.png)
If your Facebook or Meta Business account were taken from you tomorrow, what would it cost your business?
This is an unfortunate reality for too many business owners and marketers; they hear of it happening to their clients and to other marketers more than we’d like.
"This data breach impacted approximately 29 million Facebook accounts globally, of which approximately 3 million were based in the EU/EEA.”
https://www.dataprotection.ie/en/news-media/press-releases/irish-data-protection-commission-fines-meta-eu251-million
For many small business owners, it would mean losing access to their audience, their ads, their content, and, in some cases, their ability to make their money online. And yet, security is often something that gets pushed right down the to-do list.
In truth, most account breaches aren’t targeted attacks. They’re almost always opportunistic. The hacker/attacker finds someone with weak passwords, reused emails, or perhaps they're missing security steps that make it easy for someone to get in.
The good news is that you can significantly reduce your risk of being hacked by getting a few key things right. I want to show you how to update your email, create a stronger password, and properly set up two-factor authentication (2FA) on your account.
Sounds simple, but this is where a lot of people go wrong right away. As you know, if someone gains access to your email, they can easily reset your passwords and take control of your Meta account without much (or any) resistance.
One of the simplest ways to strengthen your security is to separate your public email from your login email. Most businesses have a public-facing email address listed on their website or social media, something like hello@yourbusiness.ie or info@yourbusiness.ie. That’s perfectly fine for customer inquiries but shouldn't be the same email you use to log into your accounts.
Instead, use a private email address that isn’t publicly available for logging into platforms like Facebook and Meta Business Suite. This reduces your exposure. If someone can't easily find your login email, they can’t easily target it with phishing attempts or password reset attacks. Which I get far too often, to be honest.
To update your email, go into your personal Facebook profile, then into the menu from your profile in the top right hand corner and select "Settings and Privacy", then Settings and open the Accounts Centre (you'll find this on the left hand side of your screen. Click into Contact Info under Personal Details and then add your new email address, confirm it, and then remove any old or unused ones.
Please remember to ensure your email address:
It’s a small change, but it does add an important layer of protection.
Passwords are still one of the biggest weak points in account security. If you’re using the same password across multiple platforms, or something short and memorable, you're making it much easier for someone to get into your account.
I personally prefer to use the free websites like https://1password.com/password-generator.They are fully randomised and they can be as long as you want. Although it recommended to make it between 12-20 characters.
A good password should:
Trying to remember lots of complex passwords isn’t realistic, so this is where I would recommend a password manager. It allows you to generate and store strong, unique passwords for each platform without needing to memorise them. It can range from a couple of euro/dollars per month upwards, depending on how many passwords you want to record, of course.
As an aside, if you've ever shared your login details with a team member or perhaps an agency, it's worth updating your password now. So please check that the right people ONLY have access to your platforms. Access should always be managed through Meta Business Suite rather than sharing login information.
If there's one thing you should prioritise from this blog, though, please make it this. Two-factor authentication adds a second step to your login process. Even if someone has your password, they won’t be able to access your account without a verification code that you have access to.
On Facebook, you can enable 2FA through the Accounts Centre under Password and Security.
You’ll be given a few options, but the most secure method is to use an authentication app like Google Authenticator or Microsoft Authenticator. These apps generate a code on your phone that refreshes every 30 seconds.
This is way more secure than SMS because it doesn’t rely on your mobile network and can't be intercepted in the same way. It even works if you don’t have a signal. SMS (text message) codes are still better than having no 2FA at all, but they should be seen as a backup rather than your primary method.
Once you’ve set up your 2FA, you’ll be asked for a code whenever you log in. It adds a small extra step, but it does dramatically reduce your risk.
For you as a business owner, this is an especially important step. If you’re running ads or managing a page, Meta may require 2FA for anyone with access to your business assets.
I won’t lie, until I did 2FA, I’d never heard of backup codes, but they are there for your protection.
When you set up 2FA, you’ll be given a set of backup or recovery codes. These are one-time use codes that allow you to log in if you lose access to your phone or authenticator app.
You can find them by going into:
Most people either ignore these or take a screenshot and forget about them.
What I would recommend, however, is to:
Obviously, please avoid leaving them in your email inbox or camera roll. Also, if you ever change or lose your phone, then you need to go back in and generate a new set of codes.
I’ve touched on this separately above but wanted to emphasise the importance of who else can access your accounts.
Over time, you may have given access to employees, freelancers, or agencies. It’s likely some of these people may no longer be working with you but still have access. If this is the case, then you need to follow these steps:
Go into your Business Settings in Meta Business Suite and review:
Please remove anyone who no longer needs access and make sure your current team members only have the permissions that is required for their role. And importantly, ensure that everyone with access has 2FA enabled.
A lot of these hacks start with a phishing email or DM. This simple entry root can do so much more damage than you just losing your business page. These individuals can and may send scam messages or posts to your audience. They can access your debit/credit card and do ads using your money and, of course, damage your brand reputation irreparably.
Recovering your account is possible, but it can be a hugely time-consuming process and can involve multiple people at Meta during the process. Prevention is far easier than trying to fix the problem after the fact.
You wouldn't show or give your debit card PIN number to someone randomly at an ATM, so just use 2FA as your automatic way to log in to your business tools and accounts.
Your Meta Business account isn’t just social media platforms. They’re business assets. Securing them doesn’t require any specific technical expertise; it’s just a bit of awareness and action.
Using a private login email, creating strong passwords, enabling 2FA with an authenticator app, and safely storing your backup codes will put you in a much stronger position than most.
If you need any guidance or help with any of this, please contact me today.
Working with clients Nationwide from base in Mullingar.
.png)
.png)