Photo courtesy Public Library of Cincinnati and Hamilton County

Next week on the blog: What to do if your library’s social media accounts are hacked!

Two years ago, I listened to two episodes of the Social Media Examiner podcast that gave me nightmares.

The first episode featured an interview with a fitness instructor who lost control of ALL her accounts in the span of an hour. Her quest to gain control back was a saga I don’t ever want to experience.

The second episode featured an interview with the Social Media Examiner team as they recounted the day they lost control of their own Facebook business account.

If it can happen to Social Media Examiner, it can happen to your library.

Here’s the truth: most of us are too trusting. We probably don’t think a social media security breach will never happen to us. But we couldn’t be more wrong. In the first six months of 2020, the data protection company ZeroFOX reported a 95 percent increase in threat activity on social media accounts, compared to the last six months of 2019.

We may be even more vulnerable right now, with staff members working from home and resources stretched thin. One library I know allows more than three dozen staff members to post on their various social media accounts. I’m happy to say they are taking steps to beef up their social media security. But I fear there are too many libraries who operate in this way.

Anti-virus and malware software are essential, but that’s only half the battle. You need to take steps to protect your library’s social media accounts from compromise.  Here’s how to do that.

Limit access to your social media accounts.

If you have a large team of people who post for you, consider trimming to no more than five admins for all social media accounts. Most platforms like Facebook or LinkedIn will let you assign roles to people. Limiting access is a good way to protect your full account’s security.

What should you do if you have a large social media team who currently post on your accounts? Ask your team to send pre-written posts with photos, videos, and graphics to a team leader via email or a shared file system like Google Drive, Trello, or Base Camp. Your social media account admins can pull and post that pre-written content.

Create an email exclusively to manage your library’s social media accounts.

This step will prevent your social media accounts from being compromised if one of your admins accidentally opens a suspicious link or file in their own work or personal email. 

Use two-step authentication.

Most platforms will ask you to enter a randomly generated code every time you log in. Take the extra step. It’s better to choose safety over convenience.

Pick strong, unique passwords.

According to the digital risk protection company Idagent, 80 percent of data breaches in 2019 were caused by password compromise. That’s why choosing a strong password is critical.

Strong passwords contain:

  • At least six characters.
  • A combination of numbers, symbols, and letters.
  • Letters in both upper and lowercase characters.
  • No connection to your library. Don’t use the name of your mascot or the numerical portion of your street address in your password.

The easiest way to create strong passwords is to use a secure password generator like You should also consider a process for storing your passwords in a secure location, like a locked file on your Share drive. You could choose to pay a small fee for a password manager like and

Finally, you must also be sure the password you use for each social media platform is unique. Don’t use the same password across all your accounts. 

Change your passwords often.

Don’t get too attached to your passwords. Changing them is an inconvenience, but it’s a small price to pay for peace of mind.

A good rule of thumb is to change your passwords at least every quarter, but more often is even better. You should also be sure to change all passwords anytime a staff member who had access to your social media accounts leaves the library’s employment.

Don’t use your library’s public Wi-Fi.

The U.S. Securities and Exchange Commission warns that public Wi-Fi is not secure. Cybercriminals easily gain access to passwords and other data on these types of wireless networks. Use your staff Wi-Fi or a Digital Subscriber Line (DSL) if available.

If you are posting on a mobile device in a location outside the library with public Wi-Fi, use your cell service instead of the public Wi-Fi. Cell service providers use encryption to ensure safety. You may need to consider the purchase of a library-owned device with cell service so staff aren’t using their personal cell service to post for the library.

Did I miss anything? Did your library experience a social media attack and if so, how did you handle it? Let me know in the comments below.

You may also like these posts

How To Create a Library Social Media Policy for Your Staff and Your Community That Encourages Interaction and Keeps Everyone Safe

Five Easy Fixes for the Little Mistakes That Threaten to Sabotage Your Library Marketing!

Latest Book Review

The Heiress by Molly Greeley

Subscribe to this blog and you’ll receive an email every time I post. To do that, click on the “Follow” button in the bottom left-hand corner of the page. Connect with me on YouTube, Twitter, Instagram, and LinkedIn.