Like other social media platforms, Facebook is a critical tool for many businesses to connect with customers, promote products, and build brand loyalty. If your business's Facebook account is compromised, it can have serious repercussions, including the loss of sensitive information, reputational damage, and financial consequences. Don't panic – there are red flags you can look out for to prevent a Facebook hack and actions you can take to get your business account back. 

Keep an eye out for phishing 

The latest spate of business Facebook accounts use a sophisticated phishing technique where they spoof an email warning from Facebook, a Meta product. These fake emails link to authentic-looking web forms where the hackers try to convince victims to input their login information, including multi-factor authentication codes! Whenever you get seemingly official communications from companies that request you click a link, hover your cursor over the link to see if the web address will take you to the company's actual website (in this case, Facebook). Better yet, ignore the links and go to the website directly in a new tab to see if there is an issue. If you are still concerned, contact Meta support.   

Stay calm and assess the situation 

Whenever you get an email requesting urgent action, or discover an account was hacked, your first move needs to calm your nerves. Panicking can lead to rash decisions that might worsen the situation, such as clicking on a phishing link. Assess the extent of the breach. Do you still have access to the account? If not, what have the cybercriminals done? Have they posted unauthorized content, messaged your followers, or changed account details? 

Secure your account 

If you can still log into your account, immediately change your password. Your password should be unique to Facebook, at least 16 characters long, and a random mix of letters, numbers, and symbols. Use a password manager to generate and store awesome passwords for every account. If you haven't already, turn on MFA – this adds another level of protection to your account. And remember, never share an MFA code with anyone, and don't approve access to your account if you aren't trying to login!

Report the hack to Meta

While social media platforms aren't known for their customer service, Meta and Facebook have a dedicated process for reporting compromised accounts that you should follow. Visit the Facebook Help Center and follow the steps to report a hacked account. Facebook will ask questions to help you recover control. This process may involve verifying your identity and reviewing recent account activity.

Tell your Friends and Followers

We think transparency is crucial during a security breach. Inform your followers about the hack through a post or message. Assure them that you are taking steps to resolve the issue and encourage them to ignore any suspicious content they might have received from your account. You aren't just maintaining trust – as a public-facing business, we think you have an obligation to help prevent further damage caused by phishing or scams. 

Review account activity

Once you regain control of your account, review all recent activity to identify unauthorized actions. Check for new posts, messages, and changes to your account settings. See the locations and devices where cybercriminals logged into your Facebook. Take notes and screenshots – send this to your local law enforcement as evidence. Remove content the hacker posted and reset any changes they made. Pay special attention to payment methods if you use Facebook for advertising, as hackers might have attempted to misuse your financial information. Talk to your bank and replace any debit or credit cards connected to the account.   

Monitor for unusual activity

Always monitor your account for unusual activity. Set up alerts for login attempts and new device logins. Regular monitoring can help you catch and address potential threats before they escalate. We call this cyber resilience. It emphasizes the ability to withstand and recover from cyberattacks and adapt to new threats. 

You can take your business's Facebook back 

A hacked business Facebook account can be stressful, but taking swift and strategic actions can mitigate the damage and help you regain control. By securing your account, informing your followers, and strengthening your cybersecurity measures, you can protect your business and continue to leverage social media as a powerful tool for growth. 

Learn to manage your business’ cyber risk 

Facebook and social media hacking are not the only cyber risks facing your business. NCA’s CyberSecure My Business program prepares small & medium sized business owners and operators how to manage their cyber risk. The training program takes one hour per week for six weeks and is taught live, focusing on policies and practical actions you can take to protect your business. If you want to understand your unique cyber risk profile, what you need to ask your IT team or IT vendor, and how to protect your staff from attacks that can cost you money, join us in the program!