How Coalition Keeps Client Credentials Secure

Coalition Technologies’ Best Practices for Password Security 

Remote workers have been around for a while, but during the COVID-19 pandemic their ranks swelled as quarantines swept across the globe. With the advent of expanded internet accessibility, people everywhere are opting to work remotely.  About 45% of US medium-to-large businesses moved to a remote work model during the pandemic and that trend seems to be continuing, with 44% of people now electing to work remotely full-time.

Reduced infrastructure enhances flexibility, as well as freeing resources formerly invested in a centralized, physical workspace. At Coalition Technologies, we’ve chosen the nimbleness of a talented remote team that is supported by advanced, proprietary software. There are always caveats, however. Going forward with a fully-remote workforce necessitates a heavier emphasis on our cybersecurity and password best practices.

We collaborate with team members and clients all over the world. So, how do we do that, while stringently following password security best practices? That’s what we’re going to talk about in this blog.

The Challenge

As Coalition Technologies has grown, we’ve assembled an outstanding team of diverse creatives, analysts, and strategists, collaborating every day with an equally diverse group of clients all over the world.

All of these people meet in cyberspace, where we communicate, plan, and carry out campaigns for our clients. We’re sharing files, information, and access to online tools, like the client’s Google Analytics. And because we develop websites, we need access to that login information too, as well as social media, and email accounts.

Many passwords are shared within our company to facilitate efficient and accurate work for our clients. To be effective, we need to obtain and safely store client credentials and closely adhere to password security best practices. This is a monumental responsibility, considering that compromised credentials are the leading cause of data breaches. Now, multiply that responsibility by almost 300 clients and you’ve got thousands of passwords to protect.

As Coalition Technologies has grown, we’ve developed our password security policy to address the retention of this sensitive information.  With password security best practices in place, we’ve been able to confidently ensure the security of sensitive client information.

The Solution

Screenshot showing requirement to request access to sensitive client credentials

With the majority of data breaches tied to passwords, it’s obvious that security is a priority. That knowledge prompted us to invest in a solution. As a remote-first business that predates the pandemic, we were able to leverage our experience toward implementing best practices to bolster password security.

Part of that effort is multi-factor authentication, which is used by all of our team members to log into client accounts. But the true jewel in our password security policy crown is our internally developed software, ScoreTask. Offering more robust security than Google Docs/Sheets, ScoreTask is a solution that eliminates the problems associated with maintaining passwords in spreadsheets.

Each New User a Risk

It’s certainly true that Google Docs/Sheets is one secure way to retain sensitive information like passwords than a standard spreadsheet. But that’s where the security ends. The problems start to increase with the addition of new staff and the departure of outgoing staff. Password security best practices doesn’t really address the issue of multiple people knowing the private information.

Keeping your passwords in Google Docs/Sheets means creating a different sheet for every account you have. That can get very tedious, ultimately exposing you to the twin evils of human error and malicious opportunism.

An Administrative Nightmare

Again, multiply keeping a different Google Doc/Sheet for every client by almost 300. Granting a variety of security levels to team members and updating access with member arrivals and departures takes time and effort. That time and effort might be spent more fruitfully elsewhere with a better system in place. And that’s exactly what we at Coalition Technologies recognized.

Our point here is simple: the password security best practices we have implemented are convenient for users, efficient, and reliably robust. Because Coalition has done what was required to safeguard the credentials of our clients, we now have an ironclad system in place, facilitated by our in-house software, ScoreTask. We invested in this solution because we take the security of client credentials very seriously. With this password security policy in place, our clients know that their sensitive information is safe with us.

About Team Member Access to ScoreTask

Screenshot showing sensitivity level of client credentials

ScoreTask is part project management tool, containing all client copy moving through the implementation process, and part password vault. This solution grants access on a limited basis, adding only those team members who require access to what’s stored in our secure ScoreTask vault. This makes ScoreTask the cornerstone of Coalition’s password security best practices.

To gain access to client passwords, the team member must first be assigned to the client.  A request is then made for access, creating a reliable log of everyone who’s viewed the information in the file. In the case of updates, access must be requested again. All requests for password access are logged, so we know exactly who’s viewed the information and when. 

What’s more, access is determined by team member roles. For example, a developer needs access to the client’s WordPress login. Other team members don’t. Limiting access to client credentials reduces the potential for error and abuse. This is a key feature of our password security policy that further protects our clients.

Other Password Security Best Practices

What’s described above is just the beginning of Coalition’s investment in client credential security. All team members regularly perform audits to identify possible vulnerabilities. They also do not share passwords via communication networks like chat or email.

A variety of sensitivity levels are also set that are dependent on the type of client login involved. A small select group, for example, has access to information like client payment data or Shopify administration, which is highly sensitive. Other areas, like SEO research data, have a lower security clearance.

Another layer of security lies in the training our employees receive with respect to password security best practices. Coalition team members submit monthly reports to ensure that the antivirus software on their personal computers is updated and active.

When a team member leaves Coalition Technologies, their access to our system is revoked immediately and passwords are updated. Then, we verify that everything is in order, updated, and secured by forwarding automated emails.

Because of the ever-changing online landscape and the increasing ingenuity of hackers, Coalition Technologies is always seeking to evolve and adapt our systems.  With passwordless authentication surging, we’re watching the development of this innovation, tracking its progress and how it might potentially improve our password security policy. 

Security and Digital Marketing Agencies

two persons in front of a padlock and password illustration

You may be reading this because you’re ready to enlist the services of a digital marketing agency to entrust with your business’s SEO needs. Your first question should address how the agencies you’re considering protect client information. Cybersecurity is a key indicator of professionalism and preparedness for contingencies.

Let’s face it, putting passwords in a spreadsheet or sending them through email or other online messaging systems are red flags. But so is a team that hasn’t been trained to exercise caution in the handling of sensitive client information. 

You can’t meet your goals if your credentials are retained tenuously and vulnerably. You need an agency that bases its principles on your best interests and adheres steadfastly to password security best practices. You need the services of an SEO agency like Coalition Technologies. With a proactive password security policy, we protect your sensitive information like our own.

Moving Your Business Forward, Securely

Coalition Technologies is the digital marketing agency everyone’s talking about. We bring you a comprehensive suite of services that meet all your online marketing needs, from digital marketing to lead generation SEO to web design and development.  Call us for a free marketing strategy review to find out what we can do for your business.

We take web design and SEO seriously and with over 760 case studies and counting, our expertise is clear.  Move your business forward with a leader in online marketing and client credential security.

Related Posts That May Help