20% of small and medium businesses have been hacked on social media

For most organisations, social media marketing is a cornerstone of their online marketing strategy.  As such, many businesses will identify their digital and social media presence as one of their greatest assets.  Building up a following on various social media platforms can take years.  Yet, the time and effort spent building up this following could be destroyed in a few seconds with a careless tweet or post, or not responding quickly enough to negative comments and feedback or a hack.

According to a report by UK business law specialists, Slater and Gordon, almost one in every five SMEs have had their social media accounts hacked by cybercriminals. Most of them are unaware of the risk and realise only when it is too late.

Worrying levels of vulnerability

The research revealed worrying levels of vulnerability at 500 UK SMEs, with  64% of those surveyed experiencing a demanded of cash ransoms from social media hackers in return for handing back control.

Despite the persistent threat, 38% of all owners had no processes for dealing with hacks.  However, 42% of those impacted have reviewed procedures since the cyber attacks.

25% of respondents rarely checked their businesses social media activity – particularly the feedback their businesses were receiving on social media. The research further showed that a small portion of business owners and managers stated that they do not have access to the company’s social media accounts, with 25% experiencing being locked out on at least one occasion because the member of staff who had the login details had either left the company or had gone on holiday.

Moreover, less than 50% employed a dedicated social media manager, handing over complete control of the company’s social media accounts to junior or younger staff employees under the false assumption that a younger member of staff is more tech-savvy.

More than 30% of SMEs surveyed, do not have a social media policy in place, nor offer any training for employees with regards to posting comments on accounts that can cause damage to the business.

What to do if your business social media accounts are hacked

There are many examples of incidents becoming amplified by social media, causing significant long-term damage to a business’ reputation and bottom line. The speed with which potentially damaging events develop in the digital age, highlights for small and medium business just how important it is to be prepared and have robust processes in place.

As an example, with 500 million users globally, LinkedIn now has 23 million in the UK alone.  This illustrates just how fast-growing and far-reaching social medium platforms are.

All too often,  SMEs only identify the risk once it’s too late after they’ve suffered a hack or some severe reputational damage because of a careless or malicious post.  Social media is a potent tool for those who know how to use it. Failure to recognise that and take it seriously could have potentially damaging consequences for a business.

Business’s whose social media accounts have been hacked must take swift action.  Taking a few of the below steps can limit the impact:

1. Change the password to the hacked social media account

Provided you can log into the social account which has been hacked, the first step for businesses is to change the password to the compromised social media account immediately.

Related: Tips for improved password security

Choose a more robust password comprising of upper and lower case letters, numbers and symbols.  If permitted, use special characters too.  When choosing a new password, avoid the use of any identifiable information in the password about yourself or your business, such as business and employee names.

Most social media accounts such as Facebook, Twitter and Google, provide two-factor authentication. Some social media platforms will allow you to toggle login verification on and off as required.

2. Change the passwords for any remaining social media accounts

Once the hacked account has been secured, the businesses should change the password to any remaining social media accounts.  This is particularly important is if the same password has been used. This step will prevent further social media accounts from being compromised.

Unique passwords should be used for all social media accounts. If your business has a large number of social media accounts, it may prove to be challenging to create different, unrelated passwords.  As such, a password manager application may be helpful to generate and store passwords.

3. Report the social media account breach

Report any social media hack or breach to the social media provider directly.  This can usually be done directly from the post itself.

In the event the messages or posts are offensive, businesses will be keen to have the offensive posts removed as soon as possible to avoid any damage to the business brand.  However, make sure the breach is reported first.

Once deleted, businesses will no longer have a link to the damaging post, which could prove challenging if it is required as evidence in the future. Before the item is deleted from your feed, take a screenshot and save the evidence.  In case the hacker has posted or sent messages from your business’s account, make sure to take screenshots of these too. This will help support your update to your followers or customers explaining the situation.

Any threatening messages can be and should be reported to the police.

4. Check the activity log

By checking the activity logs, businesses can identify when and where their social media account has been logged accessed. Activity logs will also detail anything which has been sent from the account or changed about the business profile.

This is particularly useful, since there may be activity or interaction from your account with your followers which isn’t immediately apparent, or your account may have been used to give ‘likes’ or ‘followed’ other accounts when not under your control.

Most social media platforms provide an activity log function.  On Facebook, for example, suspicious account activity can be determined by going to to the security section under the settings menu and clicking ‘End Activity’ under the ‘Where You’ve Logged In’ section. The activity log can be accessed via the drop-down menu on the top bar next to the notifications.  This can be used to check posts, reactions, likes and shares. Don’t forget to check your messages.

5. Inform customers of the hack

Once you have reclaimed your social media account, businesses should post an update explaining that the account was compromised.

The right person or team should craft the update. Ideally, the team should comprise of individuals involved in crisis communications on your social media channels.  This would have been decided in advance, preferably during the initial set up of the accounts.

Depending on the nature of the hack or breach, and the impact, businesses may choose to apologise to your audience; however, they should be careful not to admit liability.

6. Implement preventative measures

The final step involves taking action to ensure that your business’s social media is not hacked again. Preventative measures include:

• Setting up login notifications – This will inform assigned individuals every time someone logs into your business’s social media accounts.
• Deploying anti-malware software – Corporate devices which can be used to access company social media accounts should have malware protection to prevent the use of keyloggers and trojans, which may comprise your social media account security.
• Changing social media account passwords regularly – The use of a password manager would help with the administration and management of passwords.
• Reviewing your cyber security and social media policies – If the ‘hack’ was from a staff member, consider your IT, HR and social media policies.