top of page

Don't Hack Your Customer Base

By Daniel Garcia


Over the past several weeks, I have written about best practices for advertising online, advertising using emails, using truthful advertisements, and using artificial intelligence to keep your business at its peak performance. All of these topics serve a vital role during a pandemic, allowing small business owners to maximize their efficiency and maintain a profitable business or at least stay afloat. Another medium of advertising that small businesses utilize is social media marketing. In these times of social distancing and stay-at-home orders, social media advertising has grown to be one of the most important methods of advertising for small business owners. There is a new wave of "couch-surfers" scouring for their next purchase on the web and social media apps. Yet, like all forms of doing business, there is some risk involved with using social media to advertise to consumers, the risk of being hacked.

Social Media Advertising and its Hack

Social media encompasses many different platforms, including Facebook, Instagram, and Twitter, to name a few that dominate the market. It is no surprise that small businesses turn to social media to advertise or display their products or services because each of these platforms has over a billion active users. Facebook alone has 2.41 billion active users monthly. According to Statista, 81% of the U.S. population has at least one social media account. Whether a small business makes a Facebook page, Instagram account, or Twitter account, they all can be used to garner goodwill among consumers and excellent reputation while also adding another layer of communication and support. However, with this sought-after communication tool, there comes the risk of being hacked.

Most of your consumers are likely aware of the recent Twitter hack, where celebrities, companies, and CEO's Twitter accounts were compromised, and a "bitcoin scam" was subsequently posted to its followers. The scam provided that if the followers were to send a certain amount of money via bitcoin, the account owner would send back twofold. The smoking gun was that all the accounts hacked had the same link across the board to send the cryptocurrency payment. Unfortunately, some individuals fell victim to the scheme.

Yet, these types of attacks are not uncommon. Large companies can act quickly and notice when customers are being misled, or their accounts are compromised. For example, Apple almost immediately deleted the unauthorized tweet and regained access to their account. In contrast, small business owners may not notice the unauthorized use as quickly, and the unauthorized use may continue for a more extended period, resulting in more harm to consumers. Small business owners simply don't have the capital for robust security measures and lack the personnel to monitor every use of their social media accounts continually.

Even with robust security measures, the most common method of penetrating large and small businesses is exploiting an employee's weakness. Now that doesn't mean a covert mission to blackmail the employee, but rather taking advantage of human error. According to EY Global Information Security Survey, Employee weakness was responsible for 20% of cyber-attacks, and unsurprisingly the Twitter hack above was accomplished by manipulating a small number of employees and used their credentials to access the Twitter internal systems. You can read more about the social media hack and follow the updates here.

You might be thinking, "there is no way myself or my employees can fall victim to these schemes." Well, it is crucial not to be overly confident, even the seemingly most protected areas, such as the Pentagon, have fallen victim to attacks. An employee at the Pentagon clicked on a Twitter link that advertised a friend's family vacation. As a result, the hackers had access to one of the Pentagon's official computers. There are countless methods that hackers can use to penetrate your social media account and affect your businesses. However, don't worry; near the end of this article, I have outlined some steps and links to follow to help prevent corruption of your social media accounts as well as measures to take if you have fallen victim to a social media hack.

Why Does This Matter?

Small Businesses are prime targets

Social media hacking isn't new, and its only growing as the years go on. It is estimated that there is a cyber-attack every 39 seconds. Overall, 43% of cyber-attacks are targeting small businesses, and the total number of attacks across the nation has grown exponentially during the COVID-19 pandemic. According to the FBI, there has been a striking increase of 300%. What does that mean for small business owners? As they rely on using social media to keep business afloat during the pandemic and reach consumers in the comfort of their home, the attacks are increasing at a substantial rate. A scary rate considering 60% of small businesses close up shop within six months of being hacked. Small businesses are easy targets because, as mentioned above, they simply lack the security infrastructure that large corporations have, and also have the same level of human error that can be prevalent in a social media account. As such, small business owners should take extra precautions. Understanding the methods used can help them combat and quickly notice when something is wrong.

There are different approaches hackers use when taking over a social media account. They can either post information under the guise of the business, message customers with malicious links, or spread false information. The first method is similar to the Twitter hack mentioned above, where an unauthorized user will gain control of an account and elicit information that serves a monetary function to the unauthorized user. The Twitter hack involved the payment of Bitcoin to the hacker. The second can be a more discrete attack that may take longer to notice that there has been a breach. For example, a hacker after gaining access to a social media account can send individual URLs to consumers that direct them to malicious sites or malicious programs to steal information from the consumer's computer. This can be in the form of documents, credit cards, or other sensitive information. The last way, while not as malicious as the former two, is spreading false information which can be political, related to the business such as discounts, or even lies such as "buy this product and be entered to win $20,000." You can see other various social media hacks that have involved big names, such as Starbucks, Costco, and Bath and Body Works here.

