Digital Workplace: Login Lessons Learned From the Ballistic Missile Alert Fiasco
By Elijah Yip
Phones across Hawaii lit up at 8:07 a.m. on January 13, 2018 with an alert that a ballistic missile was hurtling toward the state. Two minutes later, Governor David Ige learned that the alert was mistakenly sent. But it took another excruciating 15 minutes before the governor took to Twitter to clarify that there was “NO missile threat to Hawaii.” Why the delay? Governor Ige later confessed that he forgot his Twitter password.
Companies can learn a lesson or two from the governor’s login woes. Ready access to login credentials for your company’s online assets is crucial. Being locked out of your website, social media accounts, cloud services, and other digital assets can seriously damage your company’s operations and reputation. Securing usernames and passwords is just as important as keeping track of the keys to your office or company safe.
Here are some tips for keeping company login credentials safe and accessible:
1. Designate a location for storing login credentials
Employees authorized to set up or modify an online account on behalf of the company should be instructed to store the login credentials in a designated location. This will prevent a frantic search for account information in mission-critical situations. The designated location can be a file stored in a specific drive or folder. If the file is encrypted – a highly recommended practice – make sure the encryption code is stored in a safe place. In some situations, simply writing down login credentials on a piece of paper can work. Just make sure the paper is stored in a safe and identified location.
2. Ensure access to login credentials to those who need it
Employees who need access to the company’s online accounts should be told where the login credentials for those accounts are stored. Supervisors of employees who regularly use the account should know where the credentials are stored in case those employees separate from the company.
3. Develop a protocol for modifying login credentials
Company policy should clearly articulate procedures for modifying login credentials to company accounts. For example, employees who make the modifications should be required to inform their supervisor in writing about the change and update the account information stored in the designated location.
4. Set up accounts with company email addresses
Employees should not be allowed to use personal email addresses to register online accounts on behalf the company. Only company email addresses should be used to register accounts. If the login name or password for the account needs to be reset, a reset confirmation email is typically sent to the email address under which the account is registered. If the registered email address belongs to an employee, the company might not be able to complete the reset process if the employee (or ex-employee) refuses to cooperate.
5. Specify ownership of online assets
Company policy should clearly specify that any online accounts created for the company are owned by the company, not the employee who registered them. Such a policy is especially necessary for social media accounts, which might seem like they belong to the employee promoting the company using the accounts.
Having login credentials at your fingertips is important to your company’s success, even if the stakes don’t involve warnings of impending disaster.
Elijah Yip is a partner in Cades Schutte’s Litigation Department. He is currently the editor of Hawaii Employment Law Letter, where this article first appeared. In that role, he is also a member of Employers Counsel Network.