Keeping Social Media Accounts Secure

keyboard lock

5 Ways to Secure your Visitor Attractions Facebook & Instagram Accounts

Now more than ever, social media is a core aspect of any visitor attraction marketing strategy.

From theme parks and farm parks, to zoos and museums- if the COVID-19 pandemic has taught us anything, it’s how important our digital channels are for communicating and maintaining a relationship with existing customers, and reaching out to those who may visit us in the future.

From staying front of mind during periods of closure, to broadcasting important updates quickly and brightening dull days with adorable animal news and team insights, social media is crucial.

But as more and more of our customers spend increasing amounts of time learning, absorbing and communicating digitally, there’s been a worrying rise in Facebook and Instagram accounts being stolen and hijacked- by hackers.

At Agility Marketing, we’re firm believers that prevention is better than a cure.

Here’s 5 top tips for keeping your business details safe and your accounts secure.

  1. Use a strong password, and change it regularly

The stronger the password, the harder it is for hackers to crack.

Hackers and their software are great at recognising password patterns, so a strong password should be unique, random and contain a mix of numbers, letters and characters. Google and AVG both recommend passwords are between 12 – 20 characters long.

If that sounds like a lot to remember, why not consider a passphrase? Choose four words unique to you or your visitor attraction and intersperse with modifiers such as additional characters and numbers before combining to make one word.

For example tree spain cat bike light could become tree1@spain7cat8bikelight.

We advise that your attraction changes their business social media passwords at least once every quarter.

2. Don’t use the same password everywhere

It may save time initially, but using the same password for all online accounts at your attraction isn’t wise.

Using the same password across multiple accounts means that if one is compromised, then all of your accounts will be at risk.

McAfee state that 31% of all passwords hacked are due to the same password being used across multiple accounts.

Even if your core password or passphrase is the same, change the numbers and characters within your passwords…and usernames!

3. Keep your passwords secure

It may seem like a good idea to store all of your passwords in Google Drive on your iPad, but what happens if it gets stolen, broken, or even worse- your Google Drive account is compromised?

It’s always worth your zoo, farm park or theme park investing in a secure password management tool. Your chosen tool should safely store your list of usernames and passwords in an encrypted form.

Tech Radar Magazine has tried and tested the latest free and paid for tools. It’s top tools for 2021 are:

1. Dash lane – Best overall password manager

2. NordPass – Capable all-rounder

3. RoboForm – Best for form filling

4. 1Password – Great for families

5. LastPass – Best free version

4. Turn on Two Factor Authentication

If you’ve ever logged into your internet banking and received a message that says ‘we’ll send you a text to your mobile device with a one time only code. Please enter the code here to proceed’, then you’ve encountered Two Factor Authentication.

2FA is a security feature that provides an extra layer of protection in addition to your password.

If you don’t set this up, and a hacker gains access to the email account of your visitor attraction, they could reset the passwords and lock you and your team out of all of your social media accounts.

Whilst 2FA has been around since 1986, it’s received a publicity burst for 2021, with Facebook, Google and even Uber reminding and encouraging users to add the extra layer of protection to their accounts to safeguard them.

And it couldn’t be easier. Facebook no longer requires a mobile phone number to set up 2FA on its accounts, which in the past has proved tricky for zoos, theme parks and farm parks as multiple team members often need access to one account.

Now, each team member can simply download the Google Authenticator app and scan the code in account settings, it’s that easy.

You can find step by step details on how to set up 2FA on your Facebook & Instagram accounts here:

5. Don’t click on suspicious inbox or email messages

We’re all used to identifying suspicious phishing emails. It goes without saying you should never log into Facebook or Instagram by clicking on a direct link from an email your zoo, farm park or theme park received, but there’s a concerning increasing in hackers gaining access to accounts through Facebook Messenger.  

Clicking on suspicious Messenger links can result in hackers hijacking your business account and sending malicious messages to your hard earned followers, such as fake competition links, or phishing for your password by sending you fake links to click on.

If you’re undertaking your daily round of social media responses and see an inbox message or email you are not sure about, don’t click on the message or link and report it to Facebook by following these steps:

So, what should you do if you think you’ve been hacked?

Facebook states the top signs to look out for are:

  • Your email or password have changed
  • Your company name has changed
  • Friend requests have been sent to people you don’t know
  • Messages have been sent that you didn’t write
  • Posts have been made that you didn’t create

Facebook will usually send you notifications too, to let you know there has been a suspicious log in to your account. Regularly check your junk emails in case they have been missed.

If you think you’ve been hacked, ensure you complete the following steps straight away:

Help! I need some support!

If you need help and support to make your passwords safe, audit your social media accounts to ensure they are secure, or advice on how to regain access to your account, we can help.

We recently helped Old MacDonald’s Farm regain access to their Facebook and Instagram account, when they were caught out by hackers…

A massive thank you for giving us the advice regarding our Instagram account. This ultimately got our account back!


If we can help you, contact our digital team at and we will be in touch.

This blog was written by Beth Powell, Senior Project Manager at Agility Marketing, a boutique marketing agency specialising in Digital Marketing for Visitor Attractions.