fbRecently, we got a phone call from a company who; after terminating an employee, discovered that he had Admin access on their Facebook page. That access allowed him to remove all the other administrators on their Facebook page, change their cover and profile pictures, post rants about him being terminated from the company, and literally hold the Facebook page for this company hostage.

How did this happen? Could it happen to me?

The answers are simple – not being aware of what the security levels on the Facebook page mean and yes, it could happen to you.

There are six administrative roles on Facebook pages that allow for certain actions to be taken on the page.

Screen Shot 2017-07-27 at 12.51.34 PM

When you grant someone Admin access to the page, they can then grant others Admin access and remove Admin access to other people.

Preventing Page loss or Page hijacking

Sure, you could have employees sign an agreement stating what they can and can’t do, can and can’t say in their administration of your page or that they will not remove you as the page Administrator.  That might give you some legal recourse, but it’s not foolproof.

Best practice advice: Have a key individual within the company (an owner or someone who has a vested interest in the company) be the Administrator and not grant Admin access to individual employees. By doing this, Administrators can undo changes or remove ranting posts on the page. By not doing this, disgruntled employees can hijack your Facebook page and getting control back can be a daunting task.

Having employees actively participate in your social media marketing can be beneficial but be cautious of what they can do. Add employees with permissions set to “Editors” or below (refer to the attached chart).

If you need help understanding page roles and to learn if your Facebook page is at risk, contact us – we would be happy to take a look and give you some sound advice.