The security of your website is a key factor in the protection of your business assets, but many companies do not close all the backdoors. While it is common for the webserver to have a firewall and the website code to contain blocks for hackers, are you protecting yourself from the internal dangers?
What of the disgruntled employee, for example, who was recently made redundant? Is his email address still active and does he still have access to it? If he does, could he use this to access parts of your business he should not be looking at?
Google services like Webmaster tools and Analytics require an email address for access, and if your ex-employee used a personal address to access such services, does he still have access after leaving the company? This could be bad if he has gone to a rival company and decides to share the access to such information.
Think, also, about passwords for the server, for accounts on the server, for your content management system, for your company social media accounts etc.
Here are some tips for security checks you may want to do now
- Email accounts – keep a log of all company email accounts. When people leave the company, change the password of their accounts and set up a redirect so their mail goes to someone else who can deal with it, and perhaps send back an auto-notification of the change.
- Content Management System (CMS) – if your website CMS is accessed by multiple people using a single password, change the password when someone leaves the company. Better still, make sure each user has their own password to make life easier in this situation. It’s easier to delete access for one user than to manage everyone at once.
- Social network accounts – If your company has a Twitter, Facebook, YouTube or LinkedIn account that is accessed by multiple users, you should change the password when someone leaves the company. Management of group access is something that should be thought through in advance, to make sure you don’t create problems later on with too many people having access.
- Google Analytics and other group tools – If ex-employees access Analytics, Webmaster tools or other online services on behalf of your company, make sure their access is blocked when they leave the company.
- All passwords could be at risk – anything that requires a password for remote access could be a risk because a disgruntled employee could change passwords for things to stop you getting access to them. Again, access for anything is not something to be taken lightly. You don’t want to be locked out of your own website.
- External suppliers – if you hire designers, programmers or other freelancers to do work that requires them to have access to your server, your CMS or other accounts, consider changing passwords again once they have finished.
- Domain name – Your website and all related services may be secure, but who controls your domain name? Many companies have no idea where the domain was registered, who is the legal owner or how to manage where the domain points. If you don’t know this, find out now before you do anything else.