This blog is all about managing (and pre-empting) the bad things that people can do and how to keep the critical aspects of your business safe. By people, I’m talking about suppliers, service providers, contractors or staff (or even the public). How would your business go if you lost your website, or social media profiles, or you couldn’t get into your Xero or MYOB files? These and more are covered.
Some of the horror stories I’ve experienced in my 3+ decades of helping Aussie businesses and business coaching and strategic marketing include:
- Website person (or host) hijacking the website because the business owner wanted to move to another service provider. “If I can’t have your business, you can’t have your website!”.
- Accountant who would not hand back the business’ Xero file, once they discovered the business had engaged a new accountant.
- Bookkeeper who refused to hand back business documentation because she was terminated.
- Domain name lapsing because the person who purchased went out of business and the actual true owner didn’t know the bill hadn’t been paid.
These are just some examples and I must reiterate, that in all instances (bar the last) the person had been paid for their services. They were advised, their final invoice (or wage) paid and then they behaved like a child in the worst possible way. It goes beyond unethical!
So, following are 15 tips and I really encourage you to read these, as a lot of these strategies are preventative in nature. The old mantra comes to mind: “plan for the worse, hope for the best”.
Tips to Keep Your Business Safe
1. Stop Being so Trusting
I know this sounds awful and it’s sad, but that is where it’s come to. Some staff steal from their employers (whatever happened to the expression that “you don’t bite the hand that feeds you”?!) and some professionals act atrociously. I should say now that this is some – it’s not all, it’s not even half, it’s a small number who spoil it for everyone. However, when you start a business relationship, everything is rosy and you often cannot tell how toxic things can become later. Never give anyone your primary login or bank access. This goes beyond cyber security; it’s sensibility.
2. Screen People
Screen people or contractors before you get them on board – I recommend people a lot, but only those I trust and have worked with for some time. Do your due diligence about the person, check out their testimonials, even Google them and see if there are any complaints or issues.
3. Read the Fine Print!
Read their contract thoroughly and go thru the fine print with a fine-tooth comb. Get advice! Please, never sign anything without reading it thoroughly first and ensuring you fully understand it. This is smart business, yet so often, there is too much trust and this step gets skipped. Sometimes that’s because the person doesn’t feel they understand legal jargon or thinks they can’t afford a solicitor, but can you afford to make a critical mistake that could potentially cost a lot?
4. Clarify the Specifics!
If they don’t have a contract or it doesn’t specify, be super clear (in writing) of any requirements you have; ie they don’t hard code your website, or clarify you will still own the site and get them to confirm (in return email) their acceptance and keep a PDF of that email. If you do have to take them to court, then it’s all about documentation, not who said what. Even if you never want to go to court, just having that reference and reminding the person definitely helps.
5. Set your Corporate Policies
Have clear policies for your team (staff or contractors) clear right from day one. For example, that passwords are not to be changed. If they change a password or set up one, you as the business owner should be advised of the new password. Ideally not via email, as email is often unsecured, from a Cyber security perspective, so better to text or use a secure method. If you never wanted the password and then suddenly ask for it, people become suspicious.
6. Have a Small Credit Card
When it comes to some things, you absolutely have to hand over a credit card, but don’t make it the one with a $100K limit – make it one with a minor limit or which is a debit card you just top up.
7. Keep Passwords Secure
Keep all passwords secure and keep a record of who has what. There are some apps who manage passwords; don’t go for a free or cheap one; go for one which is highly secure.
8. Accounting Files
Have your own admin login and set up a secondary for your bookkeeper and /or accountant and then provide them with their own login, not your main admin one. Same goes for all your staff.
9. Website Logins
You should have the logins to your website at all times; even if someone else is creating it, or working on it for you. This is your site and it’s critical you have control.
10. Domain Name
I recommend that you buy your own. This way you own it, control it and pay it. I knew of a business who was with a website development business which closed down. Because the website company closed, they stopped paying the renewals and this client almost lost their website.
11. Facebook, Instagram or LinkedIn
With all social media profiles, protect your password and never share login information. Ensure that your password is strong. Set up two-factor authentication and don’t accept friend requests from people you don’t know.
12. Photos
Photos are priceless. Whether it’s your wedding, baby photos or old family shots, if you lose them, you may lose them permanently. Backups are great, plus sharing with members of your family (essentially acts as a backup) as well as backing them up to an external drive. If you lose your backup method, or your computer dies, it would be a shame if all your memories became history – literally.
13. Xero or MYOB File
Again, keep your Administrator password to yourself and invite others in on their own logins, so you have overall control of your file. You can invite your accountant, sales team, bookkeeper, staff and each can be given specific access to certain things (or not to some things).
14. GMB
Your Google My Business profile can be very valuable to you. It will help with your SEO, and as importantly, customers and clients coming to use your products and services. However, fake reviews (including competitors trying to knock you down) can cause problems. Reach out to me as I’ve some strong steps on what to do should this occur. Again, it comes back to keeping an eye on things.
15. Before you Terminate
IF you’re going to terminate someone, check first you can actually log in to what they access. If not, without giving anything away, say you were trying to login and can’t, get that password. Then change it and ensure they don’t have alternative passwords. Usually, the person with the main admin login can see other logins. Then and only then terminate services. I know it seems ‘mean’ or assuming ‘evil’ but sometimes people take it personally and even the most professional person can on occasion become somewhat unprofessional. When after they’ve left, change all passwords they had access to.
If you need assistance with any of these aspects, or business coaching in general, I’d love to help; just reach out to me here.
