Every so often, a story surfaces of a nefarious actor gaining access to a Facebook Business Manager account and running ads for an unrelated product or to a click farm. Usually, they are able to spend thousands of dollars and max out any and all credit cards associated with the account before the ads are paused and the cards are cancelled.
A majority of the time, this is caused by a digital team member simply giving access to the wrong person. Facebook’s 2-factor authentication works well against individual accounts being accessed, but unfortunately, it does not prevent user error.
The Challenges of Maintaining User Permissions
One way to reduce risk is to reduce the number of users with access high enough to provide credentials to those who should not be in your account. Sounds easy, right? Managing user permissions can be more complicated for a number of reasons.
Of course, you want your team members to have permissions high enough to do their job effectively and efficiently. But over time, team members may gain higher levels of access when they may only need to do one or two tasks at a higher level. Sometimes it’s just easier to grant permanent Admin rights (we’ve all been there).
Additionally, you must remove user access when a member of your team no longer needs it, perhaps due to a change in roles or companies. With ‘The Great Resignation’ underway as workforce dynamics shift, a record number of employees are leaving their jobs or careers altogether. Permissions should be updated quickly to reflect users’ departure. But auditing the permissions of your entire account can be time consuming and sometimes takes a back burner to the priorities of managing your campaigns.
Prevent Your Account from Being Compromised with MarinOne
There’s an easier way to solve the issues that come along with account user management.
With MarinOne, only one member of your team needs access to Facebook Business Manager, and the rest of your team would only need access to the Marin platform. By reducing the number of team members with Facebook access, the chance of permissions being granted to the wrong person is lowered significantly. Users can still build, manage, and report on Facebook campaigns to drive performance on your ad spend without the risk of opening your account to a hack.
MarinOne’s rules engine lets you set parameters to pause campaigns when there is a dramatic increase in spend and will also send you an email alert to notify you of the change immediately. By setting up these guardrails, you’ll be notified of a security breach in real time and be able to shut down your campaigns before your account is drained.
Finally, removing users in MarinOne only takes two clicks in an easy-to-navigate account configuration menu. So, as team members transition in and out of your organization and new users gain access to sensitive Facebook data, you can easily stay on top of permissions to keep your account secure.
Now more than ever, it is crucial to keep permissions limited to those who genuinely need access levels, and it’s just as important to make sure those who no longer should have access are removed. MarinOne’s security features ensure that those who never should have access to your account have fewer avenues to gain permission.
Click here to learn more about connecting your Facebook account to MarinOne.