Skip to content

Annual Data and Security Checkup

Picture of Bern Digital

At the start of every year it’s a good idea to review security settings for your business to avoid unauthorized access, fraud, and loss of access to your key channels.

While this list does not take into account every possible risk or channel, it’s a good starting point. In most cases it’s recommended to consult with your attorney, a tax professional, or other legal partner to provide legal advice on the below.

Contents

Two-Factor Authentication

Activate this for any channel that contains sensitive information. By using two methods of verification, you can reduce the risk of unauthorized access to your critical accounts. A list of channels on which this is particularly important include but are not limited to:

  • Paid Advertising Channels
  • Social Media Channels
  • CRM
  • Email Service Providers
  • Databases and Reporting Tools

There are a number of options for 2FA tools, but we recommend one with an expiring code such as Google Authenticator.

Keep Platforms and Apps Updated and Backed Up

Maintaining up-to-date digital applications is critical to security, as platforms are releasing updates to combat new potential threats on a regular basis. This is especially true for your Hubspot and Wordpress platforms, as well as Shopify apps. It's recommended to make these updates as soon as they are available to close any potential vulnerabilities.

In addition, to avoid data loss, it's important to do regular backups of your digital data repositories, websites, and other digital platforms such as your Wordpress website.

If you need help with any of the above, please let us know.

ADA Compliance

There have been a number of law firms specifically targeting websites that do not conform to ADA Guidelines. Checking the list and exploring options for conforming to those guidelines is a good way to potentially avoid risk. We use a platform called Accessibe, which can be seen in the little icon in the bottom right of the Bern Digital website.

If you’re interested, we can arrange for discounted rates on the Accessibe service to ensure you are as protected and compliant as possible.

Clean Up Channel Access

Review access to your digital channels and accounts and ensure that there are no legacy or unauthorized individuals who still have access to your channels. If there are individuals who should not longer have access, remove them ASAP or reach out and if we have the ability we can help you remove them.

Update Passwords

In line with the above, update any passwords that may have been shared or for which prior partners or employees may have to ensure that your accounts are secure.

Review Your Terms and Conditions, Cookie Policy, and Privacy Policy

Ensure that these are kept up to date on a regular basis, and account for all methods through which you may be communicating with your audience and storing their data. Be sure to disclose all pixels, tracking methods, and areas where data is shared with third parties for advertising or otherwise.

Ensure Tracking is Compliant

In some areas it may be necessary to allow users additional control over the cookies and tracking you have in place. It’s worth consulting an attorney to determine if your policies are accurate for your business, and whether or not you need a tool to be compliant in all marketing areas. Many website platforms have built-in consent banners, which can be activated and configured if your legal counsel recommends implementation.

This is a resource that outlines the rise in lawsuits related to this, and may serve as a useful guide to protecting your business.

Be Wary of Emailed Links

Phishing emails are more prevalent than ever. Be cautious clicking on links that may appear to be from a tool or platform that request you to log in or share sensitive information. If you are ever concerned that a link may be fraudulent, go directly to the website or app and log in to check for notifications rather than clicking on an email.

Seek Verbal Authorization For Secure Matters

There have been well documented cases of employees or vendors spoofing emails asking for payment or funds. Be wary of any communications from what may appear to be team members asking for monetary transfers, gift card purchases, or otherwise. Seek verbal verification on any matters like this to avoid fraud.

 

Note: The above is not legal advice, but rather guidance to help you determine where and how you need to engage the proper parties to implement services that will help protect your business.