Securing your brand

You might be tempted to close this email when I tell you it's about data security and how important passwords are to your brand reputation. 🫣

But don't do that - I'm not going to put you to sleep because I've worked for companies in data security and I know how utterly uninteresting it can be, so I'll try to keep this interesting.

Over a decade ago, I started using a password manager called Lastpass (not an endorsement, just a fact). In setting it up, I let it detect all the saved passwords in my browser (I never do this anymore) and then it told me what I already knew - I was using the same password all over the place.

Fast forward to present day and I was a devoted user of Lastpass until about 3 months ago when I found out there'd been an enormous data breach that exposed my entire vault. The worst part is it happened months before the news broke and the company knew. As soon as I heard what happened and looked into the full extent of what was going on, I took action.

The first step was to find an alternative. The two I considered were Bitwarden and 1Password. I ended up going with 1Password and I can't believe how much I like it. It's better in every way than Lastpass.

I'll spare you the technical details because you have to decide what tools work best for you. I will say this - I had a big job ahead of me:

For more than a decade, I accumulated over 600 passwords. I regularly used the tools they provided to ensure I made long, complex passwords. I ran audits on my vault to make sure I didn't use duplicate passwords on sites I needed to be unique (like my bank accounts).

The data breach I mentioned? That exposed all 600+ passwords. So, the second step was to go through and change all those passwords.

Yikes. 🤦🏼‍♀️

And this gets to the real reason I left Lastpass.

This breach didn't just leave me vulnerable. It left my client data and intellectual property vulnerable to anyone who has access to my passwords. And I'm not the tiniest bit okay with that.

I changed all the most sensitive account passwords right away, and I've been adding multi-factor authentication everywhere it's available to avoid this kind of issue in the future. Pretty soon, I'll have gone through every single account and updated the passwords. 🎉

It's actually been a good process because I'm getting rid of accounts I didn't even remember creating. I do love a good digital declutter!

If you're currently wondering why you should care about passwords, here it is:

This is the world we live in now and if you rely on computers and technology in your business, your most important and first line of defense against any kind of data breach is the passwords you set for your accounts.

I don't want to scare you, though. The truth is, small businesses aren't ideal targets for people who want to exploit passwords from data breaches.

It doesn't mean they won't try, and you don't want to leave yourself vulnerable to them being successful.

In less than 48 hours this week, I received emails from two different companies about login attempts traced to IP addresses in Ireland.

Since I don't use Windows, haven't been hanging out in Dublin or using my VPN to surf the web, I immediately changed my passwords for those accounts.

If I had to choose any accounts for someone to log into, the two they got into—Canva and Grammarly—are among the least likely to create problems for me or anyone connected to me. I'd updated all my most sensitive accounts months before and decided to do it again just to be really sure.

As boring as data security is (massive snoozefest), we're officially stuck having to care about it in the interest of building a brand that has integrity and a solid reputation. And that very much interests me.

Your turn: How's your password game? Do you need to level up or are you pretty secure? Hit reply and let me know!