Facebook always tries to make life difficult for library marketers, and their security options are no exception. A viewer wrote in to ask if staff can use their work email address to create a profile, separate from their personal Facebook page, to manage the library’s Facebook page.
The answer, and tips on how to keep your library’s Facebook account safe without burdening your staff, are in this episode of The Library Marketing Show.
Plus, we’ll give kudos to a library that entices readers and builds book FOMO (fear of missing out!) with a straightforward and strategic column in their local newspaper.
Do you have a suggestion for a topic for a future episode? Do you want to nominate someone for kudos? Let me know here. Thanks for watching!โ
Subscribe to this blog, and youโll receive an email whenever I post. To do that, enter your email address. Then, click the โFollowโ button in the lower left-hand corner of the page. You can also follow me on the following social media platforms:
Subscribe to this blog and youโll receive an email whenever I post. To do that, enter your email address. Then click on the โFollowโ button in the lower left-hand corner of the page. You can also follow me on the following social media platforms:
How many spam Facebook messages have your library’s Facebook page gotten? Lately, they’ve been downright scary.
They tell you that your account is at risk of being suspended because you’re violating regulations. They make it seem like your library has done something wrong and they try to pressure you to respond. And they are a security risk.
I’ve learned a technique to stop these messages. I’ve used it on NoveList’s Facebook account and it works.
I’ll show you exactly how to do it in this episode.
Plus, kudos go to a library from a library marketer who admires their work.
Do you have a suggestion for a topic for a future episode? Want to nominate someone for kudos? Let me know here. And thanks for watching!โ
Subscribe to this blog and youโll receive an email whenever I post. To do that, enter your email address and click on the โFollowโ button in the lower left-hand corner of the page. You can also follow me on the following social media platforms:
The Library Marketingโโโโโโโโ Show, Episode 167: This episode is a must-see for any library that posts on Twitter.
Elon Musk’s takeover of the social media platform has put accounts at risk. I’ll explain the threat and the four steps your library can take right now to reduce the chances your library’s account will be cloned or hacked.
Do you have a suggestion for a topic for a future episode? Want to nominate someone for kudos? Let me know in the comments. And subscribe to this series to get a new weekly video tip for libraries.
Thanks for watching!
Subscribe to this blog and youโll receive an email whenever I post. To do that, enter your email address and click on the โFollowโ button in the lower left-hand corner of the page.
It happens more often than you realize. 36 percent of all internet users report theyโve been hacked, and some were victims more than once.
If your library’s accounts are compromised, it’s critical to gain control back as soon as possible. Bookmark this post so you and your fellow staff members will know what to do.
How do you know a hack has happened?
Admins for library social media accounts should be on the lookout for the three main signs of hacking.
You receive an unprompted email that you changed your login email or password when you did no such thing.
You canโt log in to your accounts.
Your account displays posts and direct messages you didnโt create.
Platform-specific steps to take if you determine youโve been hacked.
Youโll notice I advise you to take screenshots during various steps in this guide. You may need evidence of the hack to get control back of your account. Itโs also just good practice to take screenshots and save them to use as you review what happened with your supervisors or staff.
Facebook
Look at your Page Roles to see if unauthorized people have been added as admins to your account. If they have, take a screenshot, and then remove them immediately.
Next, check Page Info to make sure your authorized phone number, email, and website have not been changed. If any unknown or unauthorized numbers are listed, take a screenshot and then delete them.
Go to Page Management History to review changes that may have been made to your page by hackers. Again, take a screenshot of any suspicious activity.
Finally, go to your Activity Log. Log out of any sessions you do not recognize but first, (you guessed it!) take a screenshot.
If you cannot log into your Facebook account, try sending yourself a password reset email, and recover your account through your registered email address.
Check Settings and Privacy to see if unauthorized people or email addresses have been added as admins to your account. If they have, take a screenshot, and then remove them immediately.
Also under Settings and Privacy, check the phone number associated with your account. If any unknown or unauthorized numbers are listed, take a screenshot and then delete them.
If you cannot log into your Twitter account, and a password reset does not give you access, go to the Twitter Help Center and choose Hacked Account from the list of options. Follow the steps to recover control of the authorized email associated with the account.
Check Privacy and Security to see if unauthorized people or email addresses have been added as admins to your account. If they have, take a screenshot, and then remove them immediately.
Check Edit Profile to make sure that your authorized phone number is still associated with your account. If any unknown or unauthorized numbers are listed, take a screenshot and then delete them.
Check Login Activity to see if your account was accessed from any suspicious locations or devices.
Youโll also want to check Contacts and delete any unauthorized synced contacts. Take screenshots of all suspicious activity.
If you still cannot log into Instagram, contact Instagram directly and work with them to recover your account. The steps to do this vary depending on the mobile device you are using. You’ll find those steps on theย Instagram Help page. ย
LinkedIn
Look at your Admin section to see if unauthorized people or email addresses have been added as admins to your account. If they have, take a screenshot, and then remove them immediately.
