Keep Your Church Social Media Accounts Secure | Bart Blair

Bart Blair: [00:00:04] Have you ever had one of your church’s social media accounts hacked? I mean, have you had a bad actor gain access to your account and do things with it that you wish they weren’t doing? My name is Bart Blair, and I’m the co-host of the Missional Marketing Podcast. This is season three Episode forty-one of our show, and today’s episode is just a quick one-shot discussion about how to keep your social media accounts safe.

Bart Blair: [00:00:29] This is something that plagues everyone, if you’ve ever had your account hacked, one of your social accounts hacked, you know that it is an incredible hassle to get it unhacked, and to get all of your access back, and to get all of your privileges restored, it is a huge hassle.

Bart Blair: [00:00:44] I had this happen to me a couple of years ago at my last church, I was the senior pastor and I also oversaw all of the communications and all of the marketing. And I had one morning that I got up and I discovered that someone had been running ads on my account and had charged like $1,500, it had actually literally come right out of my bank account. Okay? So I got into my social media account, I shut down everything that I saw that was running, I disconnected that bank account from the payment methods, I did everything that I could, and then I left and I went to the gym for about an hour. And when I came home from the gym, I got back online and I discovered that whoever it was that had been running those ads had discovered that I’d turned them off and turned them back on. And in that next hour, I had about $2,500 worth of charges for ads on this social media platform charged to a credit card for another ministry that my church ministry was connected to. I mean, it was a disaster, I was having to make phone calls, and we were having to get credit cards canceled, it was the biggest hassle. And I’ll be honest with you, here I am three years later, and I still don’t have complete access or all of my privileges restored on that particular account, and I don’t know if I ever will. So I thought I would put together a quick-shot podcast episode that might save you from some of the hassles that I experienced.

Bart Blair: [00:02:07] Now, if you have already experienced this, boy, I’d love to hear from you. In fact, if you’re watching this on our YouTube channel, leave us a comment, and share your experience in the comments below. I’d love to know what your experience has been in this. And if you’ve got contacts or you got people on the different social media platforms that might be able to help someone who’s struggling with one of these particular issues, then please share your comments in the feedback.

Bart Blair: [00:02:32] Hey, we produce this podcast to help your church grow by leveraging digital marketing and effective communications, and you can’t be effective if you don’t have access to your accounts or if bad people are doing bad things with your account. So I hope that this episode is helpful for you. And I should probably remind you before I get into the content, that if you’re not subscribed, wherever you listen to your favorite podcast, make sure that you subscribe. And if you’re on the YouTube channel, both hit the subscribe button and ring the bell so that you get notified about future episodes.

Bart Blair: [00:03:01] Okay, so today this is going to be a quick shot, one-off episode, and I’m going to share a few tips with you to help keep your social media accounts, your church’s social media accounts secure and safe from the bad people in the world that want to do bad things on your social media platforms.

Bart Blair: [00:03:17] All right, here we go. Here’s point number one, the first thing that I want you to do is audit the list of people who have access to the account and make sure it’s up to date. You know, in churches, we can sometimes have a tendency to give access to certain people, maybe they’re volunteers, maybe they’re staff members, sometimes people change roles in the church and they no longer need access, or maybe people leave the church or leave the staff. You’ve got to make sure that it is always up to date. And you know what? If you see names and accounts connected to your account for people that you don’t know, kick them off. If there is a legitimate reason for them to be there, they’ll come back and they’ll ask for the access again. But if you don’t know the name, if you don’t recognize the name, make sure that you give them the boot. Now, from time to time at Missional Marketing, we are listed on your account, so don’t give us the boot if you see that it’s one of the people on the mission marketing team, give us a call before you kick us off, because oftentimes we’re using, obviously your account to run ads for your church if you happen to be one of our church partners. So audit that list of people who have access to your account and remove anybody that doesn’t absolutely need access to the account. The fewer people who have access, the less likely the hack. The more people who have access to the account, the more likely you are to get your account hacked.

Bart Blair: [00:04:33] Now, here’s another thing that you ought to make sure that you do when you’re reviewing the staff members or the volunteers in your church who have access, always make sure that there is an administrative team leader who has full access. You may have a social media manager, you may have some social media volunteers, you may have multiple people on the staff that have account access, but you need one administrative person on your team, maybe it’s a person who never does anything in social media, but they show up to the office five days a week and they’re there for 40 hours a week and they’re always going to be able to be contacted if there’s ever an issue, make sure that that person has an administrative manager or owner access to that account. In fact, what we would often say is that the owner account of your social media accounts, this isn’t possible on all platforms, but for those that it is possible, make sure that the owner or at least a top-level admin is not necessarily a person, but a general church email that is controlled by the church, so that there’s always somebody who can access that singular email account.

