Enterprise password management: unlocked!

h

By in Cyber-Security
On October 17, 2019

Browse
Enterprise password management

Sign up to our newsletter

We’ve all heard the stories of ex-employees going rogue on social media accounts. Jared O’Mara, a UK member of parliament (MP), found out the risks to his cost when an employee dramatically resigned by tweet. The employee used the MP’s own Twitter account (which he had access to) to accuse him of having “a vile, inexcusable contempt for the people who voted you in.” Ouch.

Enterprise Password Management - Jared OMaraFor that reason, many companies have robust enterprise password management systems in place to remove social media access when employees leave. However, when a PR or marketing agency and client relationship comes to an end, you don’t see anywhere near the same level of due diligence. How do I know? Well, over the years, I’ve been left with access to lots of former clients’ social and other platforms that I definitely shouldn’t have. And what’s more, so have many of my colleagues.

What typically happens is the PR agency and client part ways and access doesn’t get switched off. ‘Surely it’s up to the agency to switch off access?’ I hear you cry. Well, yes, if the agency can control admin access, then they should switch it off as part of the handover process. It’s where the agency doesn’t have this level of control that it becomes more of a grey area.

Now, not all agencies are built equally and I’ll be the first to admit that mistakes happen agency side. But in my experience, many of the big issues happen on the client side, where they control admin access. What typically happens is admin access or password management is controlled some someone junior in the in-house marketing or PR team. For whatever reason – other priorities or people leaving etc. – it falls through the cracks. While a departing PR / marketing agency should remind the client that they still have passwords or login access, the truth is they aren’t going to bust a gut to keep reminding them. If the agency doesn’t have the authority, the responsibility sits squarely with the client.

You might argue, ‘what’s the big deal anyway?’ Agencies and their employees aren’t likely to trash former clients or go rogue on client platforms, even if the relationship ends badly. For one, it’s not exactly the best advertisement for an agency if you are willing to go ape sh%t over a former client’s LinkedIn feed. While that’s undoubtedly true, lax password management does pose other issues. Many agencies go onto work with competing brands and it’s not beyond the realms of possibility that a PR agency could stumble over a notification or engagement that gives insight into content strategy.

It’s not just enterprise password management around social media platforms that’s the problem either. A quick straw poll of friends and (ex)colleagues for this blog, revealed that most had had access to platforms – like Google Analytics, pay per click, marketing automation, CMS software or wiki pages – long after the relationship finished. One ex-colleague told me they still had access to the compliance system of ex-client even though they now worked for a direct competitor. If they want to (they don’t), they could check every piece of content and the competitor’s edits for the last few years.

Surely that’s market intelligence that needs to be kept safe? I can’t think of many cases where an organisation would be happy to leave open details like spend, content plans and marketing strategy open for all to see. What’s more, it leaves organisations open to security hacks. If the data of the third-party agency is hacked and passwords are comprised, it makes it much harder for IT teams to stem the source of the data. It’s the type of thing that I think trade bodies like the Chartered Institute of Marketing (CIM), Chartered Institute of Public Relations (CIPR) or Public Relations Consultancy Association (PRCA) should be talking up to build awareness and action. Except very little is ever done. It’s like a dirty little secret that the industry knows about, but is happy to let continue – until of course, it all goes wrong.

So what’s the answer? Well, it isn’t to switch off access to agencies or third-parties entirely. Having access to the likes of Google Analytics and marketing automation platforms is vital for both agencies and the client to understand metrics like the performance of content or the best channels to place content. It just requires more care on both sides to manage this access.

PR measurement: linking ROI and vanity metrics

Suggested Post

PR measurement: linking ROI and vanity metrics

The idea for this blog stems from a recent LinkedIn post written by Steve Loynes, Global Demand Communications Director at...

Read More

Here are a few tips for client-side teams when it comes to enterprise password management:

So avoid nasty surprises and become password happy. Yes, enterprise password management isn’t exciting but it could save you a lot of hassle in the long-run.

To find out more about our PR and marketing services, drop us a line at hello@rlyl.com or visit our Contact Us page.

Sign up to our newsletter
Back to Blog

Related Posts