Best Practises for a Secure Meta Business and Facebook Account

Your Facebook and Instagram Business Pages and Meta Business Account are crucial assets for your brand’s online presence, but they can also be prime targets for hackers and cyberattacks. Protecting these accounts from unauthorised access is vital. In this guide, we’ll show you how to secure your Facebook and Instagram Business Page and Meta Business Account using 2FA (Two-Factor Authentication), managing admin roles, and implementing other security best practices.

I regularly get requests from businesses as part of our social media services who have unfortunately found themselves hacked or locked out of their accounts and are desperate to retrieve their assets. Unfortunately, Meta isn’t the easiest platform to navigate and their customer services are notoriously difficult to get hold of. So how do you prevent these issues?

If you are asking any of the following questions, or have found yourself in these scenarios, you need to read this article:

• What is the difference between admins and partners in Meta Business suite?
• Why do I need 2FA (two-factor authentication).
• I can’t get access to my Facebook page/ Meta Business suite, help!
• I haven’t updated my Facebook admin access in a long time.

First things first, let’s secure you Facebook and Instagram accounts!

Despite Instagram and Facebook both being owned by Meta, the creation process for business pages is very different. Whilst you don’t need to already have a personal account to create a business page on Instagram, you do need to have one for creating a business page on Facebook…go figure… For the sake of this article, I’m going to assume you have already created a Facebook/ Instagram business page (I will be releasing a new article soon on how to do this from scratch and how to ensure best practise set up).

1. Set Up Two-Factor Authentication (2FA) on Facebook, Instagram and Meta Business Suite

Two-Factor Authentication (2FA) adds an extra layer of security to your Facebook Business and Meta Business Suite accounts. It requires a second form of verification (usually a code sent to your phone or email or via an app) in addition to your password. Let’s start with Facebook first.

Step-by-Step Instructions for Enabling 2FA on Facebook (via desktop- recommended):

1. Log into your Facebook account and click the drop down in the top right attached to your profile roundel.
2. Go to ‘Settings & Privacy’ → ‘Settings.’
3. Click on ‘Security and Login’ in the left sidebar under Account Centre.
4. This will then take you to a new page titled Accounts Centre. Under Account setting, click password and security.
5. Under login and recovery in the centre of the page, click ‘Two-Factor Authentication’ and select your profile. As mentioned, for Facebook, your business page will be attached to the personal account you used to create the profile so you can go ahead and click that. If you have linked your Instagram page to your Facebook account (which you should) then this will also appear as an option underneath.
6. Choose your preferred security method:
   -Authentication App (recommended): Install a trusted authentication app like Google Authenticator or Duo Mobile. The reason I recommend this is because text message can be precarious. I personally found myself locked out recently because the 2FA’s stopped sending to my mobile so using a reliable app is easier to access, particularly as this can then be access on any mobile device so log as your logged in with your Google account.
   -Text Message (SMS): Receive a code via text message.
7. Follow the on-screen instructions to complete the setup.
8. Enter the code you receive to verify your 2FA.
9. Go back in and set up a secondary security method. Having two options means that if one method fails, Facebook will give you an alternative to retrieve access.

Step-by-Step Instructions for Enabling 2FA on Instagram (via mobile- recommended):

1. If you have linked your Instagram account with your Facebook, as mentioned above, this should appear as an option on desktop underneath your Facebook profile. If so, you can follow the steps above.
2. If not, head to your Instagram business profile on mobile and click your icon in the bottom right to take you to your profile.
3. Click the 3 burger lines in the top right which will take you to settings and activity.
4. Click the Account’s centre and scroll down to ‘password and security’ underneath the Account Settings header.
5. Click ‘Two-Factor Authentication’ and select your profile. Similiarly, if you have connected your Facebook account with your Instagram account (as recommended) your Facebook account will also appear as an option underneath for you to action from here.
6. Choose your preferred security method:
   • Authentication App (recommended): Install a trusted authentication app like Google Authenticator or Duo Mobile. The reason I recommend this is because text message can be precarious. I personally found myself locked out recently because the 2FA’s stopped sending to my mobile so using a reliable app is easier to access, particularly as this can then be access on any mobile device so log as your logged in with your Google account.
   • Text Message (SMS): Receive a code via text message.
7. Follow the on-screen instructions to complete the setup.
8. Enter the code you receive to verify your 2FA.
9. Go back in and set up a secondary security method as per above recommendations.

Step-by-Step Instructions for Enabling 2FA on Meta Business Suite (via desktop- recommended):

1. Log in to your Meta Business Suite account.
2. In the drop down menu on the left, select the cog icon next to your business portfolio
3. Go to ‘Business Portfolio info’ and scroll down to the bottom to the Business Options section
4. Find the ‘Two-Factor Authentication’ section and toggle it on (you can choose for everyone or admins only (we recommend everyone).
5. Choose your verification method (SMS or Authentication App) and follow the prompts.

2. Manage Admin Access and Roles on Meta Business Suite

Granting admin access to your Facebook Business Page comes with significant responsibility. Ensure that only trusted individuals have admin rights, and regularly review and adjust roles. You’ll see in your Business Suite portfolio settings (the cog next to your business portfolio) that you have an option for People (admins) and Partners to assign roles to.

