Secure Your Accounts and Save Your Business
The agency-client relationship is a sacred one. It requires a great deal of trust and communication. When you hire a digital marketing agency, you are putting a portion of your business in someone else’s hands. But, let me ask you this: Would you give an agency the keys to your business and not have a set of keys for yourself? That’s exactly what you’re doing when you don’t have control over your own digital accounts and passwords.
If you don’t know how to access your own accounts, or even what accounts are in your company’s name, you have given away the keys to your kingdom. This is not a risk that you should be taking.
What's The Worst That Could Happen?
What happens if something goes wrong between you and the agency or even an employee who has unfettered access to your accounts? U.K. music retailer HMV found out the hard way when an employee live-tweeted a mass layoff meeting on the company’s official account @HMVtweets.
"We're tweeting live from HR where we're all being fired! Exciting!!" the employee tweeted to HMV's 62,000 followers.
The social media administrators are often the only ones in a company who have account logins and passwords, which gives them a great deal of power over the business. The HMV employee used that power to tweet a play-by-play of the company’s “mass execution” of employees. Tweets included a swipe at the marketing director (who wasn’t fired) as he was trying to figure out how to “shut down Twitter.”
Company access to the account was finally regained, and the employee’s tweets were deleted, but not before screen grabs of the debacle were making their way through the twittosphere. There are many examples of tweets gone awry, whether by accident or intent. Do you know how to secure your account if something goes wrong?
Eight Steps to Protect Your Company’s Digital Accounts
You can take a number of precautions to protect your company’s digital accounts. The first step is to make a record of what accounts you have. To get you started, we created a Digital Account Tracker, which is available for download at the bottom of this post.
This step-by-step list will take you through the process of making sure your digital accounts are secure:
- Use our digital account worksheet or open a blank Excel file
- Make a list of all of the digital marketing and social media accounts that are in your business’s name
- Ask your agency and employees if they have set up any accounts for your business and add those accounts to the list
- Secure the rights to your digital profile by registering your company/brand for any social platform you are not currently using
- Record the current passwords for all accounts
- Record the names of all persons and agencies who have access to each of the accounts. Some accounts will allow you to assign multiple users (i.e. Facebook Business Manager), while others will use one primary login to share among multiple users (i.e. Instagram)
- Create new passwords and visit each account to update logins, passwords, and users
- Log all changes in your spreadsheet (try to avoid keeping passwords in your spreadsheet and rely on a secure, shared password management system for this)
These additional safety precautions can help you protect your digital assets:
Create STRONG passwords. You might be surprised how many people use “password123” to secure access to even their most important data. Password security company SplashData releases an annual survey of commonly used passwords and "123456" and "password" topped the list again in 2018.
Knowing the risk of hacking has not dissuaded people from making bad password practices. Make good choices when it comes to protecting your accounts, even if it means spending a little extra time accessing them.
It’s entirely possible that your passwords are already floating out there in cyberspace. Data breaches happen regularly, and logins and passwords are shared on the web among hackers. You can find out if your account is at risk by visiting sites like Pwned, which tracks these events. But the most important thing you can do is to create strong passwords and regularly update them.
Consider these recommendations when you create passwords:
- When creating a password, make it eight characters or more (12 or more is ideal)
- Use letters, numbers, and symbols
- Do not use identifiable information, such as your name, address, phone number, or birthdate as any part of your password
- Avoid using common words
- When possible, set up two-factor authentication that requires you to submit a code (sent to you via mobile or email) in order to log in
- Add a recovery option, if available, to reclaim your account in case you can’t log in or someone has taken over the account
Do not reuse passwords. It's understandable why people use the same password, or derivations of the same password, on multiple accounts. Remembering multiple passwords, especially long ones, is difficult. Plus, different sites have different password requirements. Some require eight characters, while others require 12. Some sites ask that you use characters, as well as numbers and letters, while other sites do not allow special characters. Use a different password for every account. Do not use the same password twice. Reusing passwords means that when one of your passwords is exposed in a data breach, multiple accounts are at risk.
Use a password manager. Sign up for a password management system, like LastPass, to generate strong passwords for each account and to manage users. A password manager can be accessed locally or via the Cloud, and it allows you to store your passwords and require verification to access them. That's a lot safer than storing your passwords in an Excel sheet in your office or on your company's shared network drive.
By using a shared password manager, you can:
- Generate passwords as long and as complicated as you want (without having the remember them)
- Store all of your passwords in an encrypted file
- Quickly share an account password with authorized parties
- Use the password manager to easily sign in to your accounts
- Share your vault across multiple devices and update your password on all devices when you change it on any one device
Own your own domains. Do not let an agency buy domain names for you or hold them in an account that does not belong to you. You can give your agency account access to your domain name registry, but you should always be the one purchasing and controlling your domain name(s). Allowing your agency to own your domain name means that you have given them ownership of your brand.
Simplify by creating one email address for your accounts. For instance, you could create an email address for firstname.lastname@example.org and use it for all of your digital marketing efforts. Alternatively, you could create a couple of emails for related accounts – like using email@example.com for all of your social accounts and firstname.lastname@example.org for all of your Google accounts. Those accounts can have one username and login, but your IT department should forward incoming messages to multiple stakeholders (designated employees, agency reps, etc.), to ensure no individual has complete control over accounts. REMEMBER: Do NOT use the same password for each account.
No matter how much you trust your digital agency or your employees, at the end of the day, securing your digital accounts is imperative to protecting your company and your brand.
Download our Digital Account Tracker and start securing your accounts today!