Categories

Blog

Digital Security

End-of-Year Digital Asset Checklist

  |   Insights   |   No comment

Digital Security

The holiday season is usually pretty quiet for public agencies. It is a mid-year point on the budget, but January does not often kick in new requirements – except for some new legislative triggers – and many people are out of the office. For the city staffer charged with managing the city’s digital assets and communication platforms, the end of the calendar year is a great time to ensure the security and control of online platforms. Use Tripepi Smith’s End-of-Year Digital Asset Checklist to take stock of your website and social media security:

1. Validate your Domain Name Registration and Control

Many agencies have numerous domain names and/or various versions of that domain name (.org/com/net). Keeping track of (and controlling) these domain names is critical. If they expire or the DNS becomes misconfigured, both your website and email services may stop working.

Key Questions to Ask:

How many domain names does your agency own?
Where are these documented? Where are they registered?
Whose name are they registered under?
Do you still have control of the email address associated with the domain registration?
Do you know how to change the DNS entries, or do you have a technology resource who knows how?
Is the credit card in the domain registration provider still active or set to expire soon?
Do you have a good backup email configured for the domain access and registration services?

Tripepi Smith recommends using enterprise-class DNS services from either Amazon Web Service’s Route 53 (https://aws.amazon.com/route53) or Microsoft Azure DNS (https://azure.microsoft.com/en-us/services/dns/). These platforms allow for multi-user control configuration scenarios and provide the most robust DNS services on the market today.

2. Review Your Google Analytics Settings

Google Analytics (https://www.google.com/analytics) is a free tool provided by Google that enables you to track traffic to your website and identify key information such as where visitors are coming from, how they are finding your website and which pages are most popular on your site. The Google Analytics tool is powerful but, in many cases, Tripepi Smith has discovered that our public agency clients are not the primary admins on their Google Analytics. Often, a former website developer has configured and implemented the tool, only to disappear into the horizon, leaving the agency with no control over this key tool.

Key Questions to Ask:

Who is the admin on the Google Analytics (GA) account and are they still employed by the agency?
Is there an agency staff person who is an admin on the GA configuration? Are there former employees with access that need to be removed?
Are you filtering the traffic for certain IP addresses to remove sources of traffic, and did any of those change this year?
If you are using a shared access account to manage GA, do you know who else has access to that and should you reset the password?
Have you implemented two-factor authentication on the Google Account used to manage GA?

Google Analytics plays a key role in managing search engine optimization (SEO) and integrating with Google Search Console (“Webmaster Tools”) and Google AdWords accounts. Proper control and access to this platform is critical to enable next-stage digital strategies for public agencies.

3. Validate Access Rights for Agency Social Media Platforms

Public agencies have often evolved their social media and management philosophy from a single department staffer creating an account to full-on, centralized PIO-managed implementation. But this spectrum of change often means disparate methodologies for access and control of social media have evolved along with the agency’s social media strategy.

Key Questions to Ask:

Have you documented all social media platforms that are “owned” by the agency?
Do you know who should have access to those platforms and do they have access?
When reviewing the access rights to the platforms, are there any former employees who need to have their rights removed?
If you are sharing an account to access a platform, are you aware of who else has access on that tool and when was the password last reset?
Where possible, are you asking people with accounts to configure two-factor authentication to ensure their access to the platform (and, hence, the agency’s platforms) is secure?

Security is often an afterthought for access to social media platforms, especially when just getting content published seems like a struggle–let alone dealing with complex logins. Yet, the public is viewing these platforms as sources of primary actionable information, especially in times of crisis, so proper security and access control on these platforms is essential.

While many of these checklist steps could likely be repeated every month for highly-secure approach, at least one annual checkup over the holidays is a good minimum approach if you have never done this before. Give your agency the gift of digital platform control and security this holiday season. Your organizational leadership will thank you for being forward-thinking.

If you need help with any of these concepts and steps, call on Tripepi Smith’s digital strategists and certified professionals to help you execute these reviews. Contact us today to find out more about how we could help with your organization’s needs.