If you cannot access your LinkedIn account, contact LinkedIn immediately by submitting the Reporting Your Hacked Account form.
Pinterest
Pinterest will place your account on Safe Mode if they suspect suspicious activity. Safe Mode locks your account protecting your pins and preventing any further unauthorized changes or actions. In order to unlock your account from Safe Mode, theย password must be reset. ย
Click on the down arrow next to your profile photo in the upper right-hand corner and select Settings, then Edit Profile. Check to make sure your authorized phone number, email, website, and location have not been changed.
Also under Settings, click on Security to check that there are not unauthorized connected devices.
Notify your followers that your accountย may haveย beenย compromised. This will prevent your fans from clicking on any suspicious posts or messages that appear to be coming from your library’s page, but may contain malware.
Check to see if there are any new apps or connections created with links to your accounts. If so, delete them. Hackers often gain access to social media accounts through third party apps.
Did I miss anything? Has your library been a victim of social media account hacks? Let us know in the comments below.
Subscribe to this blog and youโll receive an email every time I post. To do that, click on the โFollowโ button in the bottom left-hand corner of the page. Connect with me on YouTube, Twitter, Instagram, and LinkedIn.
Next week on the blog: What to do if your library’s social media accounts are hacked!
Two years ago, I listened to two episodes of the Social Media Examiner podcast that gave me nightmares.
The first episode featured an interview with a fitness instructor who lost control of ALL her accounts in the span of an hour. Her quest to gain control back was a saga I don’t ever want to experience.
The second episode featured an interview with the Social Media Examiner team as they recounted the day they lost control of their own Facebook business account.
If it can happen to Social Media Examiner, it can happen to your library.
Here’s the truth: most of us are too trusting. We probably don’t think a social media security breach will never happen to us. But we couldn’t be more wrong. In the first six months of 2020, the data protection company ZeroFOX reported a 95 percent increase in threat activity on social media accounts, compared to the last six months of 2019.
We may be even more vulnerable right now, with staff members working from home and resources stretched thin. One library I know allows more than three dozen staff members to post on their various social media accounts. I’m happy to say they are taking steps to beef up their social media security. But I fear there are too many libraries who operate in this way.
Anti-virus and malware software are essential, but that’s only half the battle. You need to take steps to protect your library’s social media accounts from compromise.ย Here’s how to do that.
Limit access to your social media accounts.
If you have a large team of people who post for you, consider trimming to no more than five admins for all social media accounts. Most platforms like Facebook or LinkedIn will let you assign roles to people. Limiting access is a good way to protect your full account’s security.
What should you do if you have a large social media team who currently post on your accounts? Ask your team to send pre-written posts with photos, videos, and graphics to a team leader via email or a shared file system like Google Drive, Trello, or Base Camp. Your social media account admins can pull and post that pre-written content.
Create an email exclusively to manage your library’s social media accounts.
This step will prevent your social media accounts from being compromised if one of your admins accidentally opens a suspicious link or file in their own work or personal email.
Use two-step authentication.
Most platforms will ask you to enter a randomly generated code every time you log in. Take the extra step. It’s better to choose safety over convenience.
Pick strong, unique passwords.
According to the digital risk protection company Idagent, 80 percent of data breaches in 2019 were caused by password compromise. That’s why choosing a strong password is critical.
Strong passwords contain:
At least six characters.
A combination of numbers, symbols, and letters.
Letters in both upper and lowercase characters.
No connection to your library. Don’t use the name of your mascot or the numerical portion of your street address in your password.
The easiest way to create strong passwords is to use a secure password generator like Passwordsgenerator.net. You should also consider a process for storing your passwords in a secure location, like a locked file on your Share drive. You could choose to pay a small fee for a password manager like LastPass.com and 1password.com.
Finally, you must also be sure the password you use for each social media platform is unique. Don’t use the same password across all your accounts.ย
Change your passwords often.
Don’t get too attached to your passwords. Changing them is an inconvenience, but it’s a small price to pay for peace of mind.
A good rule of thumb is to change your passwords at least every quarter, but more often is even better. You should also be sure to change all passwords anytime a staff member who had access to your social media accounts leaves the library’s employment.
Don’t use your library’s public Wi-Fi.
Theย U.S. Securities and Exchange Commission warns that public Wi-Fi is not secure. Cybercriminals easily gain access to passwords and other data on these types of wireless networks.ย Use your staff Wi-Fi or a Digital Subscriber Line (DSL) if available.
If you are posting on a mobile device in a location outside the library with public Wi-Fi, use your cell service instead of the public Wi-Fi. Cell service providers use encryption to ensure safety. You may need to consider the purchase of a library-owned device with cell service so staff aren’t using their personal cell service to post for the library.
Did I miss anything? Did your library experience a social media attack and if so, how did you handle it? Let me know in the comments below.
Subscribe to this blog and youโll receive an email every time I post. To do that, click on the โFollowโ button in the bottom left-hand corner of the page. Connect with me on YouTube, Twitter, Instagram, and LinkedIn.
Super Library Marketing: Practical Tips and Ideas for Library Promotion 