We packed ourselves into an itty bitty conference room – to have an all hands meeting. The talk given by the managers was unmemorable and seemed to go on forever. After a while, the meeting ended and we headed back to our desks.
At least some of us did.
There were actually two groups – one in the conference room I went to and a second group of coworkers who were asked to leave – they were being laid off from our dot-com.
We realized it soon enough and began trying to figure out who was spared and who had been axed. Our sys admin hadn’t been at the meeting – surely they hadn’t let him go too?
No – he wasn’t let go – he was kept and had been tasked with changing all the passwords on dozens of servers while we were in that meeting – to avoid any of the laid-off employees being able to login again. It was part of the plan.
When you have a website or other critical accounts (like PayPal) where multiple people have access – you need to have a good plan in place – and not just for when things go south.
1. Limit the number of people with access
For your WordPress Dashboard, your PayPal account or any critical account, limit the number of people that have access. Make sure each account is using a strong password. It is important that the email accounts with access to PayPal use strong passwords too.
What makes for a strong password?
- 8 or more numbers, letters, and special characters – 10 or more is even better
- Use a mix of numbers, upper and lowercase letters and symbols
- Do not use common words like password
- Do not use your name, business or non-profit name as any part of the password
- Do not use repeating digits or series like 1111 or 1234
Have a policy in place that specifies who in your business or non-profit needs access to the PayPal account. Limit the number of people with access to the account.
Don’t give more than a couple people the Admin role in WordPress – adding posts requires no more than the Editor role. Remember, people with Admin role can change just about anything on your website.
2. Have a plan for when people leave (or worse)
Have a policy in place to change passwords on critical accounts when people leave or no longer have a need to access those accounts.
3. Keep an eye on the critical accounts
Make it part of your accountant or treasurers job to transfer any received funds out of PayPal (i.e. twice weekly) and into your checking account and to monitor for misuse – ask them to report on their findings as part of their regular duties.
It’s Like Changing the Locks on a House You Just Bought
Using strong passwords and limiting the number of people with access to critical accounts like WordPress Admins or PayPal is like changing the locks on a house you just bought. Chances are it won’t be an issue, but if something unexpected ever happens (like happened at the dot-com I used to work at), you’ll be in a better position to handle it.
