3 Ways to Protect Your Business Resources
What is the password to your website hosting account? Where is your domain name registration managed? Where do you go to create a new email account with your domain? Who has administrative access to your blog?
If you are running a business and don’t know the answers (or how to find the answers) to these questions, then using a few straightforward methods can help. Creating good documentation, delegating access to resources and refreshing your credentials will pay dividends when it comes to protecting your business.
Document
I’ll admit it. Documentation is boring. Very few (if any) people wake up in the morning excited about writing documentation. With that being said, it is important to have centralized, current and secured documentation. Why bother? Having a trustworthy, efficient guide to turn to when you need information will save you time, money and headaches.
When working with my clients, I recommend two simple ways for keeping track of all those accounts, websites, usernames and passwords. The first is a simple guide which can be created using software like Microsoft Word or Google Docs. This document is where you record the services you are using along with instructions on how to access those services. No sensitive data should be recorded in this document.
At a minimum, the guide should contain:
- Name and description of the service
- How your company uses the service
- Website addresses of the service
- General instructions for managing the service
Here are a couple of downloadable templates to help you get started- one for Microsoft Word and another for Google Docs.
Related: 8 Ways to Increase Internet Security While You Work
The second tool I recommend to clients is a good password manager where you save sensitive data such as usernames and passwords. As an aside, please be mindful of how you save, send and retrieve sensitive information such as account passwords. Sending passwords via email or saving them on post-it notes can result in a bad day.
A good password management system will:
- Have multiple ways to encrypt the data using a master password, key file or combination
- Utilize current, strong encryption techniques
- Be user friendly so you will use it and use it often
- Generate strong passwords for new accounts
I use and recommend KeePass but there are plenty of password managers to choose from. You can find a list of some of the most commonly used here.
Remember, documentation is useless if it isn’t current so be vigilant in keeping both your guide and password list up to date.
Delegate
You can’t do it all. At some point, you’ll need to get help with a part of your business. Perhaps you’ll hire a guest writer to post on your blog. Maybe you’ll hire a web developer to build or manage your website.
When the time comes to give someone else access to a business service (web hosting account, blog, shopping cart) remember the principal of least privilege. Only give the minimum access required to do their work. Nothing more. This usually entails creating a new account within a service just for that person or task.
For example, if you have a blog and you hire someone to write articles on a regular basis, create a new account for them. Give the account only the access needed to manage their posts (here’s how to do this in WordPress). Do not give them your password. Doing so would allow them to make changes you might not want. By creating a new, limited account for the user, you can keep your own account information private and manage how and when the other person has access to your blog.
Again, having good documentation is helpful so you know how to grant access and who has access to your resources.
Refresh
When did you last change your passwords? Are you still paying that web hosting company for a service you don’t use? Does the partner you fell out of touch with still have access to your email marketing account?
Now that you have proper documentation, password management and delegation in place, start thinking about when you might need to refresh information. Some services will require you to reset your password every 90 days or so while others might not force you to change it at all. A good practice to get into is to go through your information routinely and update as needed. If once a quarter is too much, try to do it at least twice a year.
Instances where you want to immediately revisit your account information will be:
- Publicized security breaches of services you use
- Cancellation of services
- Purchase of new services
- Hiring of new consultants
- End of a business relationship (good or bad)
By combining the steps of documenting, delegating and refreshing, you will be more knowledgeable on the resources your business relies upon along with how those resources are being managed. Be diligent in all your efforts and stay ahead of the curve.
[latest_posts header=”More on Risk” limit=”” category=”10″]