Salaries - Marketing Technologist
Does Marketing Own the Pipeline?

Password Management and Security Done Your Way

Recently I was pulled into an account that was a hot mess of security vulnerabilities, lost logins, expired licenses and reactive security, rather than proactive. This does have a happy ending, but several points came up as I helped them sort through, centralize and secure their basics. 

What was wrong with their digital security:

  1. Google My Business presence was owed by "the guy" who was no longer in the picture. This included: AdWords, YouTube, Analytics, Google Admin console.
  2. All social logins were set up by same guy and passwords had changed.
  3. Website security, theme license, plugin licenses, hosting logins, domain registration - also by "the guy" had to be switched over.
  4. Too many passwords to remember.
  5. All passwords in browser because of "remember me" options on sites. They never thought to choose "not now" or "never for this site."
  6. Browser advanced options saving passwords, all cookies.
  7. Former staff members still listed as being employed according to LinkedIn


What we changed to secure them:

  1. Added LASTPASS for this client. Paid version so they could delegate using shared folders for pieces that had to be shared with other team members. This also cleaned up their browsers.
  2. Changed browser settings to NOT save passwords, and ask for downloads, scripts, etc.
  3. Contacted domain registrar and hosting company to update passwords. Had to prove we had the rights to do this, but that was pretty simple with utility bills and other key information. 
  4. Changed all passwords for hosting login, domain registrar, website admins, secret question answers, PIN
  5. Changed email contacts for all domains - Owner, Technical, Admin. If you have a lot of domains, you need to make sure these are all done. If you've registered domains with more than one company, you need to go through this process for all of these venues.
  6. Reviewed and updated admins for social accounts, including Google Analytics/YouTube/Google My Business presence.
  7. Reviewed email RULES in the Google admin console. There was a tucked away rule to CC the old designer on all emails related to social media - not a simple CC, but something tucked much deeper in the admin that forwarded incoming and outgoing to certain email accounts.
  8. Apps > GSuite > Mail > Advanced > General and scroll way down... content compliance. This is just one place "rules" can be tucked away. You may have to dig for these more advanced types of things.

What the client learned:

  1. Tools like LastPass offer tutorials, etc. but it comes down to how YOU want to use these tools. We did a training session to brainstorm what would work best for the client, and it definitely didn't match the tutorial, but now he's using it comfortably on his desktop/laptop and phone. 
  2. The client also learned to retain ownership of ALL digital assets and only add in administrators as needed. Sometimes a marketing professional or web developer will insist they can set it all up for you, but when they do that, frequently they are the "owner" and it can prove difficult to wrangle it away from them. It's your company, product, etc. You are paying them. YOU are the owner ALWAYS.
  3. This includes analytics. If they are in charge of their Google My Business presence, they can control admins in there, view Analytics easily to track campaigns and get answers. They were taught to use Analytics like a diary through the annotations feature.
  4. They learned the beauty of allowing someone to add things to a cart for you and then completing the purchase themselves to retain credit card privacy and at that point, changing passwords. Some hosting companies offer a type of "manager" account. These can be clunky with a lot of going back and forth on the rights needed to assist you with regular tasks. You'd have to decide if you want to take the manager approach with your vendor or allow them to login, take care of things and change it out later. My clients are about 10:90 with this. - most just give me the keys to take care of all. I go through to make sure THEY are the main contacts for everything. But 90% of my clients are referral with long relationships.
  5. Giving the client the power to understand the back end of their site gave them relief. They were never told how simple some changes such as navigation order could be. They were stunned at how they could now easily control and add content, edit old content.
  6. Giant helpful item: Keep a diary of sorts of requests made to designers, developers, marketing folks, SEO, campaign managers. What did you ask them to do and WHY on which date? This helps you with this checklist when you need to lock someone out, lock it down and review your methods. If they have a help-ticket system, they have something like this, but you need to keep track, too. Otherwise, it's more difficult to remember logic at the time. This is also where Google Analytics annotations can help. At least you can add some sort of quick note on a day you requested something. You can go back through later. But a true single document kept on Drive or somewhere you can easily edit from anywhere is most handy.


comments powered by Disqus