What is the difference between people and partners in Meta Business Portfolio?

Simply put, People are the individuals who are given access to a business’s assets, such as ad accounts and Facebook or Instagram pages. People (admin) can be added from within your business or from outside of it. For example, you may wish to add a freelance social media consultant to access your businesses Facebook page, to create and schedule content. Partners on the other hand are other businesses, such as agencies or clients, that are given access to a business’s assets. Partners must have their own business portfolio to be added. For example, a marketing consultant could be added as a partner to access your ad account or pages to deliver campaigns or manage your social media content. The agency can then assign specific roles to its employees to access the assets on their side.

Who should you assign as People and Partners in Meta Business Suite?

If you are a sole trader or a solo business owner, I recommend you add yourself and a back up, secure account (using another email address) as a full access admin. That way, if for whatever reason you lose access to one of your log ins, you have an alternative to gain access. If you are are business owner with multiple employees, add those too as admins, but consider what level of access you give them, depending on their seniority/responsibility within the business.

You will also need to think about putting measures in place for regular auditing of who has access to the accounts along with exit processes for employees who leave the business, ensuring their admin rights are removed and other’s are brought in to replace.

Partners are better placed for any contractors or agencies you work with as that will allow them to efficiently manage your accounts on their side, without your People list getting cluttered with random names.

Step-by-Step Instructions for Managing Meta Business Suite People and Partners:

1. Log in to your Meta Business Suite account.
2. In the drop down menu on the left, select the cog icon next to your business portfolio
3. Under Users, select People and click the blue button ‘Invite People’ on the right hand side.
4. Type in their email address and select next.
5. Under ‘Assign a New Page Role,’ type in the person’s name or email.
6. Choose their level of access from the list:
   • Basic- This is the level of access any person added as an admin gets. They can only work on Pages, Instagram accounts or other business assets that you assign to them.
   • Apps and Integrations- Allows them to set up Conversions API, monitor events, edit applications and create access tokens.
   • Full control (think carefully about who gets this level of access)- This is the most control that you can give someone. They can do all of the above, assign other people full control and delete the business portfolio.
   • Under the drop down for advanced options, you can toggle with the Finance levels- View or manage financial information for the business portfolio, such as transactions, invoices, account spend and payment methods.
7. Next assign which assets you want the admin to have access to. This can be specific business pages or your ad accounts depending on their role and the reason for having access to the portfolio.
8. Click ‘Add,’ and the person will receive an invitation to their email.

3. Keep Your Account Information Up-to-Date

It’s essential to keep your contact information accurate, so Meta can reach you in case of suspicious activity or account recovery.

Updating Account Info for Facebook

1. Log into your Facebook account and click the drop down in the top right attached to your profile roundel.
2. Go to ‘Settings & Privacy’ → ‘Settings.’
3. Under Account Centre on the left, click personal details and ensure those details shown are correct and your ID has been confirmed.

Updating Account Info for Instagram

1. Log into your business profile on mobile and click your icon in the bottom right to take you to your profile.
2. Click the 3 burger lines in the top right which will take you to settings and activity.
3. Click Accounts Centre and under Account Settings, check that the personal details are correct in the ‘Personal Details’ section.

Updating Account info for Meta Business Suite

1. Log into your Meta Business Suite account
2. In the drop down menu on the left, select the cog icon next to your business portfolio
3. Click Business portfolio info at the top and check your contact details and business information is correct.

Keeping an eye on where your Facebook and Instagram account is logged in can help you identify any suspicious activity. Regularly check active sessions and log out from unfamiliar devices.

How to Monitor Active Sessions on Facebook:

1. Log into your Facebook account and click the drop down in the top right attached to your profile roundel.
2. Go to ‘Settings & Privacy’ → ‘Settings.’
3. In the table on the left, scroll down til you see ‘Your Activity’ and click activity log.
4. Click Security and Log in information from the left hand table. This will bring up a 3 options, ‘Logins and Logouts’, ‘Where you’re logged in’ and ‘Recognised devices’. Those last two will show you what devices and accounts have recently logged in. If you spot any that you don’t recognise or look suspicious, click the 3 dots next to the activity and log out.
5. Then consider changing your password.
6. You can also select to turn log in alerts on in the same section so you will be notified when a new device or account logs in.

How to Monitor Active Sessions on Instagram:

1. Log into your business profile on mobile and click your icon in the bottom right to take you to your profile.
2. Click the 3 burger lines in the top right which will take you to settings and activity.
3. Click Accounts Centre and under Account Settings, click password and security.
4. Scroll down to Security checks and click ‘where you’re logged in’. If you spot any that you don’t recognise or look suspicious, click the 3 dots next to the activity and log out.
5. Then consider changing your password.
6. You can also select to turn log in alerts on in the same section so you will be notified when a new device or account logs in.

Conclusion

Securing your Facebook and Instagram Business Page and Meta Business Suite account is essential for protecting your business from cyberattacks and hackers. By enabling Two-Factor Authentication, managing admin roles, keeping account information updated, and staying vigilant against phishing attempts, you can significantly reduce the risk of unauthorised access.

Implement these steps today to safeguard your digital assets and keep your business running smoothly. If you have any questions or need further assistance, get in touch and we can run an audit on your accounts to see where you’re security is lacking.