A man and a woman work at a table in a brightly lit workroom. The woman stands on the right and uses her smartphone to take a picture of the white patterned dress laid out on the table in front of her. The man sits on the left with an open laptop and a cardboard box on the table in front of him. Behind them are a clothing rack hung with brightly colored sundresses and a wooden shelving unit holding carboard boxes and wicker baskets.
If your Instagram account is connected to your business and followed by your customers, it's even more imperative to make sure it's secure. — Getty Images/seksan Mongkhonkhamsao

Social media has become the number one contact method for scammers targeting users in their 40s through 60s. With more than 2 billion active monthly users, Instagram is a prime attack vector for fraudsters. Phishing scams, fake giveaways, imposter accounts, and malware attacks are all risks that businesses face on Instagram.

Protecting your Instagram business account is crucial to maintaining your brand's reputation and preventing personal information theft. In this guide, we’ll talk through the best practices all Instagram account owners should follow to protect their Instagram accounts.

How to protect your Instagram from being hacked

Follow these best practices to deter hackers from infiltrating your account and keep your information secure.

Use a strong password

This advice may sound basic, but it’s surprising how many people still use obvious or easily crackable passwords. Data from LastPass shows that only 12% of people always use unique passwords; as a result, 96% of the most common passwords can be cracked in less than one second.

What makes a password strong? Experts at Cybernews suggest adhering to the following guidelines:

  • Use at least 12 characters.
  • Use a combination of uppercase and lowercase letters, numbers, and symbols.
  • Make your Instagram password unique from every other account.
  • Make it significantly different from any previously used passwords.
  • Do not use a familiar name, person, character, product, or personal information.

You should also change your password every three months. If you struggle to create unique passwords, consider using a password manager like 1Password or LastPass. Finally, plug your password into How Secure Is My Password?, a free password strength checker, to make sure you aren’t inadvertently using an insecure or common password.

Implement two-factor authentication

Strong passwords are just one component of an airtight login process. Instagram also offers the option to enable two-factor authentication (2FA) for your account.

“Two-factor authentication protects your account by requiring a code if there’s a login attempt from a device we don't recognize,” wrote Instagram. “It’s the single most effective step to protect your account from hackers.”

To turn on 2FA, make sure you’re logged into your profile and then follow these steps:

  1. Click More in the bottom left, then click Settings.
  2. Click See more in Accounts Center, then click Password and security.
  3. Click Two-factor authentication, then select an account.
  4. Choose the security method you want to add and follow the on-screen instructions.

You can use an authentication app, such as Google Authenticator, or receive a one-time passcode via text message or WhatsApp. The safest option is to use an app so you don’t lose access to your account in case your phone number changes.

Minimize access to third-party apps

Many users, including businesses, use Instagram to log into other apps, like photo editing tools, stock image sites, or apps for managing contests and giveaways. And even if you haven’t used these apps in years, they still have permission to access your account — meaning if they get targeted, hackers could easily get your account details.

Revoke access to any apps you aren’t using by opening your Instagram profile, clicking on the Settings button, navigating to Website permissions, and clicking on Apps and websites. Here’s where you'll find a list of apps you’ve authorized access to. Choose the ones you wish to revoke access to and save.

Implement an Instagram user policy

Phishing is one of the biggest threats on Instagram. While strong passwords and 2FA mitigate phishing attempts, you and your team members are still susceptible to social engineering attacks. An Instagram policy and regular training can help boost awareness of these threats and prevent user error from putting your data at risk.

A social media policy encompasses many things, but the security section should address:

  • Rules related to personal Instagram use on business devices and networks.
  • Activities to avoid on Instagram.
  • Roles and responsibilities for your Instagram account.
  • Password guidelines (such as how often to reset your account password).
  • Signs of common scams, attacks, and other Instagram threats — and how to avoid them.
  • Steps to take if a security concern on Instagram arises.

Setting roles and responsibilities should also consider who can access your account, who needs to approve your content, and what user permissions to set for different people.

[Read more: How to Host an Instagram Giveaway or Contest]

Strong passwords are just one component of an airtight login process. Instagram also offers the option to enable two-factor authentication (2FA) for your account.

How to recover a hacked Instagram account

In the unfortunate event that your account is compromised, visit instagram.com/hacked to recover control and start mitigating any damage. On this page, you’ll be prompted to answer a series of questions to help the platform understand what’s going on.

You can also try the following recovery steps:

Check your email

You may receive an email from security@mail.instagram.com informing you that your email address was changed. To undo this change, click on the option “secure my account” in that message.

If the hackers also changed your password and you cannot change back your email address, request a login link or security code from Instagram.

Request a login link/security code

Another option is to request that Instagram send a login link to your email address or phone number.

  1. On Instagram’s login screen, tap Get help logging in.
  2. Enter the account username, email address, or phone number and click Send login link.
  3. Complete the captcha to verify you are a human and click Next.
  4. Click the login link in your email or text message and follow the prompts to recover your account.

If you don’t have access to your account's username, email address, or phone number, you’ll need to go to the Request Instagram Support page and follow the on-screen instructions.

Verify your identity

Instagram may ask you to submit proof of identity in order to recover your account. “We’ll ask you to help us verify your identity by providing the email address or phone number you signed up with and the type of device you used at the time of sign up (example: iPhone, Android, iPad, other),” wrote the platform’s help center. “If you request support for an account with photos of you, you'll be asked to take a video selfie of you turning your head in different directions to help us check that you’re a real person and confirm your identity.”

Once you submit the video selfie, Instagram will send login instructions to your email address to help you recover your account.

For more information about the account recovery process, check out Instagram’s Account Safety & Security page.

[Read more: 9 Steps to Starting a Business Instagram]

CO— aims to bring you inspiration from leading respected experts. However, before making any business decision, you should consult a professional who can advise you based on your individual situation.

CO—is committed to helping you start, run and grow your small business. Learn more about the benefits of small business membership in the U.S. Chamber of Commerce, here.

Published