Brought to you by the Cisco Innovators Program
Small businesses are a growing fan base for Facebook. Seventy percent of U.S. local small businesses interested in online marketing now use Facebook for marketing, up from 50 percent one year ago, according to a February report by MerchantCircle. Many businesses consider Facebook their best friend for low-cost brand marketing. Some also enable shopping on their pages, using Storefront, Payvment, or another ecommerce application.
A Cybercriminal Fan Club
Facebook is also a favorite of Internet criminals, says the Cisco 2010 Annual Security Report . It’s a big target, with more than 500 million active users. Even CEO Mark Zuckerberg’s Facebook account was recently hacked. Facebook does offer its account administrators some privacy tools ; it also provides general security tips. The risks to Facebook visitors are widely publicized—the dangers lie in what links people click, what invitations they accept, and what private information they enter.
The risks to Facebook business accounts are not as obvious.
Security Risks to a Business
Security breaches of a company’s Facebook account can expose the business’s confidential information, violate its privacy contracts with users, erode customer confidence, and damage its brand. The security risks most likely for a business Facebook account include:
- Malware that infects the administrator’s account. Intrusion may be accomplished by password cracking, phishing, or an insecure Internet connection, and can enable a hacker to take over the administrator’s account.
- Malware that infects the advertisements or other links on a Facebook page.
- Misuse of information in visitors’ postings by the business’s account administrator or other employees.
- Employee posts that leak confidential business information.
There’s no magic bullet that will protect your account. Just as you protect your business network by integrating a variety of security technologies, you need several strategies to protect your business’s Facebook account.
Following are general best practices and 10 specific tips.
Post and Enforce Your Usage and Privacy Policies
Help protect users from themselves.
1. State on your Facebook pages your policies on visitors’ use and the privacy they can expect for their posts and clicks.
2. Monitor visitors’ activity. Enforce your policies. Include links on your pages to report spam, scams, and other inappropriate activity.
Strengthen Account Administration
This is the linchpin for protecting social media pages.
3. Assign at least two administrators (admins) for your account. The admins should continually monitor and promptly respond to new Facebook policy changes and features, always considering the impact on the business.
4. Use an Internet firewall with web threat protection, such as Cisco® ProtectLink Web , to authenticate admin access by IP address, and to disallow ads with malware.
5. Enable the Facebook security feature that will alert you whenever an admin accesses your account.
6. Select strong admin passwords and update them at least every three to six months.
7. Require that remote access to your Facebook account by admins be done in a VPN session. Alternatively, Facebook offers a security setting that allows connections via HTTPS. Admins may also use Facebook’s one-time password feature to receive a temporary password on their mobile phone, which can be useful for remotely accessing the account from a nonsecured device.
8. Regularly review the admins’ activity, and remove inactive or unnecessary admins.
9. Create, update, communicate, and enforce a company use policy that specifies Facebook do’s and don’ts, including how employees may interact with visitors and use visitors’ information.
10. Encourage employees to report information that has been incorrectly shared, or when they think that there may be a security issue.
Discover the variety of Cisco security solutions for small businesses.
Find a local Cisco Certified Partner that serves small businesses and can provide security expertise.