Best practices for securing your Business Center
It's important to secure your TikTok Business Center as it grants full control over your business on TikTok, including modifying or deleting the business, and adding or removing people from the member list. Admins can edit and manage all members and assets, so pay careful attention to who gets admin access.
Tips for managing admin access
Carefully control who has admin access to your Business Center.
Limit Admin Access: Reduce the number of admins on both the Business Center and all ad accounts. Have at least 2+ Business Center Admins to avoid loss of access.
Validate Admins: Ensure all Business Center admin users are valid and under the client's control (e.g., Email, Phone, Authenticator Account, Linked Google Account, Linked TikTok Account).
Invite Company Members Only: Only invite members of your own company to the Business Center.
Tips for managing your password
Enforce strong and unique password policies for all admin users.
Strong Passwords: Request that all admin users have strong/complex passwords that are not used on other websites or apps, or shared among coworkers. A strong password is at least 6-20 characters, combining numbers, letters, and special characters.
Unique Passwords: Use a different password for each of the important accounts and update them regularly.
Tips for enhanced account security measures
Implement additional security measures to protect your Business Center.
2-Step Verification: Enhance security by requesting all members to turn on 2-step verification. Learn more about 2-step verification for Business Center.
Email Domain Allowlist: Enable Email Domain Allowlist to restrict access to specific domains. Learn more about how to create an email domain allowlist in Business Center.
HTTP Vigilance: Be vigilant towards HTTP URLs, suspicious emails, and suspicious calls.
Tips for account reviews and account monitoring
Regularly review and monitor access and activities within your Business Center.
Review Access: Regularly review who has access to your TikTok Business Center.
Check for Unauthorized Changes: Monitor for any unauthorized changes in the Business Center.
Remove Inactive Users: Remove inactive users to maintain security.
Minimum Access: Grant the minimum access needed for each user to perform their job functions. Learn how to adjust roles in Business Center.
Review Related Accounts: Review related Business Center and Creator Marketplace accounts.
Tips for taking extra security measures
Leverage TikTok's built-in security measures to protect your Business Center.
Invitation Warnings: TikTok for Business has measures in place that will warn you, require additional verification, or may directly intercept when inviting other members, ad accounts, or assigning admin permissions.
Confirm Invitations: Ensure all invitations under the Business Center are valid and sent by authorized individuals.
Validate Members and Partners: Ensure all Business Center members and partners are valid; remove invalid users and partner Business Centers as soon as possible.
What to do if your account is compromised
If your account is compromised, we'll suspend your account to secure and prevent further compromised access. After conducting an investigation, we'll notify you about the results and actions you may take to regain control of your account, as well as process reimbursements for any charges that resulted from unauthorized activity. In the meantime, we highly recommend that you take all relevant steps to further protect your account.
Managed clients: If you suspect that your account is compromised, you should contact your Account Manager immediately.
Unmanaged clients: If you suspect that your account is compromised, you should contact customer support immediately.
For additional information on how to protect your accounts, please review our best practices for securing your TikTok for Business account.