If you set up the right processes and systems for password sharing, you’ll never have to waste time worrying about password management. Read on to learn about password strategies that will let you get back to working on your core business.
Identify who needs access. Of course your employees will need access to certain passwords, but it’s also likely that outside vendors may also need to get in to certain accounts, as well. Does your bookkeeper need access to your credit card account? Does your marketing consultant need access to your Twitter account? Make a list of everyone who will need access to your company’s passwords and then dole out password information accordingly.
Identify password access groups. Once you’ve identified everyone who will need access, figure out how you can organize those team members into different password access groups. For example, your technical team likely won’t need access to the same passwords as your marketing team. Here are a few common groups we see small businesses using:
- Administrative: Admins and office manager types need access to accounts like Staples, Amazon, hotels, and airlines.
- Finance: Bookkeepers and accountants need access to accounts like your commercial bank, credit cards, and payroll system.
- Marketing: Your internal team, consultants, and/or agency will need access to accounts like Twitter, Facebook, Hootsuite, Mailchimp, GoDaddy, and any Content Management Systems (CMS) you or your clients use.
If you set up these groups in an app like TeamPassword, it will be easy to make sure that the appropriate people—and only the appropriate people—have access to the passwords they need.
Update your hiring procedures. You likely already have a process for hiring people that includes collecting tax paperwork and inputting information into payroll. We suggest you add one more step—including the new hire into the appropriate password groups in your password management app. This way, the new hire will never be held up waiting for someone to give them the password for a site they need to do their job.
Update your termination procedures. No one likes to think that an employee isn’t going to work out, but let’s be realistic. It’s important to be prepared for when someone leaves (or is asked to leave). You don’t want an unhappy ex-employee to have full access to your bank accounts, social media, or any sensitive company information. Even if an employee left your company amicably, you should remove them from your TeamPassword account to minimize risk. If an ex-employee has poor password management habits, they could jeopardize your company without doing anything malicious. If one of their accounts gets hacked, your password security (and thus bank accounts, credit cards, and reputation) could be in danger.
Don’t forget about the all too important consultants and vendors! When you begin working with a vendor or consultant, don’t forget to add them to the appropriate password groups. And, of course, if you stop working with a consultant or vendor, you should treat it just like an employee termination, and remove access to your passwords.
Double check your work on a regular basis. People are, well, human, and we all make mistakes from time to time. You should set a regular schedule, perhaps once a quarter, to sign in and review your password groups. First, make sure the users on your account are current. Second, review the groups to which your users are assigned. For example, if Joe changed from an administrative assistant to a marketing role, he would likely no longer need the password for your Amazon account. Plus, regular check-ins will help make sure no one accidentally gave your tech intern access to all of your banking passwords.
We created TeamPassword to help people manage their team’s passwords the right way. If you follow this simple system, you can say goodbye to shared Google documents, outdated Excel spreadsheets, and password security breaches. Give it a try!