Having your business FB account stolen can cause unnecessary losses to you personally and to your business. The National Institute of Standards and Technology has information that can help at https://www.nist.gov/itl/smallbusinesscyber.
They provide free planning guides, tutorials on cybersecurity basics, and steps to recover if you have been hacked.
Password policies were constructed more out of popular politics and fan-fic than technical realities. The most relevant factor is the length of the password, and forcing people to create password abominations that they have no hope of remembering does not make a password secure, it puts the password on a post-it note stuck to the computer screen where anyone can read it!
Because it is hard to think up a good password (must have one capital letter, one lowercase letter, a number, a special character, ten previously unknown prime numbers, two artifacts from the lost ark, a list of fruit you ate yesterday, and …. you get the idea) people reuse their password on more than one web site, and hacking one web site lets the bad actor find the password using a simple rainbow table. Then the bad guy has your password to all those web sites.
There is a better way, and that is by using a security key that you keep on your key chain with your house keys instead.
We use YubiKey 5 Series and FIDO2 keys as our preferred 2FA or MFA methods. At this time there is no way to hack a YubiKey, since the code changes every time the key is used and security does not rely on things which can be intercepted by bad actors such as passwords or codes sent in SMS text messages or email. Even if your overly adventurous salesperson clicks a trojan link and logs in to your sales website the hacker still can’t get access because they do not have that YubiKey.
The most secure tomorrow is one without passwords.
Check out https://www.yubico.com/ for their wide assortment of security keys and training materials
Note: YubiCo does not pay us – we just like their stuff. We think you will like their stuff too.