As a business owner, your online accounts are a huge part of keeping things moving. They help you manage your brand, connect with customers, and maintain your marketing efforts, not to mention bookings, sales, and more.
Having outdated or unnecessary connections to these accounts is more than just a potential inconvenience to your workflow; it can also pose significant risks to your security and business integrity.
Let’s dive into why it’s crucial to periodically review your account access and how you can protect yourself by keeping connections up-to-date.
Why Outdated Connections Are a Digital Safety Risk
Old connections, or users linked to your accounts, might seem harmless at first, an organizational hindrance at most, but they can quickly become a threat to business’ digital safety.
“Timely access removal is one of the most overlooked yet critical cybersecurity controls. When employees, contractors, or vendors retain unnecessary access, they can—intentionally or unintentionally—become security risks. A disgruntled former employee may abuse their access, or an attacker could compromise an old account with outdated credentials. The key to minimizing this risk is enforcing the principle of least privilege: only granting users the minimum access they need and promptly revoking it when it’s no longer required. Proactive access management isn’t just a best practice—it’s essential for protecting your business, your data, and your reputation.” – Christina Hartman, Banshee Cybersecurity
Some of the potential risks include:
Account Mismanagement
When outdated users retain access, they might make changes to settings, post content, or access sensitive data without your knowledge. This can disrupt operations and even lead to irreversible damage to your brand’s reputation if something goes wrong. Without clear ownership and updated roles, your account’s stability and security could be jeopardized.
At most, this is a serious threat to your brand, at the least, it is annoying to clean up.
What you can do about it: Review active users role levels regularly and have a standardized off-boarding procedure for team members and vendors.
Lack of Control
Keeping unnecessary users connected can lead to confusion about who owns or manages key accounts, causing quite the headache for you and any current employees in admin roles. When multiple unnecessary users remain connected, it becomes challenging to pinpoint who is responsible for specific changes or actions.
Not only does this create confusion and reduce your ability to hold people accountable, but you may come to find that you are locked out of an account entirely. Whether it’s a two-factor authentication point of contact that never got switched over, or a password that was changed and forgotten by a team member that has since left, this is a big concern.
What you can do about it: Use a standardized login email and phone number for all accounts that is owned and managed by the business. If you don’t want to use your own cell phone, a forwarding service like Google Voice could be used to forward calls and text messages. Use different passwords for every account and use a password keeping service to manage who has access, following standard cybersecurity best practices.
The potential consequences go beyond this, though.
Compromised Security and Data Breaches
Outdated connections and lingering access to your accounts create significant security risks. Weak or reused passwords from someone with access can lead to breaches, potentially exposing critical business or customer information. These risks aren’t only posed by malicious hackers, though. Data breaches can be caused by well-meaning former team members, freelancers, or agencies who still have access to your systems.
Even without taking any direct action, their outdated credentials or unsafe browsing habits could unintentionally expose your accounts to vulnerabilities. Worse, if their own accounts are compromised and they are hacked, your business could face severe consequences. Say that they still have login info stored online or their old, weak passwords to your accounts have never been updated. In these situations, you could be at high risk even if you were not originally being targeted.
These breaches don’t just threaten your operations, such as digital advertising or customer interactions, but could also result in violations of privacy regulations and costly legal repercussions.
What you can do about it: Talk to your team about safety and security. Provide cybersecurity training regularly. Review your systems and setup with a professional and put safeguards in place, including a response plan should the worse happen. Review your insurance policies and understand what hypothetical situations are covered and what you could be liable for.
Damage to Your Reputation
Lastly, having unmanaged connections damages your reputation. If a security breach occurs or your accounts are misused, customers and clients may lose trust in your business and personal brand. Something as seemingly basic as off-brand posts or misleading comments can quickly cause your audience to doubt you. Repairing such damage is time-consuming and costly, making prevention all the more critical.
What you can do: Be proactive and take preventative measures.
Taking proactive steps to manage these connections ensures that you remain in control of your accounts while minimizing security risks.
Why We Prioritize Delegated Access for Cybersecurity
Delegated access — [the ability to] share access to accounts with other people or service providers, but without having to share passwords or other secure information. Often this means additional logins are created and associated with the same account or online profile and can even utilize different user levels to grant various levels of permissions and authority over the account.
Example of Delegated Access: Meta Facebook Business Pages can be managed by individuals or agencies and at different levels of authority.
Example of no Delegated Access: Instagram Business Profiles* have one login.
*Technically they can be connected to the Meta Facebook Business page and Threads which just further complicates the access.
Unlike some freelancers or agencies that rely on your login credentials for full access into accounts, we prefer delegated access whenever possible. This approach ensures:
- Client Ownership: You stay in full control of your accounts at all times.
- Transparency: Delegated access allows us to log in as ourselves, not as you, providing clear accountability.
- Flexibility: If you ever choose to make a change or part ways, there’s no hassle with account recovery or removing admin access because you’re always in full control.
Our philosophy is simple: We believe your accounts should remain yours even as we work with you to help manage them.
How to Disconnect Old Users and Protect Your Digital Advertising
Let’s talk about how to work with marketing agencies, freelancers, and your own internal team to keep everyone’s access up-to-date as needed for your operations.
An important step in any offboarding process is to check which accounts a team member may have had access to so that you can promptly adjust these things while still in contact with them.
It is much easier to have someone sign out or transfer access while you’re going through other housekeeping items like final invoices, feedback, and anything else you may do at the end of a contract. Otherwise, you might have to spend some extra time removing these users or recovering your accounts down the road.
Below are links and instructions to help you safely update or remove outdated connections from common platforms:
- GoDaddy: Remove delegated access
- Facebook: Remove users or partners
- Instagram: This requires a password change or remove users via Meta.
- LinkedIn: Remove user/admin
- X (formerly Twitter): Update by changing your password.
- Threads: This account is tied to Instagram, and any password changes will apply.
- TikTok: Remove admin or change your password.
- Mailchimp: Remove admin or change your password.
- Constant Contact: Remove admin or change your password.
- MailerLite: Remove admin or change your password.
- Klaviyo: Remove an admin.
- AirTable: Manage admins.
- WordPress: Be cautious, do not remove your main admin! Guide to manage users.
- Square: Remove or manage authorized representatives.
- Shopify: Manage users, revoke device permissions, deactivate a user, or transfer store ownership.
- DropBox: Change admin permissions or remove a user.
- Google Drive: Remove Google Workspace admin privileges.
- Google Business Profile: Remove owners and managers.
- Google Analytics: Remove or edit users and user groups.
- Google Search: Remove Google Workspace admin privileges.
- Google Ads: Manage access to your Google Ads account.
- Buffer:Remove a user from your organization.
For other platforms, the best steps to follow are often similar.
When in doubt:
- Review active users
- Remove unnecessary roles
- Update your password
Easy Steps for Regular Cybersecurity Maintenance
Performing regular security reviews of your accounts is essential for protecting your business. Consider setting a quarterly or semi-annual reminder to:
- Review all active connections.
- Remove outdated users or permissions.
- Update passwords as needed.
This practice not only keeps your accounts secure but also ensures that you remain in control of your online presence.
Final Thoughts on Digital Safety
Your online accounts are valuable assets. By taking the time to manage access proactively, you can avoid risks, maintain control, and ensure the continued success of your business. Whether you’re a past client or simply looking for ways to secure your digital presence, we’re here to help.
If you have any questions or need assistance disconnecting outdated connections, don’t hesitate to reach out!