Even if a business were to survive an attack by tackling the hack early on and continue business as usual, there is a more substantial cost beyond the immediate hack, such as brand reputation and customer goodwill. The countless years, effort, and money spent to develop your brand and social media following can be eviscerated in seconds with a hacked tweet or post. Large companies can expend a seemingly infinite amount of money in advertisements to correct the harm caused, which is not the case for small businesses. If consumers of small business owners fall victim to the attacks mentioned above, it can lead to losing countless consumers and future consumers. Small businesses may not have the funds to reassure consumers that they are safe from future harm or reestablish the reputation or goodwill that has been established over the life of the business. Small businesses simply are unable to recover as well as a company such as Apple or Twitter.

What if you are hacked?

So, what if you come into work or even when you wake up and see many notifications on your business social media account? Most business owners would be excited until they realize the notifications are complaints and comments that the business has been hacked. Luckily, there are a few steps to take when your business has fallen victim to a social media hack (if you want to see the full list and explanation for each topic, you can see them here).

- Lockdown all social media accounts and change the passwords.

- Examine your social media accounts to determine what has been breached, including messages sent and any unauthorized posts.

- Check the devices that have access to the business social media accounts for malware or viruses.

- Make a public statement, once you have determined the hacker no longer has access to your social media account.

- Take the steps below, if not already in place.

How to reduce the chance of being hacked

If you have not been a victim of a social media hack, it is not a matter of if there will be an attempted hack but rather when it will happen. As such, small business owners must take precautions to minimize the risk as much as possible to ward off potential hackers. There is not a 100% safety net when it comes to security from attempted cyber-attacks, but these steps will minimize your risk and keep your hard-earned goodwill and reputation safe.

- Maintain strong passwords

A considerable vulnerability for hacking into any type of account is weak passwords. For the Marvel fans out there, they know using "password" as your password is bound to create problems. Also, it is essential not to reuse passwords for different accounts. Luckily, there are some free and paid options to create and maintain secure passwords. This password generator is free to use and includes various possibilities to create your own strong password ranging from passwords that are 16 characters long to passwords over 2000 characters. Also, there are paid programs that create and save complex passwords on mobile apps such as 1Password. And lastly, it is essential to change your passwords often to reduce the risk of using compromised passwords.

- Two-factor authentication

Using two-factor authentication requires any new log-in from an unrecognized device to enter a pin sent to the owner's phone or email. This method, while simple, offers excellent protection, adding another layer needed for hackers to penetrate accounts or change passwords.

- Train your Employees

Training employees is vital to maintaining secure social media accounts. No amount of precautions taken will be useful if employees are compromised and give out passwords or fall victim to malicious links. Proper and regular security training sessions for employees can be one of the most effective security procedures and should not be overlooked.

- Regularly check your social media accounts

One of the surest ways to see if you've been hacked is to maintain oversight over the posts and the communications the business social media account is making. Proper supervision will minimize the risk of long-term unauthorized actions and allow the owner to take swift action to mitigate the potential damage from the unauthorized account posting and messaging. If you want to see more ways to secure your social media accounts, you can view this link.

Still too daunting?

Even if you don't feel comfortable or are worried about the possibility of being hacked, some companies manage or monitor your social media accounts 24 hours a day and can do so without knowing your log-in information for business social media accounts. One example is the social media management platform Hootsuite. Here are a few options that they provide:

- Social media monitoring allowing small business owners to stay ahead of threats and receive alerts when there are suspicious conversations about your product or services.

- Notifications if there are malicious links posted on your accounts, scams that are targeting your customers, and fraudulent accounts that are impersonating your brand.

- Screening of all social media posts on your accounts to make sure they are compliant with your social media policy.

Take Away

The possibility of being hacked is never something small business owners wish for themselves, yet it's imperative to take action to combat any would-be hackers. Even though small business owners lack the capital to implement security procedures like Apple, taking strides towards protecting the account can be just as useful. Don't fall victim to losing control over your social media account and take action to maintain your hard-earned goodwill and reputation. Good luck!

--- Are you interested in launching or sustaining a pandemic proof small business? Spot issues, take action, stay safe, and thrive in a post Covid-19 world with Legalucy. Learn more at

Your interaction with Legalucy and does not create an attorney client relationship. We provide information for your reference only. Such information should not and cannot be construed as legal advice. For more information, please contact


bottom of page