Why do you need to protect your Instagram account?

Well put it this way: what would you do if you woke up tomorrow and your Instagram account was gone? If just reading that made your stomach drop, take a deep breath and give me 10 minutes of your time because this article is your essential guide to protecting your Instagram account from being hacked. And before you mentally file this under “I’ll get to it tomorrow,” stop and think: how would you feel if your account got compromised tonight, knowing you could have prevented it?

Every week, I hear from panicked small business owners who’ve lost access to their Instagram accounts, desperate for help to get them back. Trust me, you don’t want to be one of them. While it is possible to recover a hacked account (and I’ve written about that too in What to do if your Instagram is hacked), your best bet is to make sure it never happens in the first place. So, let’s make prevention a priority. In this article, I’ll walk you through the essential steps you need to take today to secure your Instagram — and I can’t thank our small business supporters, Dell Technologies and McAfee, enough for helping keep our community safe.

Instagram is so much more than a platform to small businesses

Like so many of your businesses, Holly & Co was built on Instagram. For us, it gives people a window into our world, from the beautiful products and free small business advice we offer, to our podcasts, campaigns and everything in between. Instagram is often where we share it all… Yet, it’s so much more than just a feed of what we do. It’s how I check in with you every day, a space where we can have heartfelt conversations and get to know each other on a deeper level, building connections and sharing this remarkable journey. Over the years, I’ve had a few heart-stopping moments where I thought I’d lost my personal account or our Holly & Co one. Years of hard work and dedication, gone in an instant. It’s a feeling of sheer panic that I wouldn’t wish on anyone. So what can we do to protect it?

Instagram hacking is on the rise

The truth is, cyber attacks against small businesses are on the rise, with more than a third (35%) experiencing a cyber incident in 2024 alone. So, whilst it’s easy to think, “Hackers only go after the big guys,” that’s not actually the case. In fact, small businesses are often seen as easy targets because cybercriminals assume we don’t have the same security measures as larger companies. You don’t have to feel powerless though — there are simple steps you can take today to secure your Instagram account and give yourself some peace of mind. Let’s make sure your business stays safe and sound.

Here’s how to keep your Instagram secure

Here are the 8 key tips I need to share…

1. Use a strong, unique password

It sounds simple, but using a strong password is the first line of defense. Your password should be at least 16 characters long, combining uppercase and lowercase letters, numbers and special symbols. It should also be different to other passwords you use (and yes, I know that if you’re a woman of a certain age, remembering these is no mean feat but it IS important). Avoid using personal information, like your name or birthday, no matter how tempting, because these are things hackers can easily guess or discover. It’s recommended to change it at least every three months (and when Instagram prompts you to). Never share your passwords either.

Top tip: Use a password manager to generate and store your passwords securely. It’s a practical way to avoid reusing passwords across accounts.

2. Enable two-factor authentication (2FA)

Two-factor authentication adds an extra layer of security by requiring a code in addition to your password. You can set it up via:

• Authenticator apps: Use apps like Google Authenticator for a time-based one-time password (TOTP — which doesn’t only stand for Top of the Pops apparently!)

• SMS text: Get a code sent to your phone

• WhatsApp: Some countries allow WhatsApp to receive security codes

Even if a hacker gets your password, they still need access to your phone to log in which makes it much less likely to happen.

3. Keep your contact information updated

Make sure your phone number and the email address associated with your Instagram account are always kept up-to-date. This helps Instagram contact you if your account is compromised and it can also help speed up the recovery process. Imagine someone stole your credit card but you hadn’t updated your details and had moved. You would alert the credit card company, they would freeze your account and then send you a replacement card in the post — but it would end up at the wrong address. You just know it’s going to take a lot longer to sort it out in that instance. It's easier to just keep it updated.

How to check: Go to your profile, tap the menu icon, select ‘Settings and Privacy’ then ‘Accounts Centre’ and then update your details under ‘Personal Details’ if you need to.

4. Monitor your third-party apps

Always be cautious about linking third-party apps to your Instagram and never share your login information with any app you don’t trust. Over time, some apps may become outdated or compromised. They might also get hacked which puts your account at risk so this is best avoided.

How to check: Go to ‘Settings’ then ‘Security’ and select ‘Apps and Websites’ to view and manage connected apps. Revoke access to any you don’t recognise.

5. Be aware of phishing attempts

For anyone who doesn't know, phishing is a scam where cybercriminals trick you into clicking a malicious link or into giving away personal information (and it’s becoming more common). Scammers often impersonate Instagram and send fake messages claiming your account is at risk. Always check the sender’s details before clicking on any links. Legitimate communication from Instagram will be listed in the ‘Emails From Instagram’ tab within your settings so it’s wise to check there first. If it’s not there, it might well be a scam!

6. Set up login alerts

Login alerts notify you when your account is accessed from an unrecognised device. Enable this feature to stay ahead of potential threats.

How to set this up: Go to ‘Settings and Privacy’, select ‘Accounts Centre’ then ‘Login Alerts’ and choose how you want to receive notifications.

7. Avoid public WiFi

Public WiFi networks (like the ones that often pop up in cafes or airports) can be a hacker’s playground. These networks are often unsecured, making it relatively easy for cybercriminals to intercept your data — including your Instagram login details. If you need to access your account while you’re on the go, use your mobile data instead. It’s generally more secure because it’s encrypted and less susceptible to hacking. If using mobile data is not an option, consider using a VPN (Virtual Private Network) to keep your account secure. A VPN creates a secure, encrypted connection between your device and the internet, protecting your information from prying eyes. By prioritising secure connections, you significantly reduce the risk of your Instagram account being compromised.

8. Don’t rely solely on Instagram

If losing your Instagram account could effectively shut down your business, it’s time to diversify! Start building up your mailing list, consider creating your first website if you haven’t already got one, and ensure you have the contact details of your best customers and suppliers. If anything happens, you’ll be incredibly glad that you stored them elsewhere too. This really doesn’t take long and it might mean the difference between survival as a business or not, so don’t add it to the ‘one for later’ list!

How to protect your Instagram: key takeaways…

1. With Instagram hacking, prevention is better than a cure:

Get your social media security in order before it’s too late. Take action today.

1. Protect your Instagram passwords to avoid hacking:

Strong, unique passwords and regular password changes will help. Never share them with anyone.

1. Don’t click on suspicious links:

Be cautious of fake messages, emails and collaborations. Take a breath. Don’t rush to click on that link — and I wish you every success.