Last week, I was helping a client structure their new project who will have a few involved parties. Who these are is irrelevant. I’m not trying to point fingers at anyone.
What I realized when doing this, is how many agencies are being far too careless with client data. My prime example in web development, is when the agency has a one master account to the website, with a dead simple password.
This presents several security issues.
First and most obvious, it is a dead simple password “for convenience”. Shouldn’t we be the ones advocating good password security?
Second and less obvious is the fact that we don’t actually know who has access. When creating such a structure, these master passwords are often shared between projects (again for convenience), but they are rarely changed.
I’ve seen countless of examples of employees at agencies and consultancies who have quit, but still have access because they know the password.
In the industry, we should be ashamed.
These are just a couple of examples and one scenario, but I see this more and more now. Working on open WiFi with client data being transmitted freely (yes, please do use a VPN) is another big one.
It is hard, because it’s a workflow change. At Bernskiold Media, I’m doing my best to ensure that we have a decent security mindset. While I say this, I know we still have a long way to go.
Frankly though, the industry needs to stop being so lazy and start minding the security and safety of not only the systems we have access to and/or build, but the always confidential data we get access to as well. And this needs to be done yesterday.