What is the password to your website hosting account? Where is your domain name registration managed? Where do you go to create a new email account with your domain? Who has administrative access to your blog?
If you are running your own business and don’t know the answers (or don’t know how to find the answers) to these questions, then using a few straightforward methods can help. Creating good
delegating access to resources and
refreshing your credentials will pay dividends when it comes to protecting your business.
I’ll admit it. Documentation is boring. Very few people wake up in the morning excited about writing documentation. With that being said, it is important to have centralized, current and secured documentation. Why go through all the effort? Having a trustworthy, efficient guide to turn to when you need information will save you time, money and headaches.
When working with my clients, I recommend two simple ways for keeping track of all those accounts, websites, usernames and passwords. The first is a simple guide created using software like MS Word or Google Docs. This document is where you record the services you are using along with instructions on how to access those services. No sensitive data should be recorded in this document.
The guide should contain at a minimum:
- Name and description of the service
- How your company uses the service
- Website addresses of the service
- General instructions for managing the service
The second is a good password manager where you save sensitive data such as usernames and passwords. As an aside, please be mindful of how you save, send and retrieve sensitive information such as account passwords. Sending passwords via email or saving them on post-it notes can result in a bad day. When you are choosing a password manager, the software should:
- Have multiple ways to encrypt the data using a master password, key file or combination
- Utilize current, strong encryption techniques
- Be user friendly so you will use it and use it often
- Generate strong passwords for new accounts
Remember. Documentation is useless if it isn’t current so be vigilant in keeping both your guide and password list up to date.
You can’t do everything yourself. At some point you will need to get help with a part of your business. Perhaps you want to hire a guest writer to post regular articles on your blog. Maybe you need to hire a
web developer to build or
manage your website.
When it becomes necessary to give someone else access to a business service (web hosting account, blog, shopping cart) remember the principal of
least privilege. Only give someone (an account usually) the
minimum access they
require to do their work. Nothing more. This usually entails creating a new account within a service just for that person or task.
For example, if you have a WordPress blog and you have hired someone to write articles on a regular basis, then you should create a new account for them. Within WordPress, you would assign the account the role of Contributor or Author so they can manage their posts. You would not want to give them your own password which might be for the role of Administrator or Super Admin. Doing so would allow them to make changes you might not want. By assigning a user their own account, you can keep your own account information private and manage how and when the other person access your blog.
Again, having good documentation is helpful so you know how to grant access and who has access to your resources.
When did you last change your passwords? Are you still paying web hosting company XYZ for a service you don’t use? Does the partner you fell out of touch with still have access to your email marketing account?
Now that you have proper documentation, password management and delegation in place, start thinking about when you might need to refresh information. Some services will require you to reset your password every 90 days or so while others might not force you to change it at all. A good practice to get into is to go through your information routinely and update as needed. If once a quarter is too much, try at least twice a year.
Instances where you want to immediately revisit your account information will be:
- Publicized security breaches of services you use
- Cancellation of services
- Purchase of new services
- Hiring of new consultants
- End of a business relationship (good or bad)
By combining the steps of documenting, delegating and refreshing, you will be more knowledgeable on the resources your business relies upon along with how those resources are being managed. Be diligent in all your efforts and stay ahead of the curve.