BLOGs
Business Process Management Software
Published June 05th, 2017 by

5 Essential Steps to Securing Your Assets When Outsourcing Digital Content Work

Digital presence is one of the added demands of starting a new venture today, regardless of the nature of your business. This can include marketing work, such as social media engagement, as well as product development through remote team collaboration.

For many startups, outsourcing part of the work will be necessary in order to maintain an agile organization. This means hiring contractors, consultants or freelancers. After all, you can’t afford to maintain big overhead costs, which will often come with having a big team.

Unfortunately, even with the importance of such digital activities, many organizations forget about the need to ensure a safe and secure digital environment – such a concern can often take a backseat to “more important” activities like product development and sales.

What often gets overlooked is the value of what’s being handled to external parties. Letting others manage your digital assets will entail giving them access to things like website administration and social media accounts. Imagine the power they wield. What they do with your online accounts can make or break your business. Not too many businesses may realize it, but today, this is similar to handing over keys to your home. Perhaps, it’s even in the ballpark of sharing your social security number with someone else.

So how do you protect yourself when delegating access to others? Here are some ideas on how to secure your end when outsourcing digital content work such as social media and web administration:

1 – Have legal cover
It’s always of good practice to have all agreements on paper. Execute all agreements with contractors in writing. Take time to understand the scope, terms, and conditions of all agreements. Some contractors may offer their “standard” contracts for you to sign, but since you’re the client, you should be able to weigh in on the terms. It is critical to be clear with the extent of what contractors can do while doing the work.

Be sure to include clauses on confidentiality and non-disclosure so that all important information about your business is kept private. There are now law offices that specialize in providing legal documentation and cover for startups, such as Hong Kong- and Singapore-based Dragon Law.

2 – Manage and monitor access levels
If you’re having your website developed externally, know that your webhost and your content management system (CMS) are on separate layers. If you have the option not to give your contractor access to your web hosting account, then don’t give it to them. You can even ask your web host service provider do the setup up for you a barebones CMS installation like WordPress or Drupal if you’re not knowledgeable enough to do it. Some providers can do it as part of your service package. This way, you don’t have to provide your contractor access to your web host — just access to the CMS.

Keep in mind that most CMS have user types and roles. Most development work would require administrator rights but if it’s possible not to grant your contractors that level of access, then don’t. Other people who may be involved in the process may do with limited access. For example, content writers may only need to be able to publish and edit content, but not fiddle with the other parts of your site.

3 – Deploy cloud-based application firewalls
One potential risk when outsourcing administrative control is that you never know when malicious entities could be using your contractors as attack vectors for gaining access to your systems. They might be using compromised systems – such as mobile devices or laptops – that, in turn, could also compromise your own. They might also install or deploy applications or plugins that could potentially have security holes.

A web application firewall will provide an added layer of security, as it will protect against common threats like SQL injection, cross-site scripting, remote file incursion, and illegal resource access, among others. There are cloud-based firewall services that can be used to do this, which even bundle features such as two-factor authentication wherein a verification code is sent to an authorized user’s phone or email so that even if a password leaks, there’s a secondary check to know if the access is legitimate. Cloud-based WAF from Incapsula which also allow you to define custom security rules, which let you enforce your organization’s security policy through a graphical interface.

4 – Use social media management services
It is bad practice to simply hand out your login credentials to your company’s Twitter or Facebook account to others. Keep in mind that their business accounts allow for delegation. You can assign others to post and curate content for the account without needing to hand your own login credentials. Make sure you register to these services using an email you can exclusively access. Enable two-factor authentication for these accounts, too.

To make administration easier, you can subscribe to social media management services like Hootsuite. Not only such services make management of multiple social media services easier, you can also work as a team and delegate levels of access to your contractors while retaining ownership to yourself.

5 – Revoke access upon completion of work
Once a contractor finishes the work, make sure that you lock them out of your system afterwards. If you handed over passwords to certain accounts, be sure to change them. If you granted them their own user access, delete their accounts or revoke their access.

Passwords being leaked are among the common ways accounts get compromised. You should also use strong passwords that include numbers, special characters and different letter cases. Regarding the frequency of password changes, security providers have mixed feelings – some believe that requiring frequent changes is secure, while some prefer two-factor authentication, since frequently-changed passwords only encourage users to write them down or save them somewhere, thus defeating the purpose.

If keeping track of passwords is a problem, you can use a password manager to help you generate and keep secure passwords. Cloud-based services like LastPass offers the convenience of just having to remember one password. If you’re paranoid about putting your account details on the cloud, offline password managers like KeyPass work well.

Security is still your responsibility
You might be surprised that there are still plenty of matters that you need to attend to when outsourcing work. Still, outsourcing does take some matters off your plate so you can focus on other things that will grow the business. Security, however, is always your concern and responsibility. Most contractors are trustworthy enough to value your business, but it pays to always have your bases covered.

sheza-gary

Shezagary has been a Project Strategist since 2009 and also involved in the launching of startups and tech companies in New York for over 5 years. She has keen interest in writing her own experiences about business plans and upcoming business supporting technologies. She loves public speaking.

Our rankings are completely independent, transparent, and community driven; they are based on user reviews and client sentiment. These business process management software companies had to earn their way up and didn't just pay their way up.

View Rankings of Best Business Process Management Software Companies