Disgruntled Employees Updating Your Website?!

We have recently helped two of our clients recover from bulk deletions of their website content by disgruntled, terminated employees.

Might this happen to your website? Or perhaps inappropriate posts on your Facebook page or Twitter account?

Here are some suggestions to help guard against such “attacks” and the resulting panic and embarrassment when you discover it has happened to you:

  1. For your website, make sure each employee that can do updates has their own unique login username and password. Do not share admin logins.
  2. For your Facebook page, do not use a shared business account login but instead add each updater’s individual Facebook account as an Admin user at “Content Creator” level or below (not Manager level).
  3. Similarly for access to your LinkedIn company page, Google Plus company page, or other online presences you might have, add each updater’s access separately, do not use a shared login. (Unfortunately, Twitter accounts can only have a single, shared login unless you use a third party app.)
  4. Whenever you show a new employee how to update your website etc., create a new login username and password for them right away, before their training.
  5. Add the following entries to your “Employee Last Day Checklist” or “Termination Checklist” or whatever you call it (you do have one, don’t you?). You might want to perform these tasks immediately when they give notice instead of doing them on their last day:
    • Remove employee’s access to your website(s) admin area.
    • Remove employee’s admin access to your Facebook page, your LinkedIn company page, your Google Plus company page, etc.
    • Change the shared password on your Twitter account and inform remaining Twitter users of the new password.

In both of the recent incidents, our Emerge2 system backups were used to fully recover the deleted contents for our two clients’ websites, but the clients had to first endure the panic that ensued when they discovered the “abuse”, in one case a completely empty website, and not knowing if things would be recoverable.

The above suggestions might help you avoid such an occurrence or reduce the probability of it happening. Of course, each incident is unique and your results might vary, but planning and prevention and often prudent steps to take.