Bart Blair: [00:05:40] This is always a source of frustration for churches, especially in churches that might be, I see this often in larger churches where the attrition level on staff tends to be a little higher, and so you might have people who’ve either moved into different roles in the church or maybe even moved on to different churches working in different staff teams, or you’ve got somebody who hasn’t been a part of the church for three years and they’re the owner of your Facebook or your Instagram account, that is a hassle. So try to utilize whenever possible, kind of a generic church email account that has access to those accounts.

Bart Blair: [00:06:14] Here’s the second thing that I want to point out, that was the first thing, audit the list of people who have access to the account and make sure only those that need it actually have access to it, the second thing that I want to encourage you to do is to enable two-factor authorization for your personal accounts. Okay? So if you are the communications director, communications volunteer, or the staff person at your church who has access, you want to make sure that you have two-factor authorization for all of your personal accounts. Because if your personal account gets hacked and you have access to the church accounts or other business accounts, then whoever hacks your account gets access to all of those other accounts. Okay? And I would say that it’s not a bad idea to require everyone who has access to your church’s social media accounts to also have two-factor authentication so that if they get hacked, or at least if you minimize the chances that they get hacked on their personal accounts, it minimizes the opportunity for someone to get into your church socials.

Bart Blair: [00:07:14] Now, this brings up another topic altogether, it’s still part of the same bullet point, which is you should have all of your employees and your volunteers who have access to your church social accounts sign an agreement for use of those social accounts. Okay? It’s not just talking about behavior or things that they might post or, you know, what they’re doing on social, but it actually should include security protocols. And there are people that are a lot smarter than I am that can help you kind of determine what those security protocols are. But hey, if you’re going to give access to an individual in your church, whether they be on staff or a volunteer, you should just require in writing that they have two-factor authentication for all of their own personal social accounts, because if their personal account gets hacked, then the church account is vulnerable. Okay? So that’s something that I would look at. You can probably Google that, or maybe you can have ChatGPT write you a social media volunteer staff use agreement that includes security protocols. Okay? Do something like that, I’m sure you can come up with something. But you want to educate your team, both staff and volunteers who have access to those accounts on what they need to do to keep their own account secure, which ultimately keeps your church account secure. Okay, So that’s the second point, ensure that you’re using two-factor authentication for your personal accounts.

Bart Blair: [00:08:39] Now, here’s the one which I think is really maybe the biggest game changer for everything, this is what I discovered in my own personal accounts. This is my third point and my final point, you need to limit the number of third-party plug-ins that you use on your phone that have access to your accounts. Okay? This was something that caught me off guard. I had a lot of apps on my phone, some of which I was actively using, some of which I was not, that somewhere in the settings I had given those apps access to Facebook or Instagram or LinkedIn or Twitter. And again, if those apps get hacked, it gives that person, that bad actor, access to all of your other accounts. Now, I’m going to include in this episode’s show notes, whether that’s on our website at marketing.com or on the YouTube channel, a link to each one of those primary social accounts that I just mentioned Facebook, Instagram, LinkedIn, Twitter, I’m not sure if Snapchat or if TikTok have this available, again, you can probably Google it and find out, but you can actually go into your settings for those social accounts that I just mentioned. There’s a specific link that I’ll provide for you, and when you click it, it’ll actually show all of the apps that have access to your social media accounts. And what I discovered when I went through this exercise, is that I had like apps that I had installed like 3 or 4 phones ago that still had access to these social media accounts. And that, to me just looks like a bad situation waiting to happen, right? I don’t have those phones anymore, there are apps on those phones. I mean, who knows where the phone is, it’s long gone by now, but don’t even really even remember what some of those apps were. And that’s the part that was really remarkable to me, I had installed an app for like maybe five minutes and tried it out and just never uninstalled it. But when it was installed, it had access to all of my social accounts or some of my social accounts. So I thought that that was something worth mentioning here, and again, look in the show notes of this podcast episode and you will see a link to each of those platforms. You can click on it, and it’ll show you what apps have access to your social accounts and keep it to a minimum if that app doesn’t absolutely need access to your social account, then revoke it, and remove it. Again, it’s one less window of opportunity for a bad actor to get access to your personal account, which will ultimately give them access to your church account.

Bart Blair: [00:11:15] Okay, so quick review of the three points here, three best practices to keep your social accounts secure. Number one, audit the list of people who have access to your account and make sure that only people who absolutely need access to the account have access to the account. Number two, require two-factor authentication for anyone who has access to your church accounts for all of their social accounts. And number three, limit the number of third-party plug-ins that you have on your phone that utilize or have access to your social accounts. And again, this should probably be part of the security protocols that you have with all of your team members who have access to your social accounts.

Bart Blair: [00:11:58] Well, I hope that this episode has been helpful for you. We’ve had a lot of people ask questions about this lately. And again, I know from firsthand experience that it is not just inconvenient, it’s the kind of thing that can keep you up late at night when you know you’ve got a problem with one of your accounts that’s been hacked and you can’t get it back. So again, I’ll look for your feedback, we’d love to hear back from you. Leave us a note, leave us a rating, and review if you’re finding this content helpful. And until our next episode, my name is Bart Blair, and we appreciate you. God bless.