Do you know who has access to your social media accounts? Six top tips for keeping your social media accounts safe

Do you know who has access to your social media accounts? Six top tips for keeping your social media accounts safe

View profile for Laura Morris
  • Posted
  • Author
Do you know who has access to your social media accounts? Six top tips for keeping your social media accounts safe

It’s easily done. You don’t have much time for social media, so you don’t log in and post for a while. Months go by. Then suddenly you decide to log back into your social media accounts but for the life of you, you can’t remember your password. You try to recover your account, only to discover you don’t know which email address is tied to the account. No one at the office can remember who was an admin of the page. So, you’re stuck. Sound familiar?

It’s easy to lose track of passwords and who has access to your social media accounts, but it’s not so easy to get back into them again! Not only is it a headache when you have to trawl through Facebook’s help section or send a hopeful support ticket to Twitter, but it’s also a cybersecurity risk. Not knowing your passwords or who has access to your accounts can leave them vulnerable to hackers.

Luckily, we’ve compiled some dos and don’ts to help you keep track of passwords and who has admin access.

Six top tips for keeping your social media accounts safe

Change your passwords regularly

You should think about changing your passwords every few months to keep hackers at bay. Try not to use a password that is easy to guess or contains any words associated with you or your business. For example, if your firm name is Best Lawyers, then don’t use the password BestLawyers1.

The National Cyber Security Centre recently recommended using three random words in your passwords rather than a complex variation of numbers, letters and symbols. Once you’ve chosen your new password, keep it in a safe and secure place, like a password manager, which is restricted to only a few key members of staff.

Review admins regularly

On Facebook and LinkedIn, to set up a company profile, you need to create ‘admins’ who will have access to the page to allow them to post content, edit company details, set up ads and assign other page roles. This should be reviewed with regularity to ensure that any admins who have left the business have their admin access revoked, or similarly if someone has gone on an extended period of leave or has switched departments.

There should be a minimum of three people with admin access to your Facebook or LinkedIn accounts to ensure that there is always someone around, should there be any sort of social media emergency! It’s good practice to list these people and their contact details within your social media policy document so that everyone is clear who has access and responsibility. This document should then be updated annually.

Two-factor authentication

Most social media platforms today offer some form of two-factor authentication (2FA) to give your accounts an extra layer of security. This means that if someone tries to log into your account from an unknown IP address or device, they will be required to enter a code that can either be sent via email, via text message or can be obtained using an authenticator app.

If you have 2FA set up, be sure to regularly review the telephone numbers associated with each account to ensure that they are secure, but also that you have a way back into your accounts, should you get locked out.

Use a shared email address

When setting up accounts on Twitter or Instagram, it’s always a good idea to use an email address that several people have access to. For example, at Conscious, we have an email address for each team within the business, which everyone on that team has access to. So, if you have a marketing team that uses one main email address (e.g. marketing@ then use this one.

This helps you to avoid situations when the person who set up the account using their personal email address leaves the company without passing on the account to someone else first. It then becomes difficult for their replacement to get access again. Most social media platforms require you to have access to the original email used to set up the account in case you get locked out, so make sure multiple people have access to it!

Set up a dummy personal profile (except LinkedIn)

A problem that we’ve come across many times at Conscious is that people simply do not want to attach their personal profiles to a company page on Facebook and LinkedIn. We get it, you don’t really want a colleague reading through your private messages. However, there is a way around this on Facebook (not on LinkedIn - we’ll come to that later).

To do this on Facebook, create a personal profile, give it the name of your firm and use the email address we discussed in the previous point that several people have access to. Once you have this setup, you can go on to create a page that has this personal profile as the admin. However, we’d still recommend having a few admins on the page, just in case that personal profile gets locked or hacked. So, this doesn’t avoid the problem entirely.

On LinkedIn, unfortunately, this isn’t an option, as the rules are much stricter. LinkedIn seems to be better at picking out dummy accounts than other platforms, and if they restrict a personal profile, you’ll be asked to provide proof of ID to get back in. If you’ve created a dummy account, obviously this won’t be possible.

Review levels of access and app integrations

On Facebook and LinkedIn, you have the option to give people different levels of admin access. For example, on LinkedIn, the levels of access range from Analyst (only able to view and export analytics) at the lowest level and Super admin (can manage everything on the page and manage other admins) at the top level. On Facebook it ranges from Analyst (can view who created posts and view Insights) to Admin (can manage all aspects of the page).

It’s a good idea to only give people in your firm the level of access they require, to ensure full control of the content being posted and who is made an admin of the page.

It is also a good idea to check which apps or integrations are connected to your profile on a regular basis. Whenever you use a third-party app with your Facebook or LinkedIn account (for example Hootsuite), you should make sure that the app is trustworthy and that you understand what information will be used by that app.

To check this, go to ‘Settings and Privacy’ on Facebook, then click ‘Apps and websites’ and ‘Business integrations’ to see what’s connected to your account. On LinkedIn, go to ‘Settings & Privacy’, then scroll down to ‘Other Applications’ to see which apps you’ve given permission to access your data.

Give your social media accounts a spring clean

It might seem like a lot to remember, but once you have a system in place, it becomes much easier to manage your passwords and control who has access to your social media accounts. Having all the details in one place (e.g. a social media policy) which everyone in the firm can access, can create transparency as well as make it easier for people to contact the right people quickly should a PR or security emergency arise.

At Conscious, we’re social media experts, so if you need a hand getting organised, we’re here to help! Get in touch on 0117 332 5719 or drop us a line at