Get Your Online Accounts In Order - Part 2
Previously, we talked about why it is important to get control over your online accounts, tie them down under one extremely secure email address, and store all of your unique, complex passwords in a password manager. Now let’s talk about how to gain control over your online footprint as a business or organization.
Poor Online Account Hygiene is a Nightmare for Businesses
Let’s say you had an employee helping with your organization’s marketing, and they set up a Facebook page and a Google My Business profile. Everything done on Facebook has to be done through a Facebook account, so they did it through their own personal Facebook account. For Google, maybe they used their work email address, or maybe they set up a totally separate free Google account tied to a new Gmail account.
You see the problem, right?
There are so many variables, and most of them aren’t something your business can control in the end. If that employee leaves, you don’t have access to your company’s Facebook page, and you likely don’t have access to the Google My Business profile. If that person gets hit by a bus, or simply leaves on bad terms, or decides to move to a swamp off the grid, getting access to those accounts will be very difficult.
You might think “Hey, I’ll just make a new Google My Business account, or a new Facebook page. I’m starting from scratch but I wasn’t all that focused on it before anyway!”
Here’s the thing: if you do that, now there are two listings on Facebook. When people go to look for you, some will follow the new page, and others will follow the old page. For Google My Business, you’ll have two listings—an accurate one, and an older, inaccurate one. You’ll be making a mess for yourself that’s even harder to clean up.
If you read the first part of this series about gaining control over your personal accounts, you’ll know we couldn’t stress enough to have everything tied to one account. You want things to be simple, clean, and organized. Careful documentation and security are key here.
For your business, access control is equally as important. Your business needs to control all of its online assets.
I encourage you to read the first part mentioned above, as we really think it’s a good idea to get into the habit of getting your house in order before you move on to your business, especially with how some elements of your organization’s online footprint will correlate with some of the business owner’s personal accounts.
Document Absolutely Everything
Before we talk about some of the specifics, it’s critical that you don’t rely on the old noggin’ for this stuff. Everything needs to be written down and clearly labeled. This will make auditing easier, and keep all of your ducks in a row.
It’s also important to remember that you shouldn’t document passwords in an insecure fashion. Don’t put passwords in a spreadsheet or Word document. Don’t write them out on a sticky note. The only safe place to store passwords is a Password Management System. In our previous blog, we used Keeper as our example.
Keeper has incredible features geared towards businesses, and is the ideal solution for managing passwords across your company, and sharing account access to the individual users who need it.
At Directive, we’ve helped several organizations get set up with Keeper, and it makes life so much easier and more secure. We highly recommend you reach out to us if your organization doesn’t have a password management system you can rely on.
Securing Your Online Presence
Let’s start with the most challenging accounts first. These are undoubtedly going to be social media and a few other online accounts geared towards marketing.
Why do these tend to be the most challenging?
Because most business owners don’t secure them in the first place.
We’ve found that, for most companies, most of these types of accounts are usually generated by an employee or third-party marketer. This employee is usually doing the best they can, but they aren’t really thinking about the long-term security and longevity of the account.
Your Google Account Should Be Your Central Hub
In our first part, we talked a little bit about how the email address that governs all of your accounts should be something that’s really easy to manage, really secure, and not tied to your domain name. I’m going to explain that last part in a little more detail, because it’s usually more relevant for businesses.
As a business, you likely own your own domain name for your website, and with that, you can also set up email addresses at that domain. If your business website is at GregsReallyGoodTravelAgency.com, then it’s pretty natural to also have email addresses, so your email might be something like email@example.com. If you don’t have emails like this set up, definitely reach out to us, because it’s much more professional to have custom email addresses on your business card as opposed to having an AOL, Yahoo, Outlook, or Gmail account for your personal contact info.
With all that said, you wouldn’t want firstname.lastname@example.org to be that email that rules over everything, because it simply can’t—not completely and securely. You wouldn’t want your domain registrar account managed through an email address tied to a domain on that registrar account. This sounds overly complicated, so let me break it down.
If you registered your gregsreallygoodtravelagency.com domain through, say, GoDaddy (or any of the other domain registrars), and you tie your GoDaddy account to email@example.com, your entire online footprint is 100% controlled by one single entity. This doesn’t sound so bad, but historically it’s been proven to be a nightmare.
In 2014, a man lost access to his Twitter account because he had it tied to his email address for his domain registered through GoDaddy. It’s a complex situation where, essentially, a GoDaddy employee dropped the ball. It just proves that you need to be really careful and cognizant about how your information is controlled. In our last blog, we recommended using a Gmail account as your primary email address to manage everything. There’s still a chance that Google could get hacked and that your Gmail account could become compromised and a hacker could gain access to everything, but there are far fewer weak points in the armor compared to using an email address that is dished out to you by the same company that manages your domain and email hosting, while still being tied to that very same email account.
Look at it like this—you are asking a hungry lion to guard a big juicy hamburger for you.
Establish a Gmail account, and walk through every single step to lock it down and protect it, and audit it every few months. Google offers a lot when it comes to security, so take advantage of it all. This includes the following:
- A strong, complex, unique password
- Enable two-step verification
- Write down, label, and safely store the 10 backup verification codes Google provides while setting up two-step verification.
- Set up recovery phone and recovery emails
- Schedule yourself to review this information every 6 months
That Google account will be everything. It should cover your Google Analytics, Search Console, YouTube, and Google My Business account. It should be the email you use for your organization’s Twitter account. Your domain name and web hosting account can be tied to this account too. It should manage virtually any other account regarding your business’ online presence.
You might decide not to put all of your eggs in one basket, and this is perfectly fine. After all, you likely have a lot of vendors that you need to manage and keep accounts for as well, and you might want that to go to a billing inbox.
For example, Greg might have firstname.lastname@example.org. This email address is used specifically for vendors, subscription renewals, and minor accounts outside of your web presence. Maybe you have some subscriptions to some WordPress plugins, or subscribe to your line of business app through this email. That’s okay, but again, any email that handles accounts like this needs to be secured. As always, everything needs to be clearly documented and audited regularly.
I can’t stress this enough, though—that main Gmail account is, technically, what secures your domain and hosting, so it all stems back to that one main account being carefully guarded!
The Weird Outlier Accounts—Social Media
Some accounts are designed to be more personal than others.
Take LinkedIn for example. Your LinkedIn profile is a personal account. If you create a company profile on LinkedIn, it’s tied to your personal account. You log into your personal account to manage it, and your personal account is publicly attached as an employee to the company. That’s just how it works, and that will really be up to the business owner or some other trusted executive to manage.
The same goes for your Facebook page. You technically can create a public Facebook page without using a personal account, but it’s typically much more limited, and you still need to attach personal users to it in order to manage it. As a business owner, this means you should have a Facebook account, and you should create the page through that account so you are the owner. You can always grant other Facebook users access to the page, either giving them the ability to edit it or fully take over, but you’ll want it tied through your account.
These are rare cases where you might not be using that centralized Gmail account to manage and control everything. If you use LinkedIn and Facebook personally, you probably don’t want them tied to an email account that you are sharing with another employee (or employees). In that case, just make sure whatever personal email you’ve created these accounts for is, again, carefully secured.
Managing Your Organization’s Accounts, Email, and Vendors is Complex!
If this feels like a lot, we totally understand. There are a lot of moving parts and we don’t expect everyone to be an expert on cybersecurity best practices. That said, if you have any questions, or need help securing your business, your email, or just want to discuss how we can help make the modern technology you use every day work better for your business, don’t hesitate to reach out to Directive at 607.433.2200.