by setting a pin number of at least six digits on each.”