Modernizing Authentication — What It Takes to Transform Secure Access
Do you manage a Facebook Page for your business or organization? If so, you're probably aware that many of the same security issues that plague personal profiles also apply to Pages. But what you may not know is that there are several additional security issues that you should be thinking about when managing a Facebook Page.
The top areas you should be thinking about include: Securing your Page, locking down your admin accounts, and securely managing apps, comments, posts, and abuse.
In this article, I’ll discuss each of these areas and give you some tips on keeping your company's Facebook presence as secure as possible.
Configure Your Page for Maximum Securityhttps://o1.qnsr.com/log/p.gif?;n=203;c=204634421;s=15939;x=7936;f=201702151714490;u=j;z=TIMESTAMP;a=20304455;e=i
To review and manage your Page settings, you must first log in with your personal Facebook account. Once you're logged in, click the arrow in the upper right corner and select your page. Now you'll be using Facebook as your Page (rather than as yourself), and you'll be able to review and update your page settings and permissions, admin accounts, and featured settings. You can also access these settings by clicking the Edit Page button in the upper right when viewing your Facebook Page. You'll want to periodically review these settings, as Facebook often makes changes and additions in these areas.
On the Your Settings page, it's a good idea to enable the setting labeled Always comment and post on your page as [Your Page Name], even when using Facebook as [Your Personal Name]. Doing so will help hide your personal Facebook account from your Page's visitors, which is a good idea in case your personal account gets hacked. On this page you'll also likely want to enable the email notifications so you can regularly keep tabs on postings and comments left by the public. If you have other people set up as Page admins, keep in mind these settings are unique to each admin. It's a good practice to make sure all admins are following a consistent policy with regard to these settings.
On the Manage Permissions page, pay close attention to the Posting Ability, Moderation Blocklist, and Profanity Blocklist settings.
On the Manage Admins page, make sure you keep the list of admins up-to-date and remove anyone who no longer needs access.
On the Featured page, it's a good idea to stay away from designating any of your admins as Featured Page Owners, because the act of exposing your admins' personal accounts could make your Page more vulnerable to hacking. Furthermore, your admins might inadvertently post content on their personal profiles that would not be appropriate for your Page visitors.
Protect Your Admin Accounts
Remember, admin access to your Page content and settings is managed via personal Facebook accounts. Any person that is set as an admin for your Page can login with his or her personal Facebook account credentials to manage the page. This means that if an admin's personal Facebook account becomes compromised, then the hacker automatically has admin access to the Page content and settings as well. (Unfortunately, admins can't mitigate this risk by creating multiple Facebook accounts: It is a violation of Facebook’s Statement of Rights and Responsibilities to maintain more than one personal account.)
To help keep their personal accounts secure, all Page admins should be familiar with and follow the tips and best practices listed on the Facebook security page and in the downloadable Facebook Security Guide. Some of the steps you can take to secure your personal account include: Making your profile and content private, and enabling SSL connections. You should also carefully review which apps have access to your account and disable all the ones you can live without.
Manage Apps, Comments, and Abuse
Facebook apps let you add custom functionality to your Facebook Page, which can help create a more compelling experience for your visitors. For example, you can use the Hosted iFrame app to add custom tabs to your Facebook Page.
But before you add a Facebook app to your Page, make sure to read the app reviews and carefully review the list of permissions requested by the app. Some apps may pose privacy risks while others may be completely malicious. Review your app list periodically and remove those you don't use.
If you allow posting by visitors (as specified in permissions), you can always remove posts and comments from your page that you deem inappropriate. Simply view your page, hover over the post or comment, and you’ll find a small icon for deleting it. If you accidently remove or hide a post, you may be able to recover it by clicking the Wall link on your Page and selecting Hidden Posts.
You can also remove or permanently ban troublemakers from your page. When removing a post or comment, you’ll be asked whether or not you want to just delete the content or delete and ban the user.
To help protect your business or brand, you should periodically search Facebook for any third-party pages or profiles about your organization. Users could create hate groups and imitation pages about your organization or brand for malicious reasons.
Lastly, you might want to check Facebook’s official Privacy for Page Admins info. If you have specific questions regarding pages or their security, consider posting them on the Facebook Pages Forum. And it bears repeating that you'll want all page admins to follow good security practices when using their personal accounts as well, so be sure to check out the general Facebook Security page too.
Eric Geier is the founder of NoWiresSecurity, which helps businesses easily protect their Wi-Fi networks with the Enterprise mode of WPA/WPA2 security. He is also a freelance tech writer. Follow him on Twitter: @eric_geier.