How to Protect Your Business’s Instagram Account


ore and more businesses are now using Instagram as part of a marketing strategy. So, naturally, more and more hackers are targeting this platform. Despite the best efforts of the lawmakers and industry leaders, hackers are still prominent and we’re seeing stories every day of businesses having their accounts hacked. While trying to implement an effective strategy and concentrate on a million and one other things, it’s a sad reality that we also need to keep an eye on security. 

Growing Reality for Small Businesses 

Just recently, there was a heart-wrenching story in the UK about a small business that had its Instagram account hacked. After launching in 1992, English Stamp Company decided to launch on Instagram to raise the profile of the brand. After seven years, the brand had built a following of nearly 30,000 followers and had a great community. 

In 2020, the family-run business received a message from Instagram after suspicious activity was spotted on the account. Almost instantly, this was followed by a message from hackers who threatened to start deleting posts if the team didn’t respond to the message. Like so many other stories, the hackers wanted to blackmail the company into paying money to recover control of the account. However, Instagram actually stepped in and deleted the account entirely. 

The company chose not to pay the ransom, but there was still a punishment for the company after it lost its valuable Instagram account with nearly 30,000 followers. As a small business, this was quickly becoming a lifeline and was set to generate an important percentage of sales during the holiday period.  

Eventually, the story had a happy ending because the account was recovered, and the page now has nearly 38,000 followers. However, this was after lots of stress and emotional turmoil for the family, lost income, and concerns about customer data too. With more businesses and influencers relying on Instagram, this is a sad reality of what small businesses face. 

The Nasty List 

The Nasty List is a trend in the cyber-criminal world and one that has been tormenting businesses for nearly two years. Back in 2019, the first victims fell for this login credential theft tool and plenty have fallen into the same trap since. 

What’s the Nasty List?

Essentially, this is a scam that relies on using compromised accounts to send messages to their friends and followers. For example, an individual might receive a message from their friend’s account telling them that they appear on a list. Out of intrigue, people tap on the link without realizing the ramifications. 

After tapping onto the link, it takes users to a fake Instagram login page. As soon as the user enters their details, they’re swiped and added to a long list of people who fall for scams every single day. Of course, the list doesn’t exist, and the scam relies on people’s intrigue and confusion. The more people enter their details on the fake page, the more the scam grows because the hackers keep gaining access to more accounts. As a business, this is terrible news because it shows the difficulty of avoiding current scams. For those who have already responded to such a message and clicked on a link, you’ll need to change your password (if the hacker hasn’t already altered the email address and phone number linked to the account). 

Recovering Your Account After a Hacking 

If you suspect that your account has been hacked, it’s natural to feel scared and a little exposed. As a business, you probably want to take swift action to not only protect the brand but also all customers. With stories like that of English Stamp Company in the UK, you may fear losing the account that you’ve worked so hard to build. With a recent spate of hackings, Instagram and Facebook do now have measures in place to help users. 

Route #1 - Account Recovery (New) 

We’re going back to 2019 again now because this was when Instagram launched its new account recovery process in an attempt to combat the increase in scams and account issues. If you don’t have access to your business account, you should see a button labeled ‘My login info isn’t working’. Tap this and you’ll need to enter either your phone number or email address. Instagram will then send a code and you’ll need to enter this before confirming. 

Of course, the concern for many will be if a hacker gets access to the code or still has some form of control over the account. To prevent this, Instagram has set up measures to help users. If you’re still having trouble, you can either contact Instagram or use the older account recovery process. 

Route #2 - Account Recovery (Old) 

For some people, they receive an email telling them that their email address has been changed on the account. If you didn’t authorize this change, head into the email and there’s an option to revert the change. If you can’t log into the account because the password has been changed, go to the login page on Instagram and tap ‘Forgot password?’. 

Here, tap ‘Need more help?’ and then ‘Send Login Link’. Fortunately, the process is simple enough and instructions on the screen are easy to follow. At this point, we recommend using an email address that only you can access. Choose the wrong email address and the hacker will still have easy access to your account. 

After sending the request to Instagram, the platform will ask to verify your identity as a security measure. This might seem frustrating, but measures like this help to recover accounts properly. While some people send their original email address for the account, others take a picture with a provided code written on a piece of paper. Once Instagram receives this verification, it will help with account recovery. 

Keeping Your Business’s Instagram Account Secure 

When it comes to security, a proactive approach is always rewarded. Therefore, we’ve listed some of the best ways to keep your account secure before something bad happens (or to keep it safe after a hacking!). 

1. Choose Your Password Carefully 

Choosing your business name as a password might be easy to remember, but it’s weak and simple for hackers to crack. Despite all of the technology in the world, password guessing is still a common technique for cyber-criminals, so bear this in mind. The best way to choose a good password is to follow the advice of Instagram itself; when choosing, read the tips from the platform. This includes using a certain number of characters, including symbols, and adding numbers. 

With regards to passwords, we’re sure you’ve heard it all before. However, it’s best to choose unique passwords for each platform or tool the business uses (you don’t want a hacker accessing everything just because the password is the same for everything you use!). 

2. Manage App Permissions 

When on your Instagram profile on desktop, choose the settings button and in this list is ‘Authorized Apps’. If you’re someone who just clicks the accept button without really reading what it means, this list is probably extensive by now. It might take a while, but we recommend going through the list of authorized apps and removing any suspicious ones. In other words, ones that fail to follow the Terms of Use or Community Guidelines. 

3. Set Up 2FA 

To protect your business, you should have two-factor authentication on all accounts (this includes Instagram!). Essentially, the system is based on the requirement that users logging in will need something they know and something they have. For example, a password and a code sent to a device. You’ll find 2FA in the settings and it’s easy to set up. 

4. Secure Your Email Address 

It is strange, but businesses spend hours protecting all sorts of online accounts without considering their email address. If a hacker accesses your email, they immediately have access to everything else. Again, use 2FA and choose passwords carefully. These days, email providers understand the risks and provide features like email encryption and unwanted login blockers. This being said, we need to meet them in the middle and do everything we can to prevent hacking too. 

5. Be Proactive 

Lastly, we love that you’re reading this article because it means you’re taking a proactive approach to Instagram security. Keep this mindset and you won’t go far wrong. Manage permissions with employees (ex-employees no longer need access to email and other business tools), control the number of devices using business tools, and ensure that employees understand the importance of security for the health of the whole business.