You Can’t Take It With You!

Safety deposit box

Some Resources

It seems almost daily we hear about big security leaks when hackers gain access to our private data. But there’s also the opposite problem: when you can’t access your own stuff!

What happens if the person with all your website passwords disappears? Think about the possible reasons that could happen. The owner has them all and dies. The IT guy leaves the business in a huff or gets run over by a bus or loses her notebook in a fire or flood. And, not to mention, what happens if domain registrations expire!

What would it cost your business if you lost access to these assets? For mission critical websites the consequences don’t bear thinking about.

It’s important then to develop a plan to protect the business in case the worst happens. Why is it a problem? Can’t you just call the provider, explain the situation and get it sorted? If you could hackers would have a field day! You may even have trouble knowing who the provider is in the first place.

So the big companies will have procedures in place to handle these situations. Don’t be too sure. Even if they did they may not be easy to comply with. Privacy laws and user agreements can make it tough for anybody other than the account owner to get access, even for the next of kin or a business partner.

If the accounts are in a business name, the first step is to find a way to share the account credentials with a trustworthy employee. If the accounts are in an individual’s name, it could get trickier. Even with credentials, an unauthorized access might be in violation of the terms of service (ToS) with implications for criminal or civil charges.

Some ToS agreements may state that ownership disappears when the owner dies! Others, like Twitter, may require a copy of a death certificate and some may require a court order to allow access.

Since we are encouraged to change passwords on some frequency, updating the trusted person may also need some thought. You can keep and update a register of all critical credentials in a password protected app on a password protected smartphone backed up to a password protected file on a password protected computer or cloud account. The trusted person is going to need any updates to all such ‘gateway’ passwords.

Password Manager tools can help when the list of accounts begins to become unwieldy but while they don’t solve access rights issues they might be useful in keeping credentials centralized. The master userid and password for such tools has to be really strong and should be shared with the trusted person.

Some Steps That Might Save The Day

Here are a few simple steps you might want to consider, depending on your circumstances:

  • Share business account information with authorized members of the business.
  • Individuals can put account information in a secure place where access is shared with a responsible person (spouse, adult child, etc.).
  • Don’t forget other accounts, e.g. online banking, payroll, email addresses and so on, and consider Password Managers.
  • Check expiration dates on domain registrations.
  • Ask internet providers for a copy of their policies.
  • In case you run into a domain ownership problem, check the Uniform Domain Name Dispute Resolution policy of ICANN (see sidebar).
  • Check that renewal and expiration notifications from providers go to an up to date email address of yours or other responsible person.
  • Make sure that the notifications email address is independent of any domain names managed by the account.
  • Consult your local Intellectual Property attorney for situations peculiar to your state.
  • Review your insurance coverage.

While this is not intended to be an exhaustive list covering all possibilities, we hope it might be a good start. You can always contact us if you have any questions.