Running a small business isn’t easy. Running a small industrial manufacturing business is harder yet again.
Challenges are to be expected. But there’s one particular challenge, that could be avoided, with some awareness and a bit of planning.
What is this challenge? It’s maintaining control of and access to your company’s most critical marketing systems. Time and again, I get calls from manufacturing owners who’re in a panic – and it’s often along the lines of the following:
- They need to make changes to their website but they don’t know how to access it. A web developer set it up for them, but the developer moved and they can’t find his/her current contact info. (This actually happened recently!)
- Their website is down, but they can’t address the problem because they have no idea where the site is hosted.
- A consultant set up the company’s Google Analytics account under his/her own name. Since they don’t have Admin access, they can’t do anything, such as add or remove users, or create Goals.
- They’re unable to use their logo on high-resolution printed material because their designer didn’t provide them with a complete set of files.
- They can’t get access to their company Facebook page because it was set up under a staff person’s personal account – and this person has since left the company.
- An employee has been let go with cause, and they need to quickly revoke access to all their marketing accounts – but they don’t know how.
Of course, it’s perfectly understandable (and often necessary) to give others access to your systems. And, as the owner of a business, you’re busy and trying to keep track of marketing-related things, such as website logins, is low on the priority list. I totally get it.
But, you must maintain control when it comes to account ownership and logins because tools such as your website are so crucial to your business.
In a perfect world, the people who set up your systems (whether experienced staff members or outside consultants) should ensure you have this information from the outset. Really, it’s part of their job! But unfortunately, this isn’t a perfect world.
So what can (and should) you do to protect you and your business? The two most important things are to:
- Create a central repository for your company’s critical information
- Assign appropriate access for each system
Create a Central Repository for Critical Information
The best practice is to keep all of your most critical pieces of information (such as logins and passwords) in a secure, central area.
What does this look like in practice? Some business owners keep their logins and passwords in a notebook. Others keep it in a Word doc. But either are hardly ideal solutions: one, because neither solution is secure, and two, it feeds the terrible habit of using the same password (or slight variations of it) for all account logins.
Using the same password (or variations thereof) make it easy to hack logins.
By far the best solution is a password management tool, such as 1Password or LastPass. These tools require you to create one strong master password, which then gives you access to all your other passwords.
All of the information you enter is encrypted and decrypted at the device level for greater security. You can even add two-factor verification if you choose.
Because these tools work with your browser, you don’t have to key in your passwords each time – which removes any disincentive from creating strong, unique passwords.
In addition, you can use these tools to store more than just logins and passwords. You can also enter your banking information, answers to security questions, or any other confidential information.
Assign Appropriate System Access
Once you have a central repository in place, you want to turn your attention to system access. Unfortunately, it’s common practice for smaller companies to have one login and password for each system (website, email newsletter, etc.), with everyone using the same login!
This set up is risky. Not only does it give everyone the same level of access, it also eliminates audit trails. Who changed that newsletter article? Who deleted that page on the website? You can’t tell because everyone is sharing the same login.
A much better approach is to give everyone their own login and then assign the appropriate level of access.
The highest access level (often called “admin” access), gives people ultimate control over the account. The admin can add, edit, delete, view billing info, delete the account, the whole shebang. As the business owner, you need to have this kind of access – and maybe one other trusted person.
In addition, you should be the account “owner.” In other words, the account should be set up in your name, with your contact information. It should NOT be set up in the name of your website designer or marketing consultant, even if they set up the account on your behalf.
As the account “admin,” you can assign access to staff members or consultants. The best practice is to only assign the minimum amount of access they require to do what they need to do.
Often, this will be a “user” level, but some systems will have multiple levels you can choose from. But again, the rule is to only allow the minimum level of access needed.
The Next Step: What to Put in Your Repository
Setting up a secure central repository of critical information is important – but it doesn’t count for much if you don’t put the right information in it.
In Part 2 of this post, I’ll walk through exactly what marketing information small business owners need to collect and maintain.