As an agency, you’re often managing the accounts of clients for a range of software and platforms such as social media profiles, email marketing tools, or files in cloud storage.
Important data such as passwords and customer information are all a necessary part of being able to deliver work for clients, and managing who within your team has access to this data is a challenge in itself. Not only for security reasons, but plain and simple workflow as well.
You probably have a system in place for this already; maybe a shared document or excel file, written down in your phone somewhere, or you may already be advanced enough to use some sort of password manager. Although none of these is necessarily secure on their own, they do help with getting the job done on some level.
What we want to do is show you a couple of tools to help you tackle two birds with one stone;
A way to manage all those passwords across your team and multiple devices so everyone can get on with their work, and the way to do this securely so you avoid cyber-attacks which are never fun. Also, we’re not lawyers but we’re pretty sure there’ll be some sort of liability risk with these attacks as well.
The two tools are a password manager called ‘Keeper’. Combined with a two-factor authentication system using Yubikey.
There are a few password managers out there and they all have their pros and cons. The reason we recommend Keeper for agencies is a combination of pricing (it’s one of the cheaper options out there) while being both simple to use and reliable.
“Why read when you can watch”
Passwords aren’t the only thing you can secure in Keeper. Keeper can also protect your sensitive files, documents, digital certificates, private keys, photos and videos in a highly- secure, encrypted digital vault, with the ability to create a vault for each employee. Cool stuff.
Two-factor (or multi-factor) authentication is becoming a requirement across more and more websites and apps. SMS is the most common though least secure, going through to authentication apps, then hardware-based authentication which is the most secure. We have done a short guide on how to implement this here.
The Yubikey is a hardware-based authentication based on physical security keys and is the best way to lock down your accounts while remaining agile at the same time. The reason why these are so good is that they are not susceptible to being bypassed (like an MFA app would be if your phone got hacked) and they are super reliable. Security benefits aside, in the context of an agency, the combination of Keeper and Yubikey means that you can manage access and security for multiple employees and devices. Something not so easy to do or even available with other less secure authentication methods;
- Smartphones aren’t 100% safe and can contain vulnerabilities
- Authenticator apps have been known to have vulnerabilities and weaknesses too
- People’s smartphones have been known to have been cloned (like when they go to China) and that means the cloned phone has the same 6 digit token as the original.
Implementing these two tools should be doable in a couple of hours for a small to midsize team and is well worth it for the workflow benefits alone, let alone the security and liability risks that get tackled. For those who can’t be stuffed just get us to do it, it’s easier.