My kids constantly lose things. Books, jackets, homework, etc. Thankfully for password keychains on our home computer, one thing they don’t lose access to is their online entertainment (Netflix anyone?).
If only the same could be said for so many people managing websites and web-based accounts on behalf of their company or organization.
I once had a client who lost the password to a critical web-based tool. They tried everything they could think of to remember the username and password – and then got locked out after too many unsuccessful login attempts. They contacted customer support who helpfully emailed password recovery options to the email address on record when the account went was established.
However, that email address was of an employee who hadn’t worked at the organization in over a year. The email box was gone. No easy password recovery.
That screeching sound you just heard is the brakes being put on all the work they needed to do while the mess got sorted out.
The reality is that in many small companies, a junior marketing person or intern gets tasked with setting up social media accounts or implementing a new marketing tool. They mean well, but don’t have the long term view. So they set up the accounts using their work email address or connect via a social login (e.g. Facebook or Twitter login). Or worse, they use their personal email. Those accounts are now linked directly to that employee.
Or you might find yourself where I did in a previous job – I inherited a marketing situation with up to 45 different tools and logins all set up in a previous employee’s email. You name it, we had it… multiple Twitter profiles, CMS login, Gmail, Help a Reporter Out, Hootsuite, etc. I spent the first two months on the job just getting access and consolidating logins. To make matters worse, some were tied to the employee’s personal email so I had to track the employee down and work with them to get access (he hadn’t worked there in 3 years).
Here’s a cold, hard fact: People leave jobs. Even trusted, valuable, loyal people.
Your webmaster or marketing director who set up Google Analytics, YouTube, Flickr, Facebook, LinkedIn pages and controls your online presence may call you tomorrow to tell you they won the lottery and won’t be coming in (it’s the same as the “got hit by a bus” reasoning but more pleasant to think about). Or you might have layoffs and your HR policy requires you immediately lock a person out of their systems.
This is why internet policy and web governance is critical, and what you can do to keep this happen from you.
Set up a master email address
First, create a generic email box like webmaster @ yourcompany.com. Make sure this is an email address your IT team can get to and can redirect as necessary (if using distribution lists, it can always be a distribution email that goes to 2 or 3 people for redundancy).
Now, go back and audit all your online and social accounts. What’s the primary email associated with those accounts? Quickly change them all to that master email address. If you want to segment access and allow staff access to specific web-based tools, buy additional licenses or set them up as secondary users (the cost of additional licenses is less than losing access to a critical tool).
Also, make sure to add to your internet usage policies that staff may not set-up company accounts for critical business tools under their own email address (either work or personal).
Add key staff to your social media account
Facebook and LinkedIn require you to connect personally to the accounts you want to manage. So you need to make sure that key company staff have accounts on these platforms and they are connected with the appropriate roles on the accounts. Key staff to include would be:
- The owner of the company or executive director (if you are an association or non-profit)
- Your CFO or other top finance official
- IT Director or whoever manages your IT functions
I would recommend making them Admins on the accounts and go over how to use them as well as address any privacy concerns.
Consider a password manager
Just about every bit of work now seems to be done through an online tool. And chances are your team is using the same password over and over just so they can keep them straight and not forget. The problem is these tend to be simple, easy to guess passwords which offer little security.
Enter my favorite tool – a password manager such as Team Password, Last Pass or Dash Lane. These tools allow you to add and remove users from your accounts, create secure passwords, have two-factor authentication, and ensure your company’s passwords standards are being met. They are also easy for your staff to use because they can be added as browser extensions and they are up and running in minutes.
It also means that passwords are no longer stored in an unencrypted excel or word file on a shared drive (admit it, you’ve done that.)
As for that client? Everything worked out. Through a friend of a friend they were eventually able to reset that password so they got access and continued their work. But it did stall their work and took a couple of weeks to sort out.
But with some long term thinking and planning, the whole mess could have been avoided