As the saying goes, “An ounce of prevention is worth a pound of cure.” Though the target of this advice was originally our bodies, it holds true for anything we care about, including our digital assets.
If you’ve been around long enough, you’ve no doubt experienced something going wrong online. Recently, my personal Facebook account was hacked and it took me over 5 weeks for Facebook to restore access to me. This inspired me to secure my other digital assets to prevent future hacking and put other systems in place to secure my digital assets.
Whether you are a web developer managing a few dozen websites, a larger agency managing hundreds of campaigns, or running a business all by yourself, you’ll benefit from anticipating what can go wrong and putting infrastructure in place to avoid disasters and mitigate the damage in case your website goes awry.
Avoiding Domain Expirations
One thing I always tell my team is to avoid major mistakes. Letting an active web domain expire is possibly the biggest mistake anyone in charge of a website could make. While we have never let an active domain expire under our watch, most clients rightly prefer to register and manage their own domains. When they let their domains expire by accident, which has happened a handful of times in the 18 years I’ve been building websites, it may not be our fault, but it quickly becomes our problem.
The most common reasons domains expire is they aren’t set to auto review or your form of payment has expired. In both of these cases, domain registration companies, like GoDaddy or Network Solutions, send multiple email and text alerts (if SMS notifications have been set up). However, if you, or the third party receiving the email alerts on your behalf, doesn’t respond to these messages, things can go very wrong. For example, a few years ago, one of our marketing client’s web developer died, and as a result, they lost access to not only the domain name but their hosting and website and had to start from scratch.
Here are some tips to help you from avoiding that fate.
- Record your domain name login and password
- Set up backup access to your domain name by setting up access at least one other trusted party
- Set up to receive text alerts from your domain registrar
- Secure full access to your website. For websites developed on shared platforms like Squarespace or Wix, all you will need an administrator-level login. For websites developed in WordPress, Drupal, or other content management systems, you’ll also need full access to any files, databases, and billing or technical control panels associated with your website.
- Make sure you have administrative level access to any marketing sites or ad platforms, including social media and ad platforms like Google Ads and Facebook ads.
- Be sure Two-factor Authentication (2FA) is set up on all logins that access your marketing sites and ad platforms. While you’re add it, add 2FA to all of your social media site logins, especially if you’ve added credit cards to pay for advertising or charitable campaign donations.
- Keep a record of where you are using your credit cards by keeping a log of everywhere your credit cards are in use. Identify cards by the last four digits. E.g. Facebook Ads 1234.
- When credit cards expire or are compromised, update them on your domain registrar and hosting company sites as soon as you receive an activate replacement card
Do you use other techniques to keep your accounts safe or as part of a business continuity plan? Share